Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          cOj3yF9AAG6c7JLSFrJSVGU5ZoYCJFYML/+Q3d7E3Kk=
Subject key identifier:   CC:37:0B:56:A5:D9:BB:5E:4A:66:72:8B:BB:74:69:8A:ED:9F:79:94
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       66047BC3C4E7E1D3E7B47D83A8F0F43BFEED39AC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
Signing time:             Mon 02 Dec 2024 16:43:28 +0000
ROA not before:           Mon 02 Dec 2024 16:38:28 +0000
ROA not after:            Mon 01 Dec 2025 16:43:28 +0000
asID:                     400909
IP address blocks:        45.139.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:04:7b:c3:c4:e7:e1:d3:e7:b4:7d:83:a8:f0:f4:3b:fe:ed:39:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  2 16:38:28 2024 GMT
            Not After : Dec  1 16:43:28 2025 GMT
        Subject: CN=CC370B56A5D9BB5E4A66728BBB74698AED9F7994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:82:51:38:87:ad:14:68:f2:d2:b1:9b:cc:7d:
                    df:6d:c4:53:db:7c:45:0f:63:2f:5a:e7:76:e9:b7:
                    12:ae:0b:96:80:3f:4f:bb:20:1c:5e:95:99:0d:fc:
                    f7:d9:2b:06:08:fd:bd:cc:a6:5d:ae:0b:3b:73:c7:
                    bf:23:09:f5:bb:99:f8:2d:0d:e2:2d:b3:59:3c:35:
                    76:d2:a7:76:8f:85:1c:df:d0:8f:3f:89:a4:84:03:
                    db:e2:76:b3:95:96:f6:03:30:3f:23:39:70:73:be:
                    48:3d:b6:5a:56:3f:f3:90:1a:71:04:d4:73:1c:84:
                    8b:41:76:6c:0b:16:ef:cf:6d:83:c9:77:c1:1a:90:
                    7b:db:af:8f:31:fb:4d:42:37:b3:c3:ac:c0:6e:08:
                    89:49:99:08:e9:1c:f7:75:f3:1d:0e:c3:cc:7a:6e:
                    a3:b9:d0:29:b1:f7:e3:d0:fe:b5:63:33:aa:ff:79:
                    28:20:df:3a:13:53:51:e2:61:a7:be:9a:5e:ce:97:
                    1c:b8:2f:18:55:9f:13:15:6b:97:d6:c1:4a:93:c6:
                    e8:bf:40:22:49:eb:48:f9:cc:74:8f:85:01:ef:40:
                    96:2a:e7:a0:09:e8:e0:52:b5:c5:a3:2b:d3:ba:ab:
                    15:ed:1f:45:43:17:09:35:05:95:3a:fa:91:c3:30:
                    3e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:37:0B:56:A5:D9:BB:5E:4A:66:72:8B:BB:74:69:8A:ED:9F:79:94
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:ea:e7:42:97:09:aa:d7:bd:9f:b7:c2:46:3a:aa:94:7e:ef:
         6e:0e:d2:7e:04:5f:bc:6f:77:7f:fd:87:d7:42:be:38:ce:36:
         38:af:8d:fe:5e:c5:0e:f4:87:3a:f9:d9:fb:18:5c:2a:98:08:
         29:4d:b1:d5:e1:e1:27:46:c2:bd:08:7d:48:70:23:3c:d4:34:
         83:9a:0d:a0:2a:a2:80:67:2f:75:79:6a:c6:73:b5:de:d5:91:
         28:b4:a3:1b:c4:26:26:2e:07:9c:e2:97:1b:75:e3:ec:21:ed:
         94:05:15:04:a2:f7:f6:39:f8:ae:6a:4c:4e:dd:7d:df:f4:4d:
         6f:9d:e9:57:f3:f6:af:d9:90:a2:fe:d6:2e:1e:14:b4:2b:0b:
         64:5a:da:91:be:6d:04:e3:5c:bf:e2:4d:85:5c:b0:33:95:11:
         ec:ce:dd:e2:81:67:42:91:18:2d:aa:5e:d1:1a:43:e0:14:bb:
         43:da:da:eb:59:df:26:a0:b6:4b:f1:54:96:0f:b2:39:fd:7a:
         ad:a0:ab:66:38:dd:a2:0a:5b:50:d0:54:07:89:5b:17:03:3b:
         cd:99:52:a9:1d:5b:67:ac:80:92:8d:78:d7:5b:c8:79:d0:a8:
         32:bb:82:18:33:8a:3b:42:bd:5c:47:32:d7:d7:59:c5:e1:bc:
         86:0c:38:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZgR7w8Tn4dPntH2DqPD0O/7tOawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDIxNjM4MjhaFw0yNTEyMDExNjQzMjhaMDMxMTAvBgNV
BAMTKENDMzcwQjU2QTVEOUJCNUU0QTY2NzI4QkJCNzQ2OThBRUQ5Rjc5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrglE4h60UaPLSsZvMfd9txFPb
fEUPYy9a53bptxKuC5aAP0+7IBxelZkN/PfZKwYI/b3Mpl2uCztzx78jCfW7mfgt
DeIts1k8NXbSp3aPhRzf0I8/iaSEA9vidrOVlvYDMD8jOXBzvkg9tlpWP/OQGnEE
1HMchItBdmwLFu/PbYPJd8EakHvbr48x+01CN7PDrMBuCIlJmQjpHPd18x0Ow8x6
bqO50Cmx9+PQ/rVjM6r/eSgg3zoTU1HiYae+ml7Olxy4LxhVnxMVa5fWwUqTxui/
QCJJ60j5zHSPhQHvQJYq56AJ6OBStcWjK9O6qxXtH0VDFwk1BZU6+pHDMD7XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUzDcLVqXZu15KZnKLu3Rpiu2feZQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYu2
MA0GCSqGSIb3DQEBCwUAA4IBAQBY6udClwmq172ft8JGOqqUfu9uDtJ+BF+8b3d/
/YfXQr44zjY4r43+XsUO9Ic6+dn7GFwqmAgpTbHV4eEnRsK9CH1IcCM81DSDmg2g
KqKAZy91eWrGc7Xe1ZEotKMbxCYmLgec4pcbdePsIe2UBRUEovf2OfiuakxO3X3f
9E1vnelX8/av2ZCi/tYuHhS0KwtkWtqRvm0E41y/4k2FXLAzlRHszt3igWdCkRgt
ql7RGkPgFLtD2trrWd8moLZL8VSWD7I5/XqtoKtmON2iCltQ0FQHiVsXAzvNmVKp
HVtnrICSjXjXW8h50Kgyu4IYM4o7Qr1cRzLX11nF4byGDDh1
-----END CERTIFICATE-----