Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7393.roa
File:                     AS7393.roa (raw, json)
Hash identifier:          WOnNTR5m61hApkRva0Gh2N1OD/Ijupo6YzKN0zSCLBA=
Subject key identifier:   76:30:BE:1E:9C:6A:61:91:AB:71:ED:EA:AB:B2:E2:5C:EC:72:86:70
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2AFBB4AFAF9A8231531476AB1F78222228B9DAC0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7393.roa
Signing time:             Mon 15 Apr 2024 15:05:16 +0000
ROA not before:           Mon 15 Apr 2024 15:00:16 +0000
ROA not after:            Mon 14 Apr 2025 15:05:16 +0000
asID:                     7393
IP address blocks:        185.158.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:fb:b4:af:af:9a:82:31:53:14:76:ab:1f:78:22:22:28:b9:da:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 15 15:00:16 2024 GMT
            Not After : Apr 14 15:05:16 2025 GMT
        Subject: CN=7630BE1E9C6A6191AB71EDEAABB2E25CEC728670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:e3:af:6f:01:70:4d:55:10:b1:1a:86:aa:
                    81:c5:a4:72:d5:e6:e8:e6:64:bb:99:b3:e3:ba:1b:
                    b1:37:72:f8:b2:17:4a:8e:7a:ff:89:52:97:49:86:
                    68:0d:2e:20:cd:da:73:cd:d7:48:91:11:9d:01:f4:
                    68:02:08:a9:90:9a:ce:65:5a:bf:e7:e1:c8:90:09:
                    60:96:83:a9:8e:fb:67:4e:33:9d:a8:79:4c:ef:a7:
                    c4:b8:ed:e2:1f:65:96:95:4c:22:12:78:a8:27:10:
                    fe:0c:6f:68:2a:03:a3:16:54:6f:2c:c3:88:85:52:
                    5f:f7:c6:a9:c5:0d:ec:a8:65:6b:93:50:09:e7:d9:
                    12:b0:08:5f:44:59:42:23:13:44:aa:f5:4e:db:65:
                    48:5f:ae:74:d3:0f:d1:86:30:f7:76:c5:20:2b:52:
                    e3:36:60:cf:54:18:5a:37:57:6c:be:b0:a1:f2:44:
                    66:83:4a:eb:6d:9c:21:b3:2e:71:ea:e8:24:e5:96:
                    ea:fc:77:95:bf:c4:5d:64:1e:17:70:1b:a0:4d:ef:
                    98:65:9f:83:7c:5d:3d:93:1a:23:c6:ed:7b:2e:0f:
                    73:ae:e2:7c:6d:42:85:1a:0d:a6:af:5c:2f:b7:4f:
                    0c:c9:19:8d:70:8b:03:4b:43:96:2b:32:5c:d7:c0:
                    6e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:30:BE:1E:9C:6A:61:91:AB:71:ED:EA:AB:B2:E2:5C:EC:72:86:70
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7393.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ff:21:30:c9:3a:cb:91:27:05:7f:bf:11:fb:81:18:b8:33:
         b6:c3:e7:96:03:c6:24:cf:52:23:e7:f1:34:cd:c7:8e:92:79:
         4d:05:94:2d:4e:eb:f9:2d:f5:67:02:c2:ee:7b:6d:51:bb:cc:
         2d:4f:43:ae:a0:8f:72:5d:33:b3:31:f4:b4:ab:73:43:37:32:
         66:90:22:64:cb:12:4a:35:29:40:27:30:61:6f:9a:8d:ef:27:
         ca:a5:39:c0:93:51:90:ff:e3:de:6e:ab:43:18:23:83:e2:74:
         66:ce:72:a8:f1:1b:fc:34:6f:e1:0e:8a:a6:e9:ef:61:f5:ed:
         f6:97:da:ff:e1:06:b8:3b:96:fa:24:bc:21:61:ab:7a:34:29:
         e5:22:85:24:ef:d1:c8:14:43:6b:c2:e5:52:bc:f8:6a:1f:36:
         3e:67:cc:3d:5f:85:dc:31:86:f7:7e:4e:77:d9:e1:1f:cc:01:
         37:d6:3f:2b:7c:f9:9f:6e:77:6a:0a:35:62:49:5e:12:f3:95:
         29:aa:1e:c2:b8:4f:23:e2:b1:7c:f3:69:aa:0e:71:84:24:d8:
         aa:de:c8:7c:aa:88:f7:5c:bf:46:a4:b1:8a:fe:f5:2a:bd:f8:
         bb:f2:06:1c:0e:33:c6:7d:95:aa:c2:d7:97:88:e1:31:10:ce:
         12:e6:a1:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUKvu0r6+agjFTFHarH3giIii52sAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTUxNTAwMTZaFw0yNTA0MTQxNTA1MTZaMDMxMTAvBgNV
BAMTKDc2MzBCRTFFOUM2QTYxOTFBQjcxRURFQUFCQjJFMjVDRUM3Mjg2NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfZuOvbwFwTVUQsRqGqoHFpHLV
5ujmZLuZs+O6G7E3cviyF0qOev+JUpdJhmgNLiDN2nPN10iREZ0B9GgCCKmQms5l
Wr/n4ciQCWCWg6mO+2dOM52oeUzvp8S47eIfZZaVTCISeKgnEP4Mb2gqA6MWVG8s
w4iFUl/3xqnFDeyoZWuTUAnn2RKwCF9EWUIjE0Sq9U7bZUhfrnTTD9GGMPd2xSAr
UuM2YM9UGFo3V2y+sKHyRGaDSuttnCGzLnHq6CTllur8d5W/xF1kHhdwG6BN75hl
n4N8XT2TGiPG7XsuD3Ou4nxtQoUaDaavXC+3TwzJGY1wiwNLQ5YrMlzXwG5zAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUdjC+HpxqYZGrce3qq7LiXOxyhnAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNzM5My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmelzAN
BgkqhkiG9w0BAQsFAAOCAQEAoP8hMMk6y5EnBX+/EfuBGLgztsPnlgPGJM9SI+fx
NM3HjpJ5TQWULU7r+S31ZwLC7nttUbvMLU9DrqCPcl0zszH0tKtzQzcyZpAiZMsS
SjUpQCcwYW+aje8nyqU5wJNRkP/j3m6rQxgjg+J0Zs5yqPEb/DRv4Q6KpunvYfXt
9pfa/+EGuDuW+iS8IWGrejQp5SKFJO/RyBRDa8LlUrz4ah82PmfMPV+F3DGG935O
d9nhH8wBN9Y/K3z5n253ago1YkleEvOVKaoewrhPI+KxfPNpqg5xhCTYqt7IfKqI
91y/RqSxiv71Kr34u/IGHA4zxn2VqsLXl4jhMRDOEuahag==
-----END CERTIFICATE-----