Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          ON2BMss1RKJ85yul5l0rLJebbPEEbjAd8mD4kDQf3RY=
Subject key identifier:   32:1E:80:7E:F0:1B:69:1F:C4:06:88:AE:50:BD:6D:BA:7B:F0:E0:57
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       55729AA70E15BC81CBC370D476C9C91FD09EF571
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
Signing time:             Thu 09 Jan 2025 12:00:41 +0000
ROA not before:           Thu 09 Jan 2025 11:55:41 +0000
ROA not after:            Thu 08 Jan 2026 12:00:41 +0000
asID:                     400909
IP address blocks:        82.29.6.0/24 maxlen: 24
                          82.29.110.0/23 maxlen: 23
                          82.29.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:72:9a:a7:0e:15:bc:81:cb:c3:70:d4:76:c9:c9:1f:d0:9e:f5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan  9 11:55:41 2025 GMT
            Not After : Jan  8 12:00:41 2026 GMT
        Subject: CN=321E807EF01B691FC40688AE50BD6DBA7BF0E057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a7:8e:fb:c9:82:72:c5:b3:9b:e4:e6:0e:08:
                    1d:f3:b4:76:f5:5a:e6:4f:9f:01:27:b1:6f:77:62:
                    3c:55:39:b4:df:42:a7:be:dc:ef:d8:fe:02:45:77:
                    9b:f7:b2:43:75:1b:41:ac:95:00:5b:13:b5:65:78:
                    47:f6:2d:24:7e:46:49:5b:8c:13:44:f1:e1:8b:be:
                    e2:f9:5c:b6:70:3f:f1:2d:a4:6a:5f:f8:f4:50:7f:
                    de:cb:8d:da:ff:79:d7:81:d9:68:19:8a:76:e4:bd:
                    79:28:13:fb:f3:9c:a4:71:4f:c4:ba:a0:4a:45:4d:
                    e5:fe:f8:13:d0:ee:b6:bf:dd:15:ba:63:51:df:75:
                    7c:6c:8d:87:77:1e:e4:9b:5f:5a:46:c4:d9:de:84:
                    68:5c:6e:4a:52:c6:d2:0f:21:4d:5c:ab:e2:2c:79:
                    a0:00:75:f4:f5:ec:88:0e:d5:76:e6:c4:60:af:6a:
                    9e:ed:f8:2b:d1:61:10:f6:a7:63:12:58:46:ae:62:
                    fd:61:5d:62:74:e2:19:c9:60:aa:3b:bf:bd:3b:e9:
                    d1:10:16:67:c7:1e:9b:6d:5c:18:86:b9:01:f5:b5:
                    78:13:0f:7c:8f:95:10:11:20:35:40:9b:94:d7:02:
                    3f:3c:88:a2:5a:a5:47:62:4b:cf:98:00:ee:29:98:
                    e7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1E:80:7E:F0:1B:69:1F:C4:06:88:AE:50:BD:6D:BA:7B:F0:E0:57
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.6.0/24
                  82.29.110.0/23
                  82.29.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:26:22:bf:6a:15:d8:4f:97:41:6c:50:14:b6:77:34:4f:be:
         c2:e3:75:2e:fb:43:40:f4:d1:a9:97:e0:a7:1c:40:20:89:6b:
         c9:d5:f4:77:0e:9d:61:78:98:6e:d2:f2:51:a4:3b:8e:6c:de:
         ba:1a:a4:82:98:6a:ef:79:0a:f9:41:13:6a:73:2e:e5:64:97:
         6a:ff:5b:99:ee:5e:66:0e:cb:77:7e:20:f7:8d:62:c6:f4:d5:
         d0:37:4e:3c:7c:b9:c4:51:17:64:9c:14:74:0c:db:ee:08:4c:
         cd:eb:f7:de:1a:10:31:ef:6d:6c:b4:2c:22:b3:36:68:8e:01:
         d0:59:49:ba:24:7c:59:4a:67:df:e6:35:48:4c:74:c6:99:a2:
         17:c5:b8:7c:87:30:fc:35:a8:8a:5f:93:2d:f5:e4:83:fc:64:
         d2:0a:70:35:da:cf:41:08:ed:f4:75:de:a2:60:07:53:16:1c:
         0e:25:db:ad:39:18:0d:ae:cd:67:fb:97:ce:0d:0b:b6:b0:68:
         db:d4:ba:6a:af:a8:fe:ae:a8:91:df:e1:9d:07:0e:c7:c0:90:
         6e:a9:dd:87:03:fa:5d:1f:f4:60:73:54:41:71:1a:9d:3f:d2:
         ad:de:1d:7d:6b:3b:f7:9c:e7:c6:27:3b:57:10:73:42:ad:93:
         ec:d5:28:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUVXKapw4VvIHLw3DUdsnJH9Ce9XEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMDkxMTU1NDFaFw0yNjAxMDgxMjAwNDFaMDMxMTAvBgNV
BAMTKDMyMUU4MDdFRjAxQjY5MUZDNDA2ODhBRTUwQkQ2REJBN0JGMEUwNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0p477yYJyxbOb5OYOCB3ztHb1
WuZPnwEnsW93YjxVObTfQqe+3O/Y/gJFd5v3skN1G0GslQBbE7VleEf2LSR+Rklb
jBNE8eGLvuL5XLZwP/EtpGpf+PRQf97Ljdr/edeB2WgZinbkvXkoE/vznKRxT8S6
oEpFTeX++BPQ7ra/3RW6Y1HfdXxsjYd3HuSbX1pGxNnehGhcbkpSxtIPIU1cq+Is
eaAAdfT17IgO1XbmxGCvap7t+CvRYRD2p2MSWEauYv1hXWJ04hnJYKo7v7076dEQ
FmfHHpttXBiGuQH1tXgTD3yPlRARIDVAm5TXAj88iKJapUdiS8+YAO4pmOf1AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUMh6AfvAbaR/EBoiuUL1tunvw4FcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUh0G
AwQBUh1uAwQBUh12MA0GCSqGSIb3DQEBCwUAA4IBAQATJiK/ahXYT5dBbFAUtnc0
T77C43Uu+0NA9NGpl+CnHEAgiWvJ1fR3Dp1heJhu0vJRpDuObN66GqSCmGrveQr5
QRNqcy7lZJdq/1uZ7l5mDst3fiD3jWLG9NXQN048fLnEURdknBR0DNvuCEzN6/fe
GhAx721stCwiszZojgHQWUm6JHxZSmff5jVITHTGmaIXxbh8hzD8NaiKX5Mt9eSD
/GTSCnA12s9BCO30dd6iYAdTFhwOJdutORgNrs1n+5fODQu2sGjb1Lpqr6j+rqiR
3+GdBw7HwJBuqd2HA/pdH/Rgc1RBcRqdP9Kt3h19azv3nOfGJztXEHNCrZPs1Sit
-----END CERTIFICATE-----