Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          FAfcqonrocBaPOjqowgHH+C1PaQU83+PTyF07y51ZS8=
Subject key identifier:   71:AB:53:E4:98:CA:02:8F:04:F1:79:65:76:9E:D2:E3:8A:4A:D7:57
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       120BC836313514D623A2259B065B753C9C31252F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
Signing time:             Fri 23 Jun 2023 13:39:14 +0000
ROA not before:           Fri 23 Jun 2023 13:34:14 +0000
ROA not after:            Fri 21 Jun 2024 13:39:14 +0000
asID:                     399486
IP address blocks:        85.209.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:0b:c8:36:31:35:14:d6:23:a2:25:9b:06:5b:75:3c:9c:31:25:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 23 13:34:14 2023 GMT
            Not After : Jun 21 13:39:14 2024 GMT
        Subject: CN=71AB53E498CA028F04F17965769ED2E38A4AD757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0d:2f:ae:67:b8:6c:c2:b6:40:10:dc:e0:56:
                    51:ee:a8:00:db:2c:c3:79:08:70:e2:fa:5b:87:de:
                    d1:d1:96:a6:6c:8c:a0:e9:f3:a1:5f:17:5b:61:e2:
                    d2:b5:07:6b:26:93:de:ed:db:4f:da:52:7d:11:36:
                    5c:59:02:c3:fc:65:42:18:fd:d9:52:28:9b:6c:6f:
                    5f:29:a8:cf:5a:20:1d:79:2d:be:3c:a0:e1:3f:89:
                    66:3b:12:2c:6c:65:b5:de:6c:2c:e3:d7:b0:51:de:
                    b5:5e:9b:5b:07:a2:4f:3b:b7:f6:45:6b:2e:db:08:
                    bb:26:c2:4d:aa:ee:48:46:c9:b3:42:9a:bb:b1:7b:
                    68:6d:6a:98:d4:8e:99:d3:fa:40:d9:c9:02:66:c7:
                    8f:45:9b:32:53:2e:e4:49:ae:b7:2e:34:10:1e:cf:
                    25:de:ac:f5:d1:fe:f6:26:ca:a3:b6:c1:98:a3:83:
                    d9:b8:8c:2d:8b:85:16:dc:b1:ef:e9:ca:1b:61:ba:
                    c6:71:0f:59:c8:a8:a5:4a:19:36:87:46:e4:1a:0c:
                    9c:e5:dc:bc:08:9f:38:9f:18:53:ea:67:f5:2b:bf:
                    ae:3c:f3:dd:b8:8d:7d:b2:41:d9:17:71:da:25:a5:
                    16:77:12:e3:99:45:84:0b:37:80:44:10:6a:28:01:
                    33:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:AB:53:E4:98:CA:02:8F:04:F1:79:65:76:9E:D2:E3:8A:4A:D7:57
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c0:7f:fa:04:45:a8:62:9d:cb:60:c1:d4:c1:33:e8:cc:05:
         e9:7d:94:5b:78:ac:ad:68:90:76:35:cf:63:d7:f3:2a:46:3a:
         ca:71:a2:b6:bf:5a:f9:1a:e2:0a:8d:9b:5b:e4:b3:d9:e2:a9:
         a1:52:93:3e:3b:78:7b:39:89:2d:16:1c:6e:62:7c:a6:6d:59:
         ee:f1:fe:ad:0a:18:8c:25:f3:42:7f:9f:29:94:4f:27:42:42:
         8e:81:d2:0b:e9:6e:a4:00:ff:4a:17:63:6f:4e:10:df:3b:f5:
         98:4a:cf:05:d2:88:73:a0:08:00:4f:63:70:e6:b5:e9:d9:f8:
         cf:b3:62:95:bc:01:a2:4e:48:82:bc:04:5b:0c:45:68:6f:cf:
         46:02:d5:a5:88:ab:40:27:56:fc:93:6c:af:11:32:54:f1:4e:
         04:f5:71:20:f7:1b:05:45:9d:91:6f:a0:d5:e3:07:69:c8:ac:
         32:e9:84:40:5c:81:95:b0:76:0f:05:09:09:39:d3:b3:03:eb:
         5b:10:41:d9:03:42:95:ba:9c:2f:51:68:d6:5c:3d:6a:2e:a4:
         86:d1:d4:1e:55:51:19:8e:4c:54:b5:cb:31:13:a8:1d:a4:1b:
         8e:ac:b0:d5:5a:c9:bc:e8:1d:ce:80:a1:fc:09:c8:30:1e:1c:
         41:e9:b1:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEgvINjE1FNYjoiWbBlt1PJwxJS8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjMxMzM0MTRaFw0yNDA2MjExMzM5MTRaMDMxMTAvBgNV
BAMTKDcxQUI1M0U0OThDQTAyOEYwNEYxNzk2NTc2OUVEMkUzOEE0QUQ3NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DS+uZ7hswrZAENzgVlHuqADb
LMN5CHDi+luH3tHRlqZsjKDp86FfF1th4tK1B2smk97t20/aUn0RNlxZAsP8ZUIY
/dlSKJtsb18pqM9aIB15Lb48oOE/iWY7EixsZbXebCzj17BR3rVem1sHok87t/ZF
ay7bCLsmwk2q7khGybNCmruxe2htapjUjpnT+kDZyQJmx49FmzJTLuRJrrcuNBAe
zyXerPXR/vYmyqO2wZijg9m4jC2LhRbcse/pyhthusZxD1nIqKVKGTaHRuQaDJzl
3LwInzifGFPqZ/Urv6488924jX2yQdkXcdolpRZ3EuOZRYQLN4BEEGooATNJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcatT5JjKAo8E8Xlldp7S44pK11cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGw
MA0GCSqGSIb3DQEBCwUAA4IBAQBnwH/6BEWoYp3LYMHUwTPozAXpfZRbeKytaJB2
Nc9j1/MqRjrKcaK2v1r5GuIKjZtb5LPZ4qmhUpM+O3h7OYktFhxuYnymbVnu8f6t
ChiMJfNCf58plE8nQkKOgdIL6W6kAP9KF2NvThDfO/WYSs8F0ohzoAgAT2Nw5rXp
2fjPs2KVvAGiTkiCvARbDEVob89GAtWliKtAJ1b8k2yvETJU8U4E9XEg9xsFRZ2R
b6DV4wdpyKwy6YRAXIGVsHYPBQkJOdOzA+tbEEHZA0KVupwvUWjWXD1qLqSG0dQe
VVEZjkxUtcsxE6gdpBuOrLDVWsm86B3OgKH8CcgwHhxB6bFp
-----END CERTIFICATE-----