Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          pToNvCUW2n0u6yFbARy711U5riadoEHuTKzSjesXd8o=
Subject key identifier:   AB:E3:8A:6C:EB:C6:71:77:6E:72:43:BE:66:ED:5D:7F:B5:5A:D9:37
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7526F3E7A9E8B7A84121BC47E306F03CB66E2649
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa
Signing time:             Sat 20 Jul 2024 00:00:36 +0000
ROA not before:           Fri 19 Jul 2024 23:55:36 +0000
ROA not after:            Sat 19 Jul 2025 00:00:36 +0000
asID:                     400866
IP address blocks:        147.79.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:26:f3:e7:a9:e8:b7:a8:41:21:bc:47:e3:06:f0:3c:b6:6e:26:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 19 23:55:36 2024 GMT
            Not After : Jul 19 00:00:36 2025 GMT
        Subject: CN=ABE38A6CEBC671776E7243BE66ED5D7FB55AD937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dc:a7:7f:be:0d:aa:d2:23:26:d8:82:93:45:
                    22:8e:3b:38:d0:ee:09:d1:ef:5c:a6:95:0f:e7:30:
                    53:b6:46:2a:7b:7b:b5:7f:83:60:9c:44:ba:6e:24:
                    5c:a7:7f:e9:12:6e:21:9b:56:1a:93:34:5a:12:2e:
                    9f:08:35:a6:a6:88:a2:5e:94:4c:24:a3:e2:64:cb:
                    8b:fa:bd:d9:cf:39:6d:f1:93:8a:2a:3c:8b:cf:a3:
                    bd:84:59:ea:82:89:83:66:6a:34:01:c3:71:30:83:
                    d6:28:06:45:82:c3:f9:53:a6:4f:8e:8d:58:be:79:
                    be:4c:c2:af:b4:91:53:8e:72:83:25:eb:fe:a9:33:
                    6b:2b:5a:98:07:f9:86:df:e4:98:46:27:02:aa:39:
                    65:54:b8:4f:c9:ad:d2:d5:61:8c:57:cb:e2:e0:2b:
                    0d:d6:bb:c1:df:16:91:92:ce:19:6d:8e:5b:2b:a4:
                    db:51:d4:da:c9:87:b1:5d:94:a9:cd:46:dc:51:34:
                    8d:44:d3:59:30:2d:df:fe:3b:ef:41:23:da:9b:2f:
                    a5:be:6e:0c:61:0a:0f:11:b3:99:d4:74:67:03:72:
                    a4:b3:2f:2c:cf:f4:21:4e:16:e8:66:5f:ea:42:fe:
                    f8:4f:53:5e:86:7c:4b:13:91:65:68:15:1a:0e:a6:
                    0a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E3:8A:6C:EB:C6:71:77:6E:72:43:BE:66:ED:5D:7F:B5:5A:D9:37
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f7:4e:89:8e:0f:b4:34:d3:a4:c8:9b:44:75:48:10:b9:e1:
         c0:24:a6:9c:ac:9f:e0:58:b3:ce:f1:ff:98:12:9f:21:82:5d:
         83:c0:61:d6:0a:68:4a:e5:4a:6c:ac:1e:15:7e:6a:69:3f:c8:
         24:fa:94:8e:50:7b:34:2c:41:75:85:bc:ee:59:13:0b:68:18:
         cd:3a:f7:d9:bd:c6:c8:88:ef:5a:a8:e0:8f:39:74:de:60:5e:
         1d:e2:18:68:f5:9c:08:1d:1e:30:2d:15:e2:dc:81:3d:a8:96:
         72:2f:11:5a:c3:e0:7d:9d:8e:b8:3f:33:f7:5e:2b:ac:24:70:
         2a:b3:41:2b:9b:0a:87:b1:f4:2e:1e:4a:fc:c7:de:8e:75:97:
         96:f6:8d:ab:6a:73:4d:06:69:a5:47:f7:b5:f6:a2:ba:27:0e:
         07:a7:13:19:49:85:e6:41:a9:de:eb:af:08:53:8d:65:d0:8b:
         46:4e:8f:91:ca:ce:45:b2:18:1b:40:b4:2e:b2:df:ec:b4:8d:
         50:63:bb:3e:36:d2:46:4e:37:2d:aa:d8:77:43:09:86:00:af:
         ac:73:e1:38:af:be:fe:a8:8a:49:26:fb:d1:11:40:c5:9d:84:
         37:91:03:7a:4f:2a:f7:e7:aa:65:49:63:7e:ba:85:38:53:d9:
         56:31:40:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdSbz56not6hBIbxH4wbwPLZuJkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MTkyMzU1MzZaFw0yNTA3MTkwMDAwMzZaMDMxMTAvBgNV
BAMTKEFCRTM4QTZDRUJDNjcxNzc2RTcyNDNCRTY2RUQ1RDdGQjU1QUQ5MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD3Kd/vg2q0iMm2IKTRSKOOzjQ
7gnR71ymlQ/nMFO2Rip7e7V/g2CcRLpuJFynf+kSbiGbVhqTNFoSLp8INaamiKJe
lEwko+Jky4v6vdnPOW3xk4oqPIvPo72EWeqCiYNmajQBw3Ewg9YoBkWCw/lTpk+O
jVi+eb5Mwq+0kVOOcoMl6/6pM2srWpgH+Ybf5JhGJwKqOWVUuE/JrdLVYYxXy+Lg
Kw3Wu8HfFpGSzhltjlsrpNtR1NrJh7FdlKnNRtxRNI1E01kwLd/+O+9BI9qbL6W+
bgxhCg8Rs5nUdGcDcqSzLyzP9CFOFuhmX+pC/vhPU16GfEsTkWVoFRoOpgrvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUq+OKbOvGcXduckO+Zu1df7Va2TcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08X
MA0GCSqGSIb3DQEBCwUAA4IBAQB3906Jjg+0NNOkyJtEdUgQueHAJKacrJ/gWLPO
8f+YEp8hgl2DwGHWCmhK5UpsrB4VfmppP8gk+pSOUHs0LEF1hbzuWRMLaBjNOvfZ
vcbIiO9aqOCPOXTeYF4d4hho9ZwIHR4wLRXi3IE9qJZyLxFaw+B9nY64PzP3Xius
JHAqs0ErmwqHsfQuHkr8x96OdZeW9o2ranNNBmmlR/e19qK6Jw4HpxMZSYXmQane
668IU41l0ItGTo+Rys5FshgbQLQust/stI1QY7s+NtJGTjctqth3QwmGAK+sc+E4
r77+qIpJJvvREUDFnYQ3kQN6Tyr356plSWN+uoU4U9lWMUAp
-----END CERTIFICATE-----