Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          c+9+1hPKC1GPxwA49T+RSyrNvhVXS8FElt93q5oip0c=
Subject key identifier:   CD:0D:06:81:DA:B6:8E:24:D2:55:5A:FF:EA:B3:69:C7:49:D6:E6:0D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6D156A77DA49A90A6C095E5AD75088F7BE7B3742
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
Signing time:             Tue 29 Apr 2025 07:00:08 +0000
ROA not before:           Tue 29 Apr 2025 06:55:08 +0000
ROA not after:            Tue 28 Apr 2026 07:00:08 +0000
asID:                     20473
IP address blocks:        91.124.177.0/24 maxlen: 24
                          92.112.58.0/24 maxlen: 24
                          95.135.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 03:37:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:15:6a:77:da:49:a9:0a:6c:09:5e:5a:d7:50:88:f7:be:7b:37:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 29 06:55:08 2025 GMT
            Not After : Apr 28 07:00:08 2026 GMT
        Subject: CN=CD0D0681DAB68E24D2555AFFEAB369C749D6E60D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4c:b6:b4:aa:ae:2c:99:24:47:fb:64:94:4d:
                    58:20:8f:ff:b6:3c:27:64:aa:ab:2c:61:bc:93:26:
                    0b:67:32:e7:d3:59:be:e7:b3:32:19:8d:68:1e:12:
                    6b:61:20:b5:0c:e9:d3:92:77:ce:1f:c5:c7:f1:7b:
                    69:ad:e2:f2:8d:f0:1f:c2:0f:e8:e0:5c:4a:c7:fc:
                    24:88:93:4d:75:f8:4d:c9:b3:32:a1:e3:a1:1b:4d:
                    f8:bb:6f:62:5b:49:db:3f:bc:16:bb:1f:4a:86:ae:
                    2f:b4:3b:38:24:fa:d4:66:55:56:89:55:c9:ca:d7:
                    f5:1f:0f:a4:4a:48:ee:2c:47:79:0d:8e:96:c8:f5:
                    5e:bf:68:97:eb:01:12:cc:2c:8c:0a:e5:f6:77:1f:
                    03:76:17:84:80:92:50:b3:65:cc:aa:38:af:bd:b3:
                    9f:1d:18:c6:42:02:ed:fd:fa:f4:1e:95:80:68:05:
                    7e:3d:ce:91:42:ee:c0:1b:92:45:f3:81:33:27:87:
                    d6:4c:e6:c5:e4:51:cb:a3:ec:66:b9:16:64:3b:3a:
                    ff:8b:a3:ca:fd:ae:fd:94:5a:c7:de:b1:1c:b4:89:
                    89:fd:7a:9e:96:8a:42:da:ac:09:68:63:c1:2d:df:
                    48:1d:a6:fe:19:63:7c:bf:3a:09:32:29:97:62:b1:
                    d6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0D:06:81:DA:B6:8E:24:D2:55:5A:FF:EA:B3:69:C7:49:D6:E6:0D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.177.0/24
                  92.112.58.0/24
                  95.135.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:37:0a:6d:36:07:02:72:3b:be:fb:7a:bd:0a:cd:d7:bb:95:
         0a:d3:51:aa:ff:c7:b3:f5:ad:94:69:5f:07:60:e9:45:3a:82:
         26:78:66:dc:f5:05:32:f1:2b:2b:6a:18:5a:17:c0:7c:a0:6e:
         e2:bd:b6:cb:df:42:a9:67:db:ff:01:e5:dd:7a:9a:d0:86:93:
         a1:cd:75:ab:5b:51:d3:86:56:c1:41:4f:10:90:92:d3:22:13:
         35:d3:77:5f:0d:63:58:70:91:a7:7e:27:0a:13:17:a7:20:58:
         8f:81:7c:a3:a1:b5:1b:4e:18:b3:6e:68:2b:5d:6d:4d:86:18:
         d0:7c:fb:0a:39:8e:56:c2:f1:6d:fc:17:dc:17:59:2d:c1:29:
         a3:cd:80:62:5d:98:da:11:90:5c:ee:ee:49:fb:53:5d:14:cc:
         8b:b4:f9:bc:80:94:70:ef:4e:c0:7e:60:ad:a8:e4:c1:69:19:
         8e:a5:19:e3:07:4f:74:37:17:21:1b:ba:bf:0d:ca:5b:23:d1:
         2a:73:80:0d:25:36:55:69:b1:c4:6e:f0:f4:ff:e7:59:98:2d:
         8b:76:b9:75:a9:80:c8:75:f5:f8:da:ae:91:ab:9c:96:4c:13:
         c8:9d:f0:71:02:56:b8:b4:b6:2d:07:4e:eb:5b:2c:8f:15:1a:
         59:48:1d:e2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUbRVqd9pJqQpsCV5a11CI9757N0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjkwNjU1MDhaFw0yNjA0MjgwNzAwMDhaMDMxMTAvBgNV
BAMTKENEMEQwNjgxREFCNjhFMjREMjU1NUFGRkVBQjM2OUM3NDlENkU2MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLTLa0qq4smSRH+2SUTVggj/+2
PCdkqqssYbyTJgtnMufTWb7nszIZjWgeEmthILUM6dOSd84fxcfxe2mt4vKN8B/C
D+jgXErH/CSIk011+E3JszKh46EbTfi7b2JbSds/vBa7H0qGri+0Ozgk+tRmVVaJ
VcnK1/UfD6RKSO4sR3kNjpbI9V6/aJfrARLMLIwK5fZ3HwN2F4SAklCzZcyqOK+9
s58dGMZCAu39+vQelYBoBX49zpFC7sAbkkXzgTMnh9ZM5sXkUcuj7Ga5FmQ7Ov+L
o8r9rv2UWsfesRy0iYn9ep6WikLarAloY8Et30gdpv4ZY3y/OgkyKZdisdZXAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUzQ0Ggdq2jiTSVVr/6rNpx0nW5g0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABbfLED
BABccDoDBABfh/wwDQYJKoZIhvcNAQELBQADggEBAHI3Cm02BwJyO777er0Kzde7
lQrTUar/x7P1rZRpXwdg6UU6giZ4Ztz1BTLxKytqGFoXwHygbuK9tsvfQqln2/8B
5d16mtCGk6HNdatbUdOGVsFBTxCQktMiEzXTd18NY1hwkad+JwoTF6cgWI+BfKOh
tRtOGLNuaCtdbU2GGNB8+wo5jlbC8W38F9wXWS3BKaPNgGJdmNoRkFzu7kn7U10U
zIu0+byAlHDvTsB+YK2o5MFpGY6lGeMHT3Q3FyEbur8Nylsj0SpzgA0lNlVpscRu
8PT/51mYLYt2uXWpgMh19fjarpGrnJZME8id8HECVri0ti0HTutbLI8VGllIHeI=
-----END CERTIFICATE-----