Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          fsM+HHypG/TZHp1w+KQimB6/pPYD269wLkm01KLwd/U=
Subject key identifier:   6D:5C:DD:8D:8E:40:6A:27:05:45:38:4B:D1:69:A7:CC:8A:8D:57:CF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       32D95C3FB3E6D80E1E90DA74EC9B5B058D3B3C03
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
Signing time:             Mon 01 Jan 2024 16:41:43 +0000
ROA not before:           Mon 01 Jan 2024 16:36:43 +0000
ROA not after:            Mon 30 Dec 2024 16:41:43 +0000
asID:                     400909
IP address blocks:        45.139.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:d9:5c:3f:b3:e6:d8:0e:1e:90:da:74:ec:9b:5b:05:8d:3b:3c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 16:36:43 2024 GMT
            Not After : Dec 30 16:41:43 2024 GMT
        Subject: CN=6D5CDD8D8E406A270545384BD169A7CC8A8D57CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:61:36:71:a9:0e:25:01:d7:3a:f0:b6:b2:e6:
                    2a:0e:ed:e8:ff:23:2b:ea:17:df:b7:45:23:d2:f6:
                    f6:52:8b:8a:33:7c:04:05:2a:c2:d1:b3:79:e2:87:
                    a2:c6:11:4a:0a:c7:ae:6b:c7:6d:9e:6c:7a:ea:34:
                    07:bc:83:85:a9:f9:52:27:d3:4f:1e:c2:b3:f2:8e:
                    3e:fc:8e:76:27:87:2b:44:97:97:70:82:61:10:5c:
                    5d:dd:f8:04:dd:d9:d7:ee:15:fa:b6:3f:28:eb:82:
                    fc:28:2e:50:d3:55:99:e6:8f:9a:49:42:4e:d2:17:
                    17:38:01:45:4c:6a:21:1e:ba:9b:c9:65:7a:07:f8:
                    9a:c6:26:fe:73:f2:33:dc:f3:18:e1:fb:9d:29:65:
                    a4:bb:1e:2e:80:b7:41:40:d3:bf:fa:b5:b8:d5:ea:
                    cc:77:b0:e4:d4:df:fe:ba:1e:2c:61:01:5a:57:8f:
                    ab:16:77:05:0e:47:e4:ac:29:78:5d:d1:ec:b4:76:
                    65:ac:4d:3d:ab:95:60:9c:f1:12:b6:1e:ca:40:53:
                    40:45:89:4f:90:02:fc:cd:2f:4f:ec:56:3f:07:9c:
                    cd:2a:e6:2d:89:93:75:fb:29:87:54:42:43:8a:3d:
                    46:1f:2c:6d:b9:5e:06:25:73:17:64:74:48:06:5f:
                    f9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:5C:DD:8D:8E:40:6A:27:05:45:38:4B:D1:69:A7:CC:8A:8D:57:CF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:98:9b:d3:a1:94:7d:8d:4a:b0:65:50:8a:11:30:89:85:47:
         11:0a:b7:4f:78:47:8a:a6:cc:f8:74:ed:a8:27:c5:84:17:3e:
         0c:aa:a6:74:7f:e1:40:a5:8f:20:f6:9e:a1:68:ed:8d:28:29:
         5d:a1:07:1d:25:e3:66:bf:68:20:50:6f:8d:19:16:b6:05:5c:
         09:07:db:5c:9f:bf:7e:9e:74:2c:71:94:4c:03:00:cb:a6:ab:
         72:8e:55:1b:84:5c:4f:6d:ae:dd:45:bf:a2:24:b0:dc:94:14:
         d7:9c:d9:74:05:cb:8b:d6:d1:26:a6:27:b8:58:7c:a3:e5:7c:
         40:bc:e0:df:f8:64:62:88:8d:f2:8d:49:ca:5a:a3:32:f8:1e:
         59:87:4f:cd:84:ce:b0:5c:15:5b:fe:68:c2:8f:0f:cf:48:14:
         eb:bd:3e:9c:df:5c:b6:69:bd:fa:96:c1:c1:11:69:67:d1:0d:
         20:4f:20:15:57:fd:84:1d:c9:45:6e:ec:87:87:45:2c:a4:64:
         7f:65:76:0e:01:22:5e:86:ca:19:a5:9b:1d:ca:a9:15:25:d7:
         50:71:18:1e:6a:34:11:38:9f:26:34:64:8e:82:e7:37:e6:b4:
         5f:47:49:21:e0:59:dd:98:dc:ca:45:c2:9e:71:10:08:04:41:
         6b:e4:d6:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMtlcP7Pm2A4ekNp07JtbBY07PAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMDExNjM2NDNaFw0yNDEyMzAxNjQxNDNaMDMxMTAvBgNV
BAMTKDZENUNERDhEOEU0MDZBMjcwNTQ1Mzg0QkQxNjlBN0NDOEE4RDU3Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjYTZxqQ4lAdc68Lay5ioO7ej/
IyvqF9+3RSPS9vZSi4ozfAQFKsLRs3nih6LGEUoKx65rx22ebHrqNAe8g4Wp+VIn
008ewrPyjj78jnYnhytEl5dwgmEQXF3d+ATd2dfuFfq2PyjrgvwoLlDTVZnmj5pJ
Qk7SFxc4AUVMaiEeupvJZXoH+JrGJv5z8jPc8xjh+50pZaS7Hi6At0FA07/6tbjV
6sx3sOTU3/66HixhAVpXj6sWdwUOR+SsKXhd0ey0dmWsTT2rlWCc8RK2HspAU0BF
iU+QAvzNL0/sVj8HnM0q5i2Jk3X7KYdUQkOKPUYfLG25XgYlcxdkdEgGX/ktAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbVzdjY5AaicFRThL0WmnzIqNV88wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYu2
MA0GCSqGSIb3DQEBCwUAA4IBAQBgmJvToZR9jUqwZVCKETCJhUcRCrdPeEeKpsz4
dO2oJ8WEFz4MqqZ0f+FApY8g9p6haO2NKCldoQcdJeNmv2ggUG+NGRa2BVwJB9tc
n79+nnQscZRMAwDLpqtyjlUbhFxPba7dRb+iJLDclBTXnNl0BcuL1tEmpie4WHyj
5XxAvODf+GRiiI3yjUnKWqMy+B5Zh0/NhM6wXBVb/mjCjw/PSBTrvT6c31y2ab36
lsHBEWln0Q0gTyAVV/2EHclFbuyHh0UspGR/ZXYOASJehsoZpZsdyqkVJddQcRge
ajQROJ8mNGSOguc35rRfR0kh4FndmNzKRcKecRAIBEFr5Nbo
-----END CERTIFICATE-----