Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199737.roa
File:                     AS199737.roa (raw, json)
Hash identifier:          Yc/ZsJ3ztvo1o6R4KQ3xDbN+figDOGjuagKRu2qynPw=
Subject key identifier:   C0:FB:CF:78:65:21:02:BD:A2:85:76:BB:8B:53:D7:48:7B:0A:20:36
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0C93ED0F527B1A278111E4549103C7AC3FFB1C7D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199737.roa
Signing time:             Fri 26 Jul 2024 16:05:19 +0000
ROA not before:           Fri 26 Jul 2024 16:00:19 +0000
ROA not after:            Fri 25 Jul 2025 16:05:19 +0000
asID:                     199737
IP address blocks:        45.154.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:93:ed:0f:52:7b:1a:27:81:11:e4:54:91:03:c7:ac:3f:fb:1c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 26 16:00:19 2024 GMT
            Not After : Jul 25 16:05:19 2025 GMT
        Subject: CN=C0FBCF78652102BDA28576BB8B53D7487B0A2036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9b:af:bb:ae:6d:b7:25:69:d1:52:8a:19:eb:
                    49:60:fb:60:a9:79:34:c6:2a:96:2b:f0:30:ca:48:
                    11:69:c9:a0:8c:97:53:99:7e:ca:11:c4:0a:5a:b2:
                    94:9e:17:87:4d:69:64:7d:04:35:da:39:32:d9:d4:
                    42:5a:ac:31:f2:ec:67:b3:1a:f5:d7:bc:4b:8e:03:
                    2d:74:3b:25:93:a1:10:8b:2c:16:f1:86:3c:6a:47:
                    dd:46:ef:0a:74:69:7b:3b:89:74:f8:da:5e:b3:c8:
                    06:a3:72:2d:09:a2:8d:ef:06:49:b2:1c:71:07:8c:
                    90:9e:1c:44:97:5a:66:d7:ce:4f:21:5f:7e:fd:02:
                    ea:29:99:4a:10:c2:ef:ad:54:fc:6c:84:bd:e5:59:
                    06:73:10:5f:13:f7:9f:1e:a5:f8:e6:ff:58:b2:1c:
                    a0:4e:fd:1c:39:01:c7:ef:a7:33:d2:e0:e1:8d:36:
                    ce:cf:f7:c6:a9:d9:a7:16:63:9d:5c:36:bb:92:8e:
                    f2:10:0e:a2:89:4c:30:f9:c6:3d:8d:e7:67:39:31:
                    73:21:16:3d:17:a2:89:d6:9b:21:a9:0c:90:f1:84:
                    c0:16:85:96:35:8e:bf:43:36:fa:f9:35:49:e1:3c:
                    a9:c5:f2:a5:a4:56:d8:48:c6:4a:28:e1:33:ce:2d:
                    b0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FB:CF:78:65:21:02:BD:A2:85:76:BB:8B:53:D7:48:7B:0A:20:36
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e0:30:54:e3:00:1d:d1:47:8d:b8:8e:c9:32:96:0e:fb:8f:
         db:71:e9:82:65:0e:98:39:21:68:81:5d:3f:91:90:bd:a5:08:
         35:24:c7:05:de:ea:eb:6a:f8:ca:ff:ec:d6:39:b2:63:c5:7e:
         0e:2a:19:d0:18:63:e7:a0:87:53:41:c4:a1:95:00:2b:b8:fb:
         97:0b:d5:f3:a1:20:eb:c3:6e:d5:35:ac:96:24:67:61:6e:8a:
         06:6d:cf:ed:4b:0d:0d:93:61:45:2d:88:1c:93:62:ed:93:ef:
         52:67:2f:4a:41:a0:79:59:a4:88:c7:3e:7b:15:06:1d:45:e0:
         fd:70:a1:c6:0f:39:a5:52:e4:e6:58:18:88:80:7f:3f:d7:76:
         85:21:36:df:fa:38:63:ff:6b:d3:6e:5c:81:ee:4f:de:73:5f:
         04:bc:fc:d5:49:96:b1:b8:32:f2:95:2e:a6:19:b9:4c:dd:39:
         56:51:0c:cd:4f:37:9a:c9:b5:ad:95:1c:31:eb:aa:7c:01:0f:
         02:ec:7a:37:8e:c7:de:38:c8:0c:00:92:10:5b:41:d5:e3:1f:
         a8:41:52:e3:58:7a:fe:77:0e:51:7e:b2:f0:86:ca:83:bf:a3:
         cb:3c:d2:10:4c:c8:f3:a2:94:a0:c9:95:82:32:ca:82:ac:4e:
         d2:66:8f:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDJPtD1J7GieBEeRUkQPHrD/7HH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA3MjYxNjAwMTlaFw0yNTA3MjUxNjA1MTlaMDMxMTAvBgNV
BAMTKEMwRkJDRjc4NjUyMTAyQkRBMjg1NzZCQjhCNTNENzQ4N0IwQTIwMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGm6+7rm23JWnRUooZ60lg+2Cp
eTTGKpYr8DDKSBFpyaCMl1OZfsoRxApaspSeF4dNaWR9BDXaOTLZ1EJarDHy7Gez
GvXXvEuOAy10OyWToRCLLBbxhjxqR91G7wp0aXs7iXT42l6zyAajci0Joo3vBkmy
HHEHjJCeHESXWmbXzk8hX379AuopmUoQwu+tVPxshL3lWQZzEF8T958epfjm/1iy
HKBO/Rw5AcfvpzPS4OGNNs7P98ap2acWY51cNruSjvIQDqKJTDD5xj2N52c5MXMh
Fj0XoonWmyGpDJDxhMAWhZY1jr9DNvr5NUnhPKnF8qWkVthIxkoo4TPOLbB9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwPvPeGUhAr2ihXa7i1PXSHsKIDYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTk5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpr
MA0GCSqGSIb3DQEBCwUAA4IBAQCI4DBU4wAd0UeNuI7JMpYO+4/bcemCZQ6YOSFo
gV0/kZC9pQg1JMcF3urravjK/+zWObJjxX4OKhnQGGPnoIdTQcShlQAruPuXC9Xz
oSDrw27VNayWJGdhbooGbc/tSw0Nk2FFLYgck2Ltk+9SZy9KQaB5WaSIxz57FQYd
ReD9cKHGDzmlUuTmWBiIgH8/13aFITbf+jhj/2vTblyB7k/ec18EvPzVSZaxuDLy
lS6mGblM3TlWUQzNTzeaybWtlRwx66p8AQ8C7Ho3jsfeOMgMAJIQW0HV4x+oQVLj
WHr+dw5RfrLwhsqDv6PLPNIQTMjzopSgyZWCMsqCrE7SZo97
-----END CERTIFICATE-----