Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          GfS1Fb8tkOVG8s7WmrGjpovFfwJG6X846BZufzIJtfo=
Subject key identifier:   DB:C1:C2:D0:E1:E7:26:BE:57:1D:F8:82:DC:4A:F9:80:7B:EA:C3:D6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7497757B1DA5E764D3FB8FD4D569422CEBBBD3D8
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
Signing time:             Thu 14 Mar 2024 07:58:23 +0000
ROA not before:           Thu 14 Mar 2024 07:53:23 +0000
ROA not after:            Thu 13 Mar 2025 07:58:23 +0000
asID:                     138195
IP address blocks:        45.158.168.0/24 maxlen: 24
                          45.158.169.0/24 maxlen: 24
                          193.142.6.0/24 maxlen: 24
                          193.176.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:97:75:7b:1d:a5:e7:64:d3:fb:8f:d4:d5:69:42:2c:eb:bb:d3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 14 07:53:23 2024 GMT
            Not After : Mar 13 07:58:23 2025 GMT
        Subject: CN=DBC1C2D0E1E726BE571DF882DC4AF9807BEAC3D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:28:da:ed:1e:00:48:6e:03:62:cc:71:df:3e:
                    32:26:8a:c6:33:71:4b:ba:10:67:6c:63:e3:97:7b:
                    3d:3f:92:92:4d:77:66:8b:c1:1d:cc:ac:d4:c5:0b:
                    ec:a3:dd:5d:d1:ac:4a:18:fe:9b:e4:a1:4c:9c:d0:
                    cb:61:66:26:4c:24:c1:74:79:0d:ed:43:4f:56:84:
                    89:8a:80:97:00:68:01:45:16:fd:12:55:b3:49:ff:
                    23:23:17:c9:02:22:69:41:98:5a:d3:03:26:1d:a7:
                    b4:9f:99:27:4f:30:74:d5:80:86:68:36:22:43:00:
                    a1:cd:cb:af:14:25:10:da:37:65:27:2f:1c:b1:a9:
                    15:6e:36:d9:5d:01:ce:3e:66:2c:13:2d:5b:f0:e5:
                    6e:61:fc:c3:16:52:d0:50:9b:ed:df:56:1b:3f:2b:
                    e4:f2:66:77:cf:32:8f:b4:e7:59:bd:9f:39:17:a7:
                    09:94:52:34:6b:90:0f:ef:bf:ac:b0:7b:5d:8d:3b:
                    2a:68:6a:1e:a8:a7:3f:1b:97:b7:f3:dc:26:87:34:
                    77:f5:93:b5:2b:74:70:21:09:c3:c0:9d:91:af:c5:
                    dc:e2:a9:9a:2c:68:e4:0b:eb:79:18:06:e7:29:b7:
                    53:a4:37:20:57:39:2e:9b:55:39:ae:80:44:e7:54:
                    c0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C1:C2:D0:E1:E7:26:BE:57:1D:F8:82:DC:4A:F9:80:7B:EA:C3:D6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.168.0/23
                  193.142.6.0/24
                  193.176.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:46:77:9c:4b:77:2b:96:02:4a:62:7d:db:17:90:78:a1:4b:
         c4:fd:1f:7c:30:39:56:5d:ec:ed:e9:2a:20:de:ca:86:8b:36:
         4a:ba:e3:f8:8e:d6:b7:61:a3:f8:34:d4:30:4c:d8:34:5a:43:
         03:3a:07:a4:12:e3:ca:5e:af:ca:8e:2b:91:64:12:06:6c:d6:
         af:bd:5b:f6:eb:1f:90:43:8b:2f:66:ec:01:f6:ba:d3:a0:9e:
         86:bd:bf:7b:85:9f:59:fd:5e:7c:e1:be:e4:e1:40:2b:1f:ea:
         a4:5e:35:a1:f0:c3:2d:ef:27:e6:86:69:fa:08:59:bc:ff:db:
         9f:d8:c4:a5:a6:51:f5:93:ab:9a:7a:7d:ea:1a:6d:57:4d:77:
         5a:2b:7d:ab:6e:83:48:78:99:be:d2:ec:cc:e2:bd:67:1d:c4:
         9d:e8:17:3f:22:0a:32:94:cf:5f:80:32:76:49:c5:8d:e2:f9:
         30:77:e1:c6:7b:f0:68:01:b8:40:16:b7:d2:2a:1d:11:81:f1:
         77:b3:58:df:d5:b2:be:32:95:d6:ad:b5:3b:6b:ea:64:99:2f:
         48:5b:34:74:06:31:37:f0:71:66:ed:18:92:37:83:63:c5:89:
         7c:05:83:14:8c:30:28:bb:c6:c6:f1:a9:2e:3e:73:81:09:4a:
         b3:08:7c:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdJd1ex2l52TT+4/U1WlCLOu709gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMTQwNzUzMjNaFw0yNTAzMTMwNzU4MjNaMDMxMTAvBgNV
BAMTKERCQzFDMkQwRTFFNzI2QkU1NzFERjg4MkRDNEFGOTgwN0JFQUMzRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwKNrtHgBIbgNizHHfPjImisYz
cUu6EGdsY+OXez0/kpJNd2aLwR3MrNTFC+yj3V3RrEoY/pvkoUyc0MthZiZMJMF0
eQ3tQ09WhImKgJcAaAFFFv0SVbNJ/yMjF8kCImlBmFrTAyYdp7SfmSdPMHTVgIZo
NiJDAKHNy68UJRDaN2UnLxyxqRVuNtldAc4+ZiwTLVvw5W5h/MMWUtBQm+3fVhs/
K+TyZnfPMo+051m9nzkXpwmUUjRrkA/vv6ywe12NOypoah6opz8bl7fz3CaHNHf1
k7UrdHAhCcPAnZGvxdziqZosaOQL63kYBucpt1OkNyBXOS6bVTmugETnVMAtAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU28HC0OHnJr5XHfiC3Er5gHvqw9YwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZ6o
AwQAwY4GAwQAwbA2MA0GCSqGSIb3DQEBCwUAA4IBAQAfRnecS3crlgJKYn3bF5B4
oUvE/R98MDlWXezt6Sog3sqGizZKuuP4jta3YaP4NNQwTNg0WkMDOgekEuPKXq/K
jiuRZBIGbNavvVv26x+QQ4svZuwB9rrToJ6Gvb97hZ9Z/V584b7k4UArH+qkXjWh
8MMt7yfmhmn6CFm8/9uf2MSlplH1k6uaen3qGm1XTXdaK32rboNIeJm+0uzM4r1n
HcSd6Bc/IgoylM9fgDJ2ScWN4vkwd+HGe/BoAbhAFrfSKh0RgfF3s1jf1bK+MpXW
rbU7a+pkmS9IWzR0BjE38HFm7RiSN4NjxYl8BYMUjDAou8bG8akuPnOBCUqzCHx2
-----END CERTIFICATE-----