Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          SIR3d3hpxkYpAF+rVY+wQuNB4+NNB1Pa+n87IpUxVag=
Subject key identifier:   AA:45:5A:F5:1F:3F:CE:97:ED:C9:12:12:6B:91:65:BA:9B:11:F1:7A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0FE654D033635213CDBA82C0D005C2A24C512E1E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS23470.roa
Signing time:             Wed 21 Feb 2024 10:03:28 +0000
ROA not before:           Wed 21 Feb 2024 09:58:28 +0000
ROA not after:            Wed 19 Feb 2025 10:03:28 +0000
asID:                     23470
IP address blocks:        192.166.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:38:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e6:54:d0:33:63:52:13:cd:ba:82:c0:d0:05:c2:a2:4c:51:2e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 21 09:58:28 2024 GMT
            Not After : Feb 19 10:03:28 2025 GMT
        Subject: CN=AA455AF51F3FCE97EDC912126B9165BA9B11F17A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6a:29:b6:0a:60:f1:03:d6:de:48:33:d8:b9:
                    c8:46:6f:4f:34:89:de:a9:75:41:9d:7d:0c:b3:05:
                    77:97:0c:a4:af:18:4c:64:0a:d1:b7:e0:ac:a0:ce:
                    f8:7d:22:95:a3:b7:25:e8:c0:18:63:8b:3b:f0:1a:
                    9d:75:b7:40:b4:c5:c0:7a:a9:1f:15:10:ff:1f:76:
                    49:d8:82:f8:ba:5b:9e:e7:93:1b:cb:d9:ee:60:1a:
                    e3:1d:d2:a0:0a:04:dd:29:b7:d2:13:2f:4d:55:e0:
                    f3:a9:be:1e:b7:e9:4d:1e:96:c5:fd:83:5c:3c:80:
                    c2:84:d2:b0:fe:32:86:ed:ec:fe:23:c9:16:04:8b:
                    89:17:60:5b:ff:29:08:26:d9:45:a3:c7:f9:af:d5:
                    d6:72:71:ba:81:8d:12:58:2b:38:e1:01:33:66:d0:
                    aa:ae:e6:3e:3b:ca:76:11:c2:cc:3e:96:3d:f1:b2:
                    2b:2b:cb:53:f0:77:e8:5b:e5:02:ef:61:09:c8:e0:
                    29:b9:72:b2:5b:9c:84:7b:db:81:d6:4d:ab:68:00:
                    87:5d:c7:b8:e2:64:88:21:59:f0:93:41:19:4c:8b:
                    58:79:7a:05:ec:1e:ab:5a:17:ec:8e:a4:69:fd:af:
                    51:92:51:b5:64:03:03:21:e6:88:f8:9e:6c:9b:4d:
                    40:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:45:5A:F5:1F:3F:CE:97:ED:C9:12:12:6B:91:65:BA:9B:11:F1:7A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c1:01:6b:a9:a9:ce:29:aa:24:eb:e4:e0:8f:c6:0f:f9:54:
         f8:b5:0c:69:b4:6b:5b:45:6e:03:2d:d8:8b:c8:f6:6d:c6:9d:
         6f:26:f1:38:2f:d0:bf:f5:bc:4b:97:89:c6:01:6e:be:fe:e8:
         5d:c2:b9:75:78:cd:10:57:0a:2e:d2:58:20:cf:57:d3:f3:81:
         ed:30:4e:72:4e:88:64:cf:19:ae:2c:a2:53:bd:39:b1:b2:f7:
         ca:e4:c9:0b:22:c4:50:d7:ed:df:06:25:2d:67:06:a2:57:7c:
         09:e8:15:4d:6f:b2:16:ff:c3:50:fc:a1:82:33:5e:95:38:d1:
         85:bb:99:1f:e1:d0:db:19:72:39:06:0e:aa:9c:13:94:47:8e:
         87:26:78:b6:4b:b1:33:9b:f8:9c:71:45:a9:0d:cf:77:47:a1:
         1c:b8:fc:08:ca:10:d4:67:c9:fd:ff:89:24:82:6e:58:37:48:
         16:65:55:98:d3:3c:63:4d:ed:b8:32:b3:87:fa:0f:a9:89:f0:
         5e:00:e0:26:c3:e3:c6:0e:ce:a1:6b:05:c9:dd:70:96:2e:8a:
         37:fa:f7:48:19:01:ed:b5:12:15:ad:3f:2b:70:15:e3:5c:fa:
         8b:fa:76:38:67:c4:a6:70:9b:87:b5:63:e4:44:23:7e:36:51:
         8c:97:12:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUD+ZU0DNjUhPNuoLA0AXCokxRLh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjEwOTU4MjhaFw0yNTAyMTkxMDAzMjhaMDMxMTAvBgNV
BAMTKEFBNDU1QUY1MUYzRkNFOTdFREM5MTIxMjZCOTE2NUJBOUIxMUYxN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaaim2CmDxA9beSDPYuchGb080
id6pdUGdfQyzBXeXDKSvGExkCtG34Kygzvh9IpWjtyXowBhjizvwGp11t0C0xcB6
qR8VEP8fdknYgvi6W57nkxvL2e5gGuMd0qAKBN0pt9ITL01V4POpvh636U0elsX9
g1w8gMKE0rD+Mobt7P4jyRYEi4kXYFv/KQgm2UWjx/mv1dZycbqBjRJYKzjhATNm
0Kqu5j47ynYRwsw+lj3xsisry1Pwd+hb5QLvYQnI4Cm5crJbnIR724HWTatoAIdd
x7jiZIghWfCTQRlMi1h5egXsHqtaF+yOpGn9r1GSUbVkAwMh5oj4nmybTUA7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqkVa9R8/zpftyRISa5FlupsR8XowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADAplIw
DQYJKoZIhvcNAQELBQADggEBABTBAWupqc4pqiTr5OCPxg/5VPi1DGm0a1tFbgMt
2IvI9m3GnW8m8Tgv0L/1vEuXicYBbr7+6F3CuXV4zRBXCi7SWCDPV9Pzge0wTnJO
iGTPGa4solO9ObGy98rkyQsixFDX7d8GJS1nBqJXfAnoFU1vshb/w1D8oYIzXpU4
0YW7mR/h0NsZcjkGDqqcE5RHjocmeLZLsTOb+JxxRakNz3dHoRy4/AjKENRnyf3/
iSSCblg3SBZlVZjTPGNN7bgys4f6D6mJ8F4A4CbD48YOzqFrBcndcJYuijf690gZ
Ae21EhWtPytwFeNc+ov6djhnxKZwm4e1Y+REI342UYyXEoc=
-----END CERTIFICATE-----