Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212793.roa
File:                     AS212793.roa (raw, json)
Hash identifier:          2B7nvWyxWuqZAlvMaWZ3a8dNhGDT7OyYZALUGCbBot0=
Subject key identifier:   A5:47:01:0B:AF:55:7A:4D:BC:92:3A:16:B0:E4:8A:96:7A:EA:A5:C7
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       550CF3F3228C22F806A2C433AD9B4D984EF7BF67
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212793.roa
Signing time:             Mon 22 Jan 2024 02:45:51 +0000
ROA not before:           Mon 22 Jan 2024 02:40:51 +0000
ROA not after:            Mon 20 Jan 2025 02:45:51 +0000
asID:                     212793
IP address blocks:        45.154.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:0c:f3:f3:22:8c:22:f8:06:a2:c4:33:ad:9b:4d:98:4e:f7:bf:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 22 02:40:51 2024 GMT
            Not After : Jan 20 02:45:51 2025 GMT
        Subject: CN=A547010BAF557A4DBC923A16B0E48A967AEAA5C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:68:d3:27:d8:97:91:27:cc:56:11:b6:f2:a8:
                    aa:ab:a6:4b:51:6e:df:8b:a0:a5:b6:22:38:b0:a2:
                    7f:c0:90:4c:e5:da:8e:88:42:f4:65:2b:18:38:23:
                    c8:17:59:1a:c0:bc:ff:75:55:d9:65:12:4c:e7:f3:
                    f8:b7:fe:06:ee:8e:36:64:52:c5:0c:d9:38:e3:7a:
                    4b:04:20:0f:cb:9f:16:8f:79:ef:a9:7c:d5:6c:a8:
                    eb:05:e7:9c:35:ad:8b:4d:f3:13:37:f5:59:e5:f0:
                    47:a0:a8:3f:b7:0d:4d:11:79:b4:a0:aa:0a:ba:87:
                    01:ea:81:84:72:c6:10:55:39:bd:c3:c8:10:92:f3:
                    b8:17:62:66:e5:e6:de:40:71:57:1c:40:7e:18:74:
                    f9:46:af:88:21:9c:55:d0:52:5c:53:00:81:e6:72:
                    cc:36:14:fc:da:ab:f1:79:57:dd:e9:ff:08:c1:4f:
                    81:bd:12:5f:70:fa:6d:f4:0a:f8:6a:f6:ab:c2:93:
                    c9:09:46:19:c2:9e:28:f6:cb:61:eb:11:c1:17:f5:
                    b7:08:b2:d7:02:21:31:68:22:62:97:81:d7:cb:54:
                    7d:23:b5:2a:ac:33:91:b6:8a:d4:d2:80:16:71:a3:
                    47:86:42:cb:c5:ae:4e:05:40:f1:65:06:f9:3e:e1:
                    f2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:47:01:0B:AF:55:7A:4D:BC:92:3A:16:B0:E4:8A:96:7A:EA:A5:C7
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212793.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:df:d1:2e:be:0a:93:88:ec:d9:9a:97:c7:f5:c4:69:08:36:
         48:b0:2f:ca:cf:51:d0:a6:a8:9d:88:30:b6:1c:33:13:2c:1b:
         e8:30:34:e7:f1:0a:69:dc:85:50:c3:d0:f4:f5:a0:af:3c:2c:
         4c:bb:8c:b3:1e:02:c4:83:99:04:fd:91:6d:ad:5f:59:6c:f6:
         17:87:08:05:70:d0:52:55:7a:c6:da:fb:58:a9:d0:55:07:ad:
         74:f6:63:93:90:be:b6:a5:62:d2:6f:60:e1:11:a1:aa:39:49:
         41:6f:3e:c4:87:ce:2f:ab:3c:23:0f:ed:c8:af:6b:20:48:d2:
         17:7e:64:33:9e:a8:a3:05:be:7d:40:56:91:fa:38:85:d0:02:
         20:4c:cc:7c:22:71:67:0c:b4:50:c9:b0:7f:c9:a1:7c:a5:3f:
         f0:92:7c:be:54:01:d9:b9:a8:6c:1f:41:d1:09:87:bc:46:82:
         68:73:31:58:0f:44:63:fc:73:50:67:39:ab:0b:12:2b:8e:75:
         e6:c4:e3:7a:ca:35:82:89:f3:16:94:bc:40:73:9e:31:cc:ec:
         63:8c:38:d3:aa:3d:d0:a0:70:7c:1e:d1:9f:e7:c8:2d:bc:3e:
         04:fc:ce:80:cd:a0:60:1d:dc:b3:31:20:70:6b:35:ec:06:06:
         d7:f5:21:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVQzz8yKMIvgGosQzrZtNmE73v2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjIwMjQwNTFaFw0yNTAxMjAwMjQ1NTFaMDMxMTAvBgNV
BAMTKEE1NDcwMTBCQUY1NTdBNERCQzkyM0ExNkIwRTQ4QTk2N0FFQUE1QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtaNMn2JeRJ8xWEbbyqKqrpktR
bt+LoKW2Ijiwon/AkEzl2o6IQvRlKxg4I8gXWRrAvP91VdllEkzn8/i3/gbujjZk
UsUM2TjjeksEIA/LnxaPee+pfNVsqOsF55w1rYtN8xM39Vnl8EegqD+3DU0RebSg
qgq6hwHqgYRyxhBVOb3DyBCS87gXYmbl5t5AcVccQH4YdPlGr4ghnFXQUlxTAIHm
csw2FPzaq/F5V93p/wjBT4G9El9w+m30Cvhq9qvCk8kJRhnCnij2y2HrEcEX9bcI
stcCITFoImKXgdfLVH0jtSqsM5G2itTSgBZxo0eGQsvFrk4FQPFlBvk+4fLNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpUcBC69Vek28kjoWsOSKlnrqpccwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEyNzkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpo
MA0GCSqGSIb3DQEBCwUAA4IBAQBT39EuvgqTiOzZmpfH9cRpCDZIsC/Kz1HQpqid
iDC2HDMTLBvoMDTn8Qpp3IVQw9D09aCvPCxMu4yzHgLEg5kE/ZFtrV9ZbPYXhwgF
cNBSVXrG2vtYqdBVB6109mOTkL62pWLSb2DhEaGqOUlBbz7Eh84vqzwjD+3Ir2sg
SNIXfmQznqijBb59QFaR+jiF0AIgTMx8InFnDLRQybB/yaF8pT/wkny+VAHZuahs
H0HRCYe8RoJoczFYD0Rj/HNQZzmrCxIrjnXmxON6yjWCifMWlLxAc54xzOxjjDjT
qj3QoHB8HtGf58gtvD4E/M6AzaBgHdyzMSBwazXsBgbX9SGS
-----END CERTIFICATE-----