Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          vgBtgB3fcCRVv8D3MUgpavmnduToLO/S/MLPcOR1Ges=
Subject key identifier:   87:D6:81:3B:E7:70:6F:61:CF:E3:0A:6F:77:E3:08:58:B3:FD:33:26
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       57E0A74B0815AFA17F59FB497D6B56A1E7406820
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa
Signing time:             Mon 27 Jan 2025 14:12:33 +0000
ROA not before:           Mon 27 Jan 2025 14:07:33 +0000
ROA not after:            Mon 26 Jan 2026 14:12:33 +0000
asID:                     400810
IP address blocks:        82.27.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:e0:a7:4b:08:15:af:a1:7f:59:fb:49:7d:6b:56:a1:e7:40:68:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 27 14:07:33 2025 GMT
            Not After : Jan 26 14:12:33 2026 GMT
        Subject: CN=87D6813BE7706F61CFE30A6F77E30858B3FD3326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:eb:c2:1e:5b:a5:8a:e4:a0:00:02:65:dd:f3:
                    92:78:65:42:9d:f6:0e:26:44:7f:ef:cf:62:56:3e:
                    49:c3:ce:c4:da:e7:71:6c:b9:25:f6:a8:37:e8:b0:
                    8c:a4:93:04:bf:9d:ec:03:8d:4b:f8:7c:32:9b:a1:
                    a1:b9:b4:ed:75:f8:95:4d:b3:d6:16:6f:8f:98:10:
                    16:97:29:d1:a1:21:e9:64:f8:0d:27:96:ea:63:96:
                    4f:d9:50:3b:4e:72:76:12:7a:76:ea:21:30:b6:18:
                    ff:a2:fe:34:8a:ec:a7:ea:6a:36:72:f2:c8:63:ca:
                    27:09:d3:b1:fc:cd:5a:5c:9b:42:bc:2e:24:29:d1:
                    24:8a:0a:ea:79:72:d7:d5:cc:39:c9:57:96:56:9f:
                    4c:05:f5:15:fa:a0:a1:eb:57:11:78:4b:0c:8f:06:
                    50:f4:87:71:b1:4d:c6:0a:04:d9:a5:61:33:57:db:
                    59:69:75:69:1d:bf:fd:99:db:61:61:b2:6d:db:98:
                    21:3c:55:34:13:db:5b:9a:7a:d6:2b:da:1c:3b:c4:
                    1a:fa:d0:13:24:18:3a:53:b4:78:7e:9f:da:b7:5c:
                    6f:56:87:1e:c7:51:4b:f8:15:7a:98:a2:95:8d:82:
                    4c:13:8b:e1:7c:d2:23:67:8b:30:9f:53:73:41:30:
                    2d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D6:81:3B:E7:70:6F:61:CF:E3:0A:6F:77:E3:08:58:B3:FD:33:26
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:27:fb:2f:96:01:37:6d:2e:ef:59:21:6d:2d:57:9b:5e:47:
         b0:5f:28:59:2c:f8:3d:51:6f:1c:f6:f9:c6:4e:8e:59:91:e9:
         10:9c:38:42:b9:87:9b:65:85:46:46:3a:31:cb:30:9d:eb:65:
         13:42:3d:cf:f5:d6:93:17:52:69:9d:3a:41:bd:81:c5:41:66:
         6d:37:31:64:40:79:31:a8:51:d2:77:db:0a:12:02:39:d3:9c:
         a5:3c:c6:7a:77:ff:d6:8e:65:09:df:21:b6:25:4a:43:cb:81:
         cd:31:09:83:f3:89:d5:05:39:99:1e:33:9d:4b:17:ac:0b:15:
         a8:6f:e9:e3:5b:c4:cd:a3:e3:66:e1:fc:23:26:b9:c5:a7:3e:
         15:50:02:5c:ac:bd:4c:f6:d6:c2:b5:bd:2d:ee:3f:31:e2:e0:
         40:a0:e4:90:1e:01:53:ea:3a:55:cd:e2:ba:bd:74:3f:7c:7f:
         bc:4b:e1:f3:40:6e:3a:87:c5:64:43:ea:b4:31:ad:10:5d:3a:
         e2:b6:93:63:1a:8d:39:e2:c5:b7:0e:b1:df:d1:ba:e5:aa:0e:
         a0:92:88:7a:fc:68:d7:ba:03:3c:1e:86:b0:a5:52:b7:83:08:
         d4:5a:51:f5:90:ea:c1:3f:92:36:09:6a:25:99:7e:fa:b6:c9:
         43:fa:55:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV+CnSwgVr6F/WftJfWtWoedAaCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjcxNDA3MzNaFw0yNjAxMjYxNDEyMzNaMDMxMTAvBgNV
BAMTKDg3RDY4MTNCRTc3MDZGNjFDRkUzMEE2Rjc3RTMwODU4QjNGRDMzMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu68IeW6WK5KAAAmXd85J4ZUKd
9g4mRH/vz2JWPknDzsTa53FsuSX2qDfosIykkwS/newDjUv4fDKboaG5tO11+JVN
s9YWb4+YEBaXKdGhIelk+A0nlupjlk/ZUDtOcnYSenbqITC2GP+i/jSK7KfqajZy
8shjyicJ07H8zVpcm0K8LiQp0SSKCup5ctfVzDnJV5ZWn0wF9RX6oKHrVxF4SwyP
BlD0h3GxTcYKBNmlYTNX21lpdWkdv/2Z22Fhsm3bmCE8VTQT21uaetYr2hw7xBr6
0BMkGDpTtHh+n9q3XG9Whx7HUUv4FXqYopWNgkwTi+F80iNnizCfU3NBMC17AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUh9aBO+dwb2HP4wpvd+MIWLP9MyYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhsD
MA0GCSqGSIb3DQEBCwUAA4IBAQAHJ/svlgE3bS7vWSFtLVebXkewXyhZLPg9UW8c
9vnGTo5ZkekQnDhCuYebZYVGRjoxyzCd62UTQj3P9daTF1JpnTpBvYHFQWZtNzFk
QHkxqFHSd9sKEgI505ylPMZ6d//WjmUJ3yG2JUpDy4HNMQmD84nVBTmZHjOdSxes
CxWob+njW8TNo+Nm4fwjJrnFpz4VUAJcrL1M9tbCtb0t7j8x4uBAoOSQHgFT6jpV
zeK6vXQ/fH+8S+HzQG46h8VkQ+q0Ma0QXTritpNjGo054sW3DrHf0brlqg6gkoh6
/GjXugM8HoawpVK3gwjUWlH1kOrBP5I2CWolmX76tslD+lXd
-----END CERTIFICATE-----