Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400596.roa
File:                     AS400596.roa (raw, json)
Hash identifier:          y0epXgg4gHeNfgCR+QcVzXDLorBQCRxUDTjzMRbboyw=
Subject key identifier:   F6:BE:10:BC:B2:D3:0C:E4:E3:C0:B7:BF:2B:E4:1F:12:ED:18:3F:BF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7437C5E8E681FDAC3DB395F860342A2758C55FC9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400596.roa
Signing time:             Thu 09 Jan 2025 21:59:38 +0000
ROA not before:           Thu 09 Jan 2025 21:54:38 +0000
ROA not after:            Thu 08 Jan 2026 21:59:38 +0000
asID:                     400596
IP address blocks:        191.101.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:37:c5:e8:e6:81:fd:ac:3d:b3:95:f8:60:34:2a:27:58:c5:5f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  9 21:54:38 2025 GMT
            Not After : Jan  8 21:59:38 2026 GMT
        Subject: CN=F6BE10BCB2D30CE4E3C0B7BF2BE41F12ED183FBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:90:10:5e:b6:20:60:ba:24:0a:ce:08:2f:dc:
                    1a:a0:61:91:22:c0:99:7b:43:5b:26:85:f3:2c:0a:
                    6c:7d:88:9a:ef:41:35:47:76:7c:c9:64:9f:2a:81:
                    15:3a:c9:56:49:b7:97:d5:d7:b8:84:1f:18:1a:c8:
                    39:66:98:bf:25:5b:ee:e3:26:f5:fa:fe:30:6b:1d:
                    76:15:3d:9c:d1:44:6f:e5:7b:0b:21:04:f1:1d:20:
                    51:f2:2d:9b:9b:10:b8:df:62:f3:b5:f5:81:8b:f1:
                    a0:b9:42:8d:59:33:b2:79:79:9f:01:0f:79:01:89:
                    45:2f:09:f2:9e:a4:66:12:7c:3b:ec:15:03:f3:c6:
                    83:78:52:fc:55:63:5e:0b:a4:a2:28:9b:a6:ca:d7:
                    80:3e:3c:b9:a0:b9:1f:75:61:9f:08:f2:b3:7e:df:
                    9f:6e:ab:58:74:5f:1a:ab:24:42:51:5e:3b:80:9b:
                    0f:d9:18:49:03:9b:ff:cf:b3:ce:67:e4:d6:b9:e1:
                    e8:d9:49:b3:2f:00:de:33:d4:2c:2e:d5:fb:87:10:
                    7b:e0:69:22:81:ae:5e:21:ff:5f:5b:95:df:55:69:
                    9c:7f:d3:c1:9b:2d:3c:fa:2b:d7:c5:5d:d6:95:45:
                    7c:4a:46:f0:40:31:6e:f5:60:2d:17:cc:31:50:a1:
                    11:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:BE:10:BC:B2:D3:0C:E4:E3:C0:B7:BF:2B:E4:1F:12:ED:18:3F:BF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400596.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:15:6a:cf:40:55:74:19:57:2e:62:5e:ac:d6:87:fb:0d:3f:
         11:c8:65:ab:34:bc:18:59:15:bb:ef:cf:e9:f8:e0:31:91:02:
         64:4f:81:b5:10:57:d8:69:dc:5e:86:0d:5f:b2:2b:2c:04:4e:
         3f:79:c4:bd:a6:fa:3b:3e:a6:79:7e:1a:e8:23:13:d2:7f:07:
         5b:30:03:cf:84:7a:dc:f2:a2:bc:59:92:77:ab:6b:cc:f4:9b:
         ef:6c:22:a5:bd:83:a7:19:e5:28:79:85:15:dd:16:8b:ba:f3:
         1e:58:40:c1:0a:57:44:01:3b:51:fb:9a:aa:66:6a:48:e7:8c:
         22:9e:d7:74:92:88:b3:87:eb:cf:eb:b1:39:a0:9d:9e:67:94:
         f4:c9:16:7e:7b:1b:87:84:f8:30:d4:13:12:9f:a0:85:ca:95:
         5a:5f:60:ad:64:b0:1e:1a:b3:4f:75:e0:d2:a2:68:d2:86:76:
         77:2e:71:44:c2:16:54:a2:47:1c:f3:72:c7:00:65:15:4d:ee:
         05:d0:dc:32:44:1e:99:45:2e:73:bb:d2:a6:39:b9:8a:c0:12:
         28:af:f1:db:26:b2:33:e9:2d:49:bd:e6:1e:2b:81:99:47:11:
         7f:9b:0a:5f:ac:64:00:17:a9:1f:e0:c6:69:a2:a9:85:28:e0:
         17:05:2d:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdDfF6OaB/aw9s5X4YDQqJ1jFX8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDkyMTU0MzhaFw0yNjAxMDgyMTU5MzhaMDMxMTAvBgNV
BAMTKEY2QkUxMEJDQjJEMzBDRTRFM0MwQjdCRjJCRTQxRjEyRUQxODNGQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgkBBetiBguiQKzggv3BqgYZEi
wJl7Q1smhfMsCmx9iJrvQTVHdnzJZJ8qgRU6yVZJt5fV17iEHxgayDlmmL8lW+7j
JvX6/jBrHXYVPZzRRG/lewshBPEdIFHyLZubELjfYvO19YGL8aC5Qo1ZM7J5eZ8B
D3kBiUUvCfKepGYSfDvsFQPzxoN4UvxVY14LpKIom6bK14A+PLmguR91YZ8I8rN+
359uq1h0XxqrJEJRXjuAmw/ZGEkDm//Ps85n5Na54ejZSbMvAN4z1Cwu1fuHEHvg
aSKBrl4h/19bld9VaZx/08GbLTz6K9fFXdaVRXxKRvBAMW71YC0XzDFQoRGNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9r4QvLLTDOTjwLe/K+QfEu0YP78wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwNTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WU
MA0GCSqGSIb3DQEBCwUAA4IBAQCxFWrPQFV0GVcuYl6s1of7DT8RyGWrNLwYWRW7
78/p+OAxkQJkT4G1EFfYadxehg1fsissBE4/ecS9pvo7PqZ5fhroIxPSfwdbMAPP
hHrc8qK8WZJ3q2vM9JvvbCKlvYOnGeUoeYUV3RaLuvMeWEDBCldEATtR+5qqZmpI
54wintd0koizh+vP67E5oJ2eZ5T0yRZ+exuHhPgw1BMSn6CFypVaX2CtZLAeGrNP
deDSomjShnZ3LnFEwhZUokcc83LHAGUVTe4F0NwyRB6ZRS5zu9KmObmKwBIor/Hb
JrIz6S1JveYeK4GZRxF/mwpfrGQAF6kf4MZpoqmFKOAXBS26
-----END CERTIFICATE-----