Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400883.roa
File:                     AS400883.roa (raw, json)
Hash identifier:          zthX31bt+MzdAL3iCsUTfGBMwntXZaLHY04Y3k0ALhM=
Subject key identifier:   30:AF:A8:E0:93:C9:D8:D7:25:D0:68:C2:38:9B:B0:A7:D4:9B:19:19
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2E9294845D06939B57CA439D18C26BDD28FE110D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400883.roa
Signing time:             Sun 14 Jan 2024 10:18:44 +0000
ROA not before:           Sun 14 Jan 2024 10:13:44 +0000
ROA not after:            Sun 12 Jan 2025 10:18:44 +0000
asID:                     400883
IP address blocks:        191.101.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:92:94:84:5d:06:93:9b:57:ca:43:9d:18:c2:6b:dd:28:fe:11:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 14 10:13:44 2024 GMT
            Not After : Jan 12 10:18:44 2025 GMT
        Subject: CN=30AFA8E093C9D8D725D068C2389BB0A7D49B1919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:02:1c:f7:57:53:eb:1c:da:f1:d3:94:77:3d:
                    68:29:e4:91:b6:12:9c:44:ab:79:db:dc:91:3d:41:
                    11:df:41:5c:0a:9c:ce:da:db:09:4c:b9:61:34:e6:
                    1a:e9:39:fe:11:f9:1b:e8:7e:3f:00:8c:64:6e:f7:
                    f0:f4:1a:c5:c2:f2:23:67:09:f1:5c:3d:e0:c1:f6:
                    36:fd:26:88:4d:ee:d6:2b:45:b2:05:d0:1b:c7:43:
                    2e:5e:28:ec:67:f7:e1:83:9a:bb:70:e1:fb:22:5e:
                    15:05:bf:7a:8f:f9:af:f4:3b:fa:82:3d:45:08:fc:
                    07:b1:5c:e8:c0:58:e0:1a:4d:e8:92:97:67:92:66:
                    ce:ea:4f:ac:51:de:87:03:f0:b3:f1:45:d2:53:84:
                    fb:d2:ed:8d:6b:e0:90:e5:08:27:03:ac:a4:02:f6:
                    79:3e:19:28:4c:ee:01:a4:2f:e9:25:e4:02:3f:e0:
                    72:85:0f:8b:4e:00:e6:20:be:75:9a:e5:f2:8b:3e:
                    00:12:68:67:3e:0f:00:dd:71:b1:b2:14:a5:2a:e2:
                    8f:d7:f1:d7:99:92:ef:d5:d1:14:cc:22:5f:5d:85:
                    fd:0b:7d:64:b3:f3:f6:1d:f8:a5:26:d1:ac:80:ef:
                    c8:eb:15:a6:99:b9:1c:04:53:a5:37:b7:79:4a:db:
                    55:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AF:A8:E0:93:C9:D8:D7:25:D0:68:C2:38:9B:B0:A7:D4:9B:19:19
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400883.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:e7:91:7d:66:47:31:63:75:36:1d:f8:9a:0e:bd:14:4c:ed:
         6a:c2:e3:36:44:52:20:41:bf:df:54:68:4b:b8:49:c6:f4:15:
         9c:da:4a:6d:78:8a:4e:65:26:97:86:f2:74:19:3b:5d:8e:2d:
         24:35:8f:b2:f2:0c:9f:6d:f0:b1:a6:dd:c8:47:42:15:25:81:
         24:82:e3:44:76:fc:34:67:cd:cc:b5:1d:b0:c1:22:f5:52:87:
         7a:7a:2c:5e:8f:2a:94:e7:84:2d:5b:98:05:aa:62:4d:79:d8:
         73:bd:05:16:e9:9b:45:ec:88:16:b5:87:f2:73:11:58:42:1f:
         0d:fd:cb:ca:37:6d:05:3e:5b:7a:03:56:d3:ef:71:73:db:46:
         ea:fb:fa:d1:7d:cf:71:da:9d:9c:1a:57:95:d5:1f:a5:c6:10:
         54:9e:ac:98:b6:b8:dc:64:e6:93:fb:a7:8f:af:6c:1d:1d:b2:
         d4:09:2b:5b:75:9d:ef:a8:e0:7f:c3:e3:18:50:b5:40:b8:95:
         6b:0e:51:53:92:ec:2d:42:d4:2a:08:0d:1c:7d:3a:c5:56:5a:
         c7:95:70:41:28:25:aa:87:95:cb:33:3c:e9:cf:7d:5b:71:fe:
         3c:66:f2:92:4a:d6:db:09:5b:e4:7b:68:2b:a0:fc:e7:0a:f5:
         af:cc:ce:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULpKUhF0Gk5tXykOdGMJr3Sj+EQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMTQxMDEzNDRaFw0yNTAxMTIxMDE4NDRaMDMxMTAvBgNV
BAMTKDMwQUZBOEUwOTNDOUQ4RDcyNUQwNjhDMjM4OUJCMEE3RDQ5QjE5MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfAhz3V1PrHNrx05R3PWgp5JG2
EpxEq3nb3JE9QRHfQVwKnM7a2wlMuWE05hrpOf4R+Rvofj8AjGRu9/D0GsXC8iNn
CfFcPeDB9jb9JohN7tYrRbIF0BvHQy5eKOxn9+GDmrtw4fsiXhUFv3qP+a/0O/qC
PUUI/AexXOjAWOAaTeiSl2eSZs7qT6xR3ocD8LPxRdJThPvS7Y1r4JDlCCcDrKQC
9nk+GShM7gGkL+kl5AI/4HKFD4tOAOYgvnWa5fKLPgASaGc+DwDdcbGyFKUq4o/X
8deZku/V0RTMIl9dhf0LfWSz8/Yd+KUm0ayA78jrFaaZuRwEU6U3t3lK21XHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMK+o4JPJ2Ncl0GjCOJuwp9SbGRkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwODgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Xy
MA0GCSqGSIb3DQEBCwUAA4IBAQC055F9ZkcxY3U2HfiaDr0UTO1qwuM2RFIgQb/f
VGhLuEnG9BWc2kpteIpOZSaXhvJ0GTtdji0kNY+y8gyfbfCxpt3IR0IVJYEkguNE
dvw0Z83MtR2wwSL1Uod6eixejyqU54QtW5gFqmJNedhzvQUW6ZtF7IgWtYfycxFY
Qh8N/cvKN20FPlt6A1bT73Fz20bq+/rRfc9x2p2cGleV1R+lxhBUnqyYtrjcZOaT
+6ePr2wdHbLUCStbdZ3vqOB/w+MYULVAuJVrDlFTkuwtQtQqCA0cfTrFVlrHlXBB
KCWqh5XLMzzpz31bcf48ZvKSStbbCVvke2groPznCvWvzM40
-----END CERTIFICATE-----