Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          +p/WMn0PTg+7wtN2J+BW7xn2V210kGK69RyparR+2yM=
Subject key identifier:   C2:9A:CD:C3:2D:AE:F7:6F:77:1A:FC:34:B9:7A:0C:E0:AA:0F:28:54
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5BCF7712EE772271047E16B815791C3D5700CDD0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS40676.roa
Signing time:             Mon 11 Mar 2024 00:56:53 +0000
ROA not before:           Mon 11 Mar 2024 00:51:53 +0000
ROA not after:            Mon 10 Mar 2025 00:56:53 +0000
asID:                     40676
IP address blocks:        193.164.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 09:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:cf:77:12:ee:77:22:71:04:7e:16:b8:15:79:1c:3d:57:00:cd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 11 00:51:53 2024 GMT
            Not After : Mar 10 00:56:53 2025 GMT
        Subject: CN=C29ACDC32DAEF76F771AFC34B97A0CE0AA0F2854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:86:63:a4:41:e0:4b:9a:81:1e:64:97:cb:d5:
                    4b:8d:46:c0:a1:57:d3:ef:83:58:bf:a5:66:65:09:
                    95:b2:59:23:1e:8d:14:1c:74:d4:12:ae:16:9a:e4:
                    97:bc:94:4a:95:96:f5:8e:d4:fe:26:d5:63:1b:4b:
                    d3:a3:24:7d:2e:ba:b3:a6:c3:42:d3:24:a3:7b:31:
                    aa:47:a6:e3:8f:65:bc:d7:c6:7b:7a:13:3f:24:76:
                    90:75:e8:6b:e1:f9:e1:ba:b1:33:7a:48:3f:1a:68:
                    88:a5:7c:18:c0:82:fa:99:cc:af:4e:ce:57:4c:22:
                    6f:86:19:ec:8f:53:53:75:13:e3:23:b3:1f:80:81:
                    a4:0d:f1:9a:65:c1:b9:8a:14:87:a6:47:19:13:77:
                    87:ab:9c:75:08:36:2f:8f:e6:90:7b:e4:03:b3:98:
                    d1:6f:c1:65:09:c5:ab:11:8c:7e:9d:55:32:7d:4b:
                    6f:a6:b1:41:91:d2:18:50:97:ae:b2:9e:5b:53:bb:
                    ba:36:c2:bf:23:53:32:b0:f7:df:b4:dc:15:92:e3:
                    64:d7:c8:c8:ed:33:8d:72:93:9d:6d:08:28:b0:a4:
                    20:93:f9:0f:7d:c8:9d:6f:34:c2:19:55:12:47:87:
                    88:4e:57:da:cb:e7:04:0a:aa:6f:a7:5f:1d:e9:2f:
                    f1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:9A:CD:C3:2D:AE:F7:6F:77:1A:FC:34:B9:7A:0C:E0:AA:0F:28:54
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:45:3e:62:3b:49:68:bf:1e:39:66:3f:bd:33:17:8e:08:d0:
         7d:5c:81:4e:a9:cc:0b:d7:01:6d:56:1a:d4:5c:3b:0e:d0:86:
         5a:36:9d:86:02:7a:da:59:ab:a9:8e:32:a1:4c:89:38:41:70:
         e7:79:91:3b:28:3f:5b:d6:6b:05:22:b4:b1:22:88:d5:98:73:
         86:34:37:94:a5:18:e8:10:a8:7c:b2:41:05:06:36:02:43:72:
         e4:d6:ef:8f:08:d4:ac:3d:47:6f:66:da:0b:14:47:c8:0a:f0:
         f8:33:f2:40:12:40:45:6b:ba:f8:9c:3c:30:4a:48:a3:39:82:
         a8:c6:6a:f0:b6:5a:73:06:ef:1f:e2:4f:c4:a3:1b:f8:c6:04:
         86:fd:b6:41:56:d8:1a:5e:9c:5b:42:d4:0f:6d:10:0b:83:e9:
         91:c0:99:00:f1:45:a2:fb:73:0b:0f:59:30:db:95:c5:d7:3d:
         6b:eb:2d:d2:64:c1:5e:a3:6f:57:c9:16:53:80:fb:5b:82:31:
         68:c1:58:f5:3a:6f:cd:b0:ee:d9:c9:87:ba:46:80:87:8b:94:
         dc:0e:b1:7d:15:d7:c0:26:dc:0b:b2:17:a6:b7:3c:a4:98:9c:
         0a:88:bc:c0:93:01:ce:03:be:76:40:c8:6b:d0:10:0c:30:31:
         ae:44:0f:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUW893Eu53InEEfha4FXkcPVcAzdAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMTEwMDUxNTNaFw0yNTAzMTAwMDU2NTNaMDMxMTAvBgNV
BAMTKEMyOUFDREMzMkRBRUY3NkY3NzFBRkMzNEI5N0EwQ0UwQUEwRjI4NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKhmOkQeBLmoEeZJfL1UuNRsCh
V9Pvg1i/pWZlCZWyWSMejRQcdNQSrhaa5Je8lEqVlvWO1P4m1WMbS9OjJH0uurOm
w0LTJKN7MapHpuOPZbzXxnt6Ez8kdpB16Gvh+eG6sTN6SD8aaIilfBjAgvqZzK9O
zldMIm+GGeyPU1N1E+Mjsx+AgaQN8ZplwbmKFIemRxkTd4ernHUINi+P5pB75AOz
mNFvwWUJxasRjH6dVTJ9S2+msUGR0hhQl66ynltTu7o2wr8jUzKw99+03BWS42TX
yMjtM41yk51tCCiwpCCT+Q99yJ1vNMIZVRJHh4hOV9rL5wQKqm+nXx3pL/HvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwprNwy2u9293Gvw0uXoM4KoPKFQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBpAow
DQYJKoZIhvcNAQELBQADggEBANdFPmI7SWi/HjlmP70zF44I0H1cgU6pzAvXAW1W
GtRcOw7Qhlo2nYYCetpZq6mOMqFMiThBcOd5kTsoP1vWawUitLEiiNWYc4Y0N5Sl
GOgQqHyyQQUGNgJDcuTW748I1Kw9R29m2gsUR8gK8Pgz8kASQEVruvicPDBKSKM5
gqjGavC2WnMG7x/iT8SjG/jGBIb9tkFW2BpenFtC1A9tEAuD6ZHAmQDxRaL7cwsP
WTDblcXXPWvrLdJkwV6jb1fJFlOA+1uCMWjBWPU6b82w7tnJh7pGgIeLlNwOsX0V
18Am3AuyF6a3PKSYnAqIvMCTAc4DvnZAyGvQEAwwMa5ED2c=
-----END CERTIFICATE-----