Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199765.roa
File:                     AS199765.roa (raw, json)
Hash identifier:          a6NKHuE5V3hBCDh8wGG1/9NqaxncdNpjpEvB9fT+Y4Q=
Subject key identifier:   D5:86:76:B5:74:42:CB:4E:87:79:46:11:63:FF:1D:42:4D:0D:9B:C9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2799FD2324D15BE513059661F6751C37446E2B3F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199765.roa
Signing time:             Tue 30 Jan 2024 20:05:08 +0000
ROA not before:           Tue 30 Jan 2024 20:00:08 +0000
ROA not after:            Tue 28 Jan 2025 20:05:08 +0000
asID:                     199765
IP address blocks:        45.158.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:99:fd:23:24:d1:5b:e5:13:05:96:61:f6:75:1c:37:44:6e:2b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 30 20:00:08 2024 GMT
            Not After : Jan 28 20:05:08 2025 GMT
        Subject: CN=D58676B57442CB4E8779461163FF1D424D0D9BC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b2:7c:8f:03:56:a6:d0:8b:38:bb:2e:5c:a0:
                    95:f1:b6:3f:b0:45:f3:ca:b6:3d:4c:1c:dd:c9:d9:
                    36:17:f9:10:42:20:9c:15:da:88:f3:a3:29:e7:59:
                    a1:da:ec:60:cf:a1:91:6f:4b:d1:ff:a1:f4:8b:66:
                    ba:8e:e1:18:41:e4:67:d7:e2:01:74:2c:fb:a7:fc:
                    c4:aa:cc:29:a6:a4:58:25:59:05:cf:03:27:3f:b4:
                    e9:9f:29:65:99:5c:38:73:d2:a9:d2:fd:e7:ce:61:
                    78:19:ff:ab:e9:aa:8b:01:e6:1c:0f:70:35:3b:4d:
                    72:21:2f:ee:d6:9d:4a:d8:13:99:c7:49:e6:70:fd:
                    9d:01:f9:af:ed:c2:2b:8f:ee:af:c1:46:8e:7a:92:
                    ec:95:ff:8e:65:b9:60:c9:7b:97:ee:dc:d7:af:e5:
                    c1:0a:87:56:29:2e:fd:56:91:f3:dd:de:c3:58:99:
                    e0:ee:a9:e0:67:f3:5d:54:59:22:d7:a0:e4:b4:98:
                    31:8a:6d:82:24:fa:4f:e7:9e:47:4e:26:e7:a5:68:
                    da:8c:77:90:37:0f:06:45:fe:9c:5a:d8:77:5e:23:
                    1a:6f:cb:7f:e7:83:57:0b:c4:d6:4b:70:4a:a6:cc:
                    86:2c:d4:94:5a:c5:de:4b:43:49:59:0a:1d:c3:e8:
                    06:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:86:76:B5:74:42:CB:4E:87:79:46:11:63:FF:1D:42:4D:0D:9B:C9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199765.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:75:92:f2:43:0c:91:78:a7:38:d6:69:f3:79:69:d3:ed:e2:
         81:22:61:b1:b8:b7:20:99:dc:1f:26:35:1c:52:cb:2c:95:88:
         18:98:16:da:13:bb:bf:2c:2c:44:59:ee:63:c0:80:c1:7c:b0:
         48:45:d4:94:d6:7b:93:a9:aa:8c:6e:be:ae:4c:15:34:70:27:
         d0:55:7a:9d:4a:38:27:d4:e1:c7:18:41:bd:cd:a1:5e:8d:f2:
         28:50:94:77:d5:60:9d:df:a4:6e:5e:48:bd:ca:e3:14:9f:1e:
         db:10:34:4e:5d:a9:f5:a5:de:26:47:4a:9e:64:83:b9:37:8b:
         24:a0:cb:c5:03:33:c3:1f:17:86:f9:73:e3:eb:b3:30:8e:06:
         88:c4:cc:5c:32:fd:0e:8b:9f:9c:6c:99:d4:8d:64:3b:50:57:
         45:6e:54:40:d0:bc:2b:07:93:26:03:a1:17:db:22:99:dd:5f:
         46:10:92:6f:92:98:b6:b9:28:8e:f2:af:b5:ff:b7:d9:9e:63:
         1f:33:ce:64:32:15:82:89:57:16:1f:63:11:2e:0a:45:0a:9f:
         8c:97:f9:20:7c:36:0b:43:49:69:71:dd:bd:bc:dc:2b:01:7f:
         cd:aa:9d:9b:50:eb:ea:eb:b6:0c:ad:25:5b:f0:54:b4:12:c0:
         15:04:f4:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJ5n9IyTRW+UTBZZh9nUcN0RuKz8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMzAyMDAwMDhaFw0yNTAxMjgyMDA1MDhaMDMxMTAvBgNV
BAMTKEQ1ODY3NkI1NzQ0MkNCNEU4Nzc5NDYxMTYzRkYxRDQyNEQwRDlCQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgsnyPA1am0Is4uy5coJXxtj+w
RfPKtj1MHN3J2TYX+RBCIJwV2ojzoynnWaHa7GDPoZFvS9H/ofSLZrqO4RhB5GfX
4gF0LPun/MSqzCmmpFglWQXPAyc/tOmfKWWZXDhz0qnS/efOYXgZ/6vpqosB5hwP
cDU7TXIhL+7WnUrYE5nHSeZw/Z0B+a/twiuP7q/BRo56kuyV/45luWDJe5fu3Nev
5cEKh1YpLv1WkfPd3sNYmeDuqeBn811UWSLXoOS0mDGKbYIk+k/nnkdOJuelaNqM
d5A3DwZF/pxa2HdeIxpvy3/ng1cLxNZLcEqmzIYs1JRaxd5LQ0lZCh3D6AbDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1YZ2tXRCy06HeUYRY/8dQk0Nm8kwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTk5NzY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4J
MA0GCSqGSIb3DQEBCwUAA4IBAQBldZLyQwyReKc41mnzeWnT7eKBImGxuLcgmdwf
JjUcUssslYgYmBbaE7u/LCxEWe5jwIDBfLBIRdSU1nuTqaqMbr6uTBU0cCfQVXqd
Sjgn1OHHGEG9zaFejfIoUJR31WCd36RuXki9yuMUnx7bEDROXan1pd4mR0qeZIO5
N4skoMvFAzPDHxeG+XPj67MwjgaIxMxcMv0Oi5+cbJnUjWQ7UFdFblRA0LwrB5Mm
A6EX2yKZ3V9GEJJvkpi2uSiO8q+1/7fZnmMfM85kMhWCiVcWH2MRLgpFCp+Ml/kg
fDYLQ0lpcd29vNwrAX/Nqp2bUOvq67YMrSVb8FS0EsAVBPTo
-----END CERTIFICATE-----