Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          Z6CIXNNOwsDQUv50C2AsLRZY+2JhgP6QlgtjumpGdLE=
Subject key identifier:   AE:C6:25:6E:25:09:D5:54:4D:17:4D:AF:AF:42:9A:40:13:AA:2F:6A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1F2ECF20E28602FADBA4F1F44A18DF1236BD8CEC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
Signing time:             Fri 17 May 2024 03:29:17 +0000
ROA not before:           Fri 17 May 2024 03:24:17 +0000
ROA not after:            Fri 16 May 2025 03:29:17 +0000
asID:                     400866
IP address blocks:        141.11.29.0/24 maxlen: 24
                          141.11.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:2e:cf:20:e2:86:02:fa:db:a4:f1:f4:4a:18:df:12:36:bd:8c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 17 03:24:17 2024 GMT
            Not After : May 16 03:29:17 2025 GMT
        Subject: CN=AEC6256E2509D5544D174DAFAF429A4013AA2F6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:11:66:5a:0b:d1:ce:14:bc:6c:bd:8a:9c:64:
                    9e:0a:7a:1c:61:6e:8c:5a:8d:73:68:8d:32:05:42:
                    c9:34:bb:60:86:a4:a9:9d:74:4b:eb:2d:9b:54:48:
                    62:e8:e0:44:5c:a9:1a:51:78:a4:2f:43:d8:00:51:
                    23:c3:7d:f1:e5:86:da:c6:82:56:35:b0:1d:b4:83:
                    3e:4c:98:81:33:60:49:eb:13:45:e2:92:f8:09:b4:
                    26:29:d0:5a:df:39:fd:b3:b1:64:3a:96:22:94:11:
                    37:6e:46:9a:9f:f7:dd:41:2f:3a:b3:92:d8:cc:bb:
                    e3:a4:51:d2:09:50:7f:03:40:b4:78:aa:b4:8a:d6:
                    19:28:4d:d7:71:30:e9:a5:84:cf:42:94:57:1c:6f:
                    ef:55:44:19:fc:dd:b2:c1:47:51:62:6a:f1:c6:13:
                    3b:69:80:c0:00:25:66:d3:69:72:5a:43:8a:43:2b:
                    2d:b4:2e:3b:18:ea:30:02:d1:89:44:73:43:ca:b3:
                    6c:2f:e6:e0:d2:63:3a:9b:ee:07:86:85:7b:5a:36:
                    8b:1f:27:eb:c3:9e:8b:b3:0f:5f:9c:7b:cd:03:aa:
                    9e:8f:81:db:2d:97:bd:92:32:b0:f9:31:3a:33:b2:
                    14:5c:db:3c:e7:5a:41:d8:18:58:98:83:3f:d7:77:
                    24:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C6:25:6E:25:09:D5:54:4D:17:4D:AF:AF:42:9A:40:13:AA:2F:6A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.29.0/24
                  141.11.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a2:c2:e2:c6:9a:5a:3a:c7:07:6a:e4:d7:ff:ad:f4:04:53:
         f2:8e:f2:f8:06:7d:71:d4:d9:d9:1e:76:62:4e:95:fa:78:11:
         79:58:42:b7:a5:df:80:66:50:2b:3d:f3:c1:6a:a9:6b:7b:d9:
         fd:4a:89:85:64:b7:ec:68:c3:c7:45:03:e2:b0:5f:97:35:54:
         ed:94:12:f4:2c:5a:be:e1:47:61:24:1e:4d:95:70:40:a8:1f:
         68:f9:9f:7f:6f:90:d9:4f:26:ad:a9:8e:1e:af:71:fb:01:51:
         c2:54:b5:cb:c6:5d:06:e3:35:38:b9:98:5e:d5:e8:97:c3:14:
         d1:97:c9:a6:ba:b4:1d:49:1f:67:e7:fb:dd:20:f2:91:50:58:
         e8:9c:fd:aa:df:1c:d6:32:8b:d2:d6:04:29:0d:22:06:d4:ec:
         8e:14:15:57:f8:fa:f3:16:83:c0:96:53:55:da:a3:90:0d:fc:
         c1:9e:78:3a:ef:68:db:6a:b6:fb:ec:5d:9a:b7:75:64:1f:27:
         89:ed:40:8e:07:bd:20:76:6d:ba:ce:ce:33:7c:36:3a:1a:2c:
         b7:cb:43:55:54:7c:31:bf:75:58:b7:5c:8e:cb:99:0d:3e:89:
         61:fb:d2:a2:2c:3e:88:d0:d1:88:69:24:c0:87:96:1b:f8:45:
         85:c3:0d:f2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUHy7PIOKGAvrbpPH0ShjfEja9jOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MTcwMzI0MTdaFw0yNTA1MTYwMzI5MTdaMDMxMTAvBgNV
BAMTKEFFQzYyNTZFMjUwOUQ1NTQ0RDE3NERBRkFGNDI5QTQwMTNBQTJGNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdEWZaC9HOFLxsvYqcZJ4Kehxh
boxajXNojTIFQsk0u2CGpKmddEvrLZtUSGLo4ERcqRpReKQvQ9gAUSPDffHlhtrG
glY1sB20gz5MmIEzYEnrE0XikvgJtCYp0FrfOf2zsWQ6liKUETduRpqf991BLzqz
ktjMu+OkUdIJUH8DQLR4qrSK1hkoTddxMOmlhM9ClFccb+9VRBn83bLBR1FiavHG
EztpgMAAJWbTaXJaQ4pDKy20LjsY6jAC0YlEc0PKs2wv5uDSYzqb7geGhXtaNosf
J+vDnouzD1+ce80Dqp6Pgdstl72SMrD5MTozshRc2zznWkHYGFiYgz/XdyRXAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUrsYlbiUJ1VRNF02vr0KaQBOqL2owHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQsd
AwQAjQtpMA0GCSqGSIb3DQEBCwUAA4IBAQAfosLixppaOscHauTX/630BFPyjvL4
Bn1x1NnZHnZiTpX6eBF5WEK3pd+AZlArPfPBaqlre9n9SomFZLfsaMPHRQPisF+X
NVTtlBL0LFq+4UdhJB5NlXBAqB9o+Z9/b5DZTyatqY4er3H7AVHCVLXLxl0G4zU4
uZhe1eiXwxTRl8mmurQdSR9n5/vdIPKRUFjonP2q3xzWMovS1gQpDSIG1OyOFBVX
+PrzFoPAllNV2qOQDfzBnng672jbarb77F2at3VkHyeJ7UCOB70gdm26zs4zfDY6
Giy3y0NVVHwxv3VYt1yOy5kNPolh+9KiLD6I0NGIaSTAh5Yb+EWFww3y
-----END CERTIFICATE-----