Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa
File:                     AS401000.roa (raw, json)
Hash identifier:          3qMXkTV/dKyPc+p/jM3Jdo8qnAOHPV6nqwCvWM+p0C0=
Subject key identifier:   FF:8A:AF:D8:A0:2A:4E:ED:BE:61:F1:D8:8A:61:46:E9:B1:DF:75:F4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0267024990410CB2DC8916C243BA1920454811D3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa
Signing time:             Mon 22 Apr 2024 20:59:07 +0000
ROA not before:           Mon 22 Apr 2024 20:54:07 +0000
ROA not after:            Mon 21 Apr 2025 20:59:07 +0000
asID:                     401000
IP address blocks:        181.214.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:67:02:49:90:41:0c:b2:dc:89:16:c2:43:ba:19:20:45:48:11:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 22 20:54:07 2024 GMT
            Not After : Apr 21 20:59:07 2025 GMT
        Subject: CN=FF8AAFD8A02A4EEDBE61F1D88A6146E9B1DF75F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:71:54:a3:f3:e2:a6:d4:11:c7:30:db:86:ae:
                    e8:80:51:36:96:1a:8e:b9:01:41:6b:d5:12:d8:6c:
                    a5:95:94:62:8a:f6:fc:82:27:2e:32:94:ce:ff:3d:
                    4c:02:c3:ed:11:c7:79:67:17:38:ae:bc:d7:7b:b3:
                    67:6d:ba:90:65:37:67:1f:f6:4a:c9:6d:6a:ec:3b:
                    09:f5:fb:be:6d:15:e0:d9:53:6a:80:cf:6b:de:aa:
                    2f:78:98:e6:ed:52:27:41:17:32:ee:2f:5b:0c:3a:
                    d5:54:4e:11:eb:d8:db:0f:7d:31:64:f2:5c:7b:3e:
                    e3:2c:14:2f:b4:19:34:66:c5:25:ee:6a:07:4a:04:
                    01:52:58:a9:f1:04:b2:58:1a:77:dc:c1:df:a1:3d:
                    c3:0b:47:44:c3:9e:e6:c0:af:4c:1e:51:ad:bc:d3:
                    5a:b9:cc:36:6c:e5:9d:36:27:c0:64:94:31:77:a1:
                    32:d8:bd:72:e2:a1:cf:fe:59:88:c5:48:1b:d9:47:
                    f6:c4:96:22:0f:27:81:6a:92:73:b8:34:e7:ba:60:
                    20:cc:19:0b:7e:85:9f:b8:97:a9:ff:c1:7a:76:b9:
                    22:21:16:12:e6:a8:a4:d2:1d:0b:68:18:ab:f9:b4:
                    68:db:f6:4c:2d:9f:02:1e:2a:b9:cf:8c:d7:c7:c1:
                    51:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8A:AF:D8:A0:2A:4E:ED:BE:61:F1:D8:8A:61:46:E9:B1:DF:75:F4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:05:a4:9b:47:7a:86:05:9b:fa:e6:82:3e:6a:c6:b1:da:f6:
         62:f4:b7:8f:e4:c7:e2:82:c7:f0:6b:6f:d0:f3:b9:74:36:64:
         4f:cf:2b:e4:45:f2:dd:5c:a4:01:dd:e7:04:04:d4:0a:0c:55:
         3c:15:7d:bf:29:ee:65:21:ac:e9:b9:00:2b:b1:9f:45:7d:c1:
         30:74:1a:8f:7e:75:24:7b:4b:ed:fd:19:7d:37:3a:84:a8:88:
         db:a2:3b:94:d3:75:80:c0:d8:2a:6d:53:81:f5:b7:b2:89:47:
         c4:59:59:47:21:0e:78:07:be:c3:59:e6:aa:e0:e6:83:95:86:
         d9:d4:50:bb:c2:21:00:01:95:08:48:ac:ce:30:1e:4b:40:e4:
         20:a5:0e:a7:03:8e:a2:55:9e:c0:6c:f4:09:f4:ff:40:12:39:
         d0:63:da:36:0b:4f:bd:6c:93:05:6a:e6:a9:93:99:47:75:80:
         f9:b6:fe:c5:d9:a8:18:45:dc:4e:da:b9:c7:af:70:89:5d:80:
         19:a6:ac:12:9e:a0:74:18:a0:d3:1a:d3:d9:93:28:8c:53:17:
         e3:99:9e:97:f8:51:12:19:b7:d4:dc:f9:f4:a5:8a:0c:83:70:
         00:48:59:8b:55:15:79:35:77:93:9d:0c:93:7c:b2:98:d3:72:
         80:58:7a:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAmcCSZBBDLLciRbCQ7oZIEVIEdMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjIyMDU0MDdaFw0yNTA0MjEyMDU5MDdaMDMxMTAvBgNV
BAMTKEZGOEFBRkQ4QTAyQTRFRURCRTYxRjFEODhBNjE0NkU5QjFERjc1RjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNcVSj8+Km1BHHMNuGruiAUTaW
Go65AUFr1RLYbKWVlGKK9vyCJy4ylM7/PUwCw+0Rx3lnFziuvNd7s2dtupBlN2cf
9krJbWrsOwn1+75tFeDZU2qAz2veqi94mObtUidBFzLuL1sMOtVUThHr2NsPfTFk
8lx7PuMsFC+0GTRmxSXuagdKBAFSWKnxBLJYGnfcwd+hPcMLR0TDnubAr0weUa28
01q5zDZs5Z02J8BklDF3oTLYvXLioc/+WYjFSBvZR/bEliIPJ4FqknO4NOe6YCDM
GQt+hZ+4l6n/wXp2uSIhFhLmqKTSHQtoGKv5tGjb9kwtnwIeKrnPjNfHwVF9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/4qv2KAqTu2+YfHYimFG6bHfdfQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxMDAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYs
MA0GCSqGSIb3DQEBCwUAA4IBAQCIBaSbR3qGBZv65oI+asax2vZi9LeP5Mfigsfw
a2/Q87l0NmRPzyvkRfLdXKQB3ecEBNQKDFU8FX2/Ke5lIazpuQArsZ9FfcEwdBqP
fnUke0vt/Rl9NzqEqIjbojuU03WAwNgqbVOB9beyiUfEWVlHIQ54B77DWeaq4OaD
lYbZ1FC7wiEAAZUISKzOMB5LQOQgpQ6nA46iVZ7AbPQJ9P9AEjnQY9o2C0+9bJMF
auapk5lHdYD5tv7F2agYRdxO2rnHr3CJXYAZpqwSnqB0GKDTGtPZkyiMUxfjmZ6X
+FESGbfU3Pn0pYoMg3AASFmLVRV5NXeTnQyTfLKY03KAWHoj
-----END CERTIFICATE-----