Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          13/8HcHTdQEOodI9HsW0uhJYE6/0K+CwQs4KrP3IFEI=
Subject key identifier:   D6:9C:40:59:8A:0C:22:96:DF:CB:D7:D0:69:58:90:E7:E3:32:69:28
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5EDA3227F4AD83F52CD6DC5E84C33CB07B47AF18
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
Signing time:             Fri 24 May 2024 14:05:16 +0000
ROA not before:           Fri 24 May 2024 14:00:16 +0000
ROA not after:            Fri 23 May 2025 14:05:16 +0000
asID:                     399486
IP address blocks:        85.209.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:da:32:27:f4:ad:83:f5:2c:d6:dc:5e:84:c3:3c:b0:7b:47:af:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 24 14:00:16 2024 GMT
            Not After : May 23 14:05:16 2025 GMT
        Subject: CN=D69C40598A0C2296DFCBD7D0695890E7E3326928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2e:58:33:89:5a:eb:24:81:91:38:e9:d9:f8:
                    59:2c:5a:9b:e5:d8:02:ce:a5:cc:25:99:94:08:5b:
                    19:8f:7c:fa:d5:c5:7b:f3:3a:21:97:35:e8:21:a5:
                    c3:f5:27:8e:62:ce:f4:bd:0f:1a:53:71:8c:1d:8f:
                    24:de:8b:17:c4:00:2b:78:df:e8:74:16:47:ac:06:
                    19:33:db:61:27:38:ff:a7:91:52:b6:ca:53:f7:46:
                    c0:0d:9c:be:39:85:3e:2f:fa:e9:e4:a8:85:f0:4b:
                    0c:31:53:11:12:c2:4a:7b:3b:68:74:69:a3:5f:09:
                    9b:45:d9:48:16:02:03:5d:f5:03:92:88:ac:f8:20:
                    f4:06:ea:87:5b:62:0a:b5:f4:cc:3a:9e:49:e8:53:
                    c1:6f:9c:ff:7c:4d:3b:2a:90:d3:31:e5:ec:6c:85:
                    14:83:10:89:c0:43:3f:9d:87:07:01:77:ab:c2:46:
                    03:54:8b:10:5b:c9:9c:2e:a9:0b:0d:ab:73:56:05:
                    51:6f:2b:dc:89:ab:1c:4c:b9:3a:af:10:dd:f5:19:
                    2e:48:bb:17:60:a5:0a:0e:50:27:ab:28:26:4d:ad:
                    0f:8e:38:bc:2c:e5:66:c6:11:60:e3:36:c0:ff:34:
                    df:da:65:a3:15:3b:3e:26:3e:a8:a2:63:bf:88:4e:
                    17:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:9C:40:59:8A:0C:22:96:DF:CB:D7:D0:69:58:90:E7:E3:32:69:28
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:b6:ba:d2:9f:4b:c4:5a:11:93:77:c6:e3:23:ca:6d:ff:7b:
         0e:12:06:b9:ee:02:d3:96:d2:2b:49:e9:c1:55:bf:50:57:2f:
         67:8d:eb:43:78:c7:8b:b2:21:84:10:be:1b:6d:9b:4e:8f:2d:
         87:66:70:97:c7:a4:37:4c:d8:84:65:f7:5a:e6:3f:33:6d:51:
         50:b3:5b:a2:3e:31:f9:05:84:e1:19:32:83:a4:76:01:c5:5b:
         aa:74:1b:e1:8b:80:ce:24:d2:3b:43:c6:33:cf:b7:fe:5c:3b:
         84:9b:ca:aa:e0:ea:44:a2:3e:4e:ae:3e:6d:00:21:c4:66:74:
         29:46:2c:76:5a:f8:58:ec:76:9d:43:f1:31:ab:a7:20:42:35:
         92:4c:0a:b2:ce:b7:a0:6c:bd:8a:b0:ed:1d:d3:f8:53:40:d4:
         14:cb:60:f9:d3:1e:40:81:57:e2:ae:f5:7d:41:f6:98:4d:bc:
         c8:b8:9f:84:3f:4c:95:54:f9:5e:91:07:24:80:91:2d:4f:be:
         f1:0b:1f:4a:ae:52:8a:96:5d:10:fd:d0:58:7a:15:b6:75:37:
         4e:8e:3a:5c:74:e1:d2:48:73:bd:49:b9:44:90:cb:30:9e:8b:
         80:18:5f:cd:d7:47:60:4b:94:5a:7d:5b:f5:dd:ed:8f:04:a8:
         ce:9f:a5:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXtoyJ/Stg/Us1txehMM8sHtHrxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjQxNDAwMTZaFw0yNTA1MjMxNDA1MTZaMDMxMTAvBgNV
BAMTKEQ2OUM0MDU5OEEwQzIyOTZERkNCRDdEMDY5NTg5MEU3RTMzMjY5MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRLlgziVrrJIGROOnZ+FksWpvl
2ALOpcwlmZQIWxmPfPrVxXvzOiGXNeghpcP1J45izvS9DxpTcYwdjyTeixfEACt4
3+h0FkesBhkz22EnOP+nkVK2ylP3RsANnL45hT4v+unkqIXwSwwxUxESwkp7O2h0
aaNfCZtF2UgWAgNd9QOSiKz4IPQG6odbYgq19Mw6nknoU8FvnP98TTsqkNMx5exs
hRSDEInAQz+dhwcBd6vCRgNUixBbyZwuqQsNq3NWBVFvK9yJqxxMuTqvEN31GS5I
uxdgpQoOUCerKCZNrQ+OOLws5WbGEWDjNsD/NN/aZaMVOz4mPqiiY7+IThc5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1pxAWYoMIpbfy9fQaViQ5+MyaSgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGw
MA0GCSqGSIb3DQEBCwUAA4IBAQActrrSn0vEWhGTd8bjI8pt/3sOEga57gLTltIr
SenBVb9QVy9njetDeMeLsiGEEL4bbZtOjy2HZnCXx6Q3TNiEZfda5j8zbVFQs1ui
PjH5BYThGTKDpHYBxVuqdBvhi4DOJNI7Q8Yzz7f+XDuEm8qq4OpEoj5Orj5tACHE
ZnQpRix2WvhY7HadQ/Exq6cgQjWSTAqyzregbL2KsO0d0/hTQNQUy2D50x5AgVfi
rvV9QfaYTbzIuJ+EP0yVVPlekQckgJEtT77xCx9KrlKKll0Q/dBYehW2dTdOjjpc
dOHSSHO9SblEkMswnouAGF/N10dgS5RafVv13e2PBKjOn6XM
-----END CERTIFICATE-----