Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216022.roa
File:                     AS216022.roa (raw, json)
Hash identifier:          +iYFl09yh/phrbqGpqFgV5E5ABzQNK8YuaEFf8xZFRA=
Subject key identifier:   8D:94:00:AF:76:8F:A7:09:0D:B2:5F:2C:A6:40:8B:2D:04:B5:6F:E8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       799905079B26674F8F34FE39D575BAE1F308F823
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216022.roa
Signing time:             Fri 28 Mar 2025 14:33:28 +0000
ROA not before:           Fri 28 Mar 2025 14:28:28 +0000
ROA not after:            Fri 27 Mar 2026 14:33:28 +0000
asID:                     216022
IP address blocks:        45.158.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:99:05:07:9b:26:67:4f:8f:34:fe:39:d5:75:ba:e1:f3:08:f8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 28 14:28:28 2025 GMT
            Not After : Mar 27 14:33:28 2026 GMT
        Subject: CN=8D9400AF768FA7090DB25F2CA6408B2D04B56FE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2d:b8:13:26:7e:78:97:a0:71:1d:3c:c4:25:
                    1c:dc:b9:62:c7:10:95:21:71:9c:66:34:af:b5:02:
                    90:7f:32:28:ee:7c:6a:33:4e:5b:19:46:49:37:91:
                    b1:dd:3c:7e:9b:bd:73:ce:95:73:b2:3a:68:c7:f7:
                    80:c0:5c:91:8c:b6:18:78:0f:04:38:35:5d:4f:d5:
                    75:0f:f5:97:64:57:3c:a5:68:a2:cf:ec:ce:cc:88:
                    2b:db:c1:67:51:f9:c5:4c:b6:d6:fc:c1:88:13:56:
                    af:9b:f6:58:35:11:4e:c8:80:f9:6b:c1:09:85:60:
                    38:04:29:d1:ef:60:3a:8f:c4:10:e5:42:ae:30:82:
                    0a:db:c1:3c:98:ed:c0:9a:0f:22:a5:04:e0:2c:87:
                    ed:53:3a:1b:ab:f7:96:90:e2:1d:3e:22:b7:4a:2e:
                    47:69:9c:53:d6:35:2d:d6:f4:8c:e7:43:3b:bf:a9:
                    76:bc:23:3a:d5:46:06:32:37:43:e5:d4:6b:b3:5e:
                    b6:8a:d0:ae:88:1a:f3:40:36:50:72:68:99:a6:39:
                    cf:a6:1f:20:06:eb:b2:c7:c4:7f:a7:fc:19:03:3d:
                    fb:1e:0b:53:98:8a:de:75:18:01:b4:08:59:d5:5c:
                    5e:d8:d6:f5:fe:82:15:37:97:78:b5:df:c2:53:4d:
                    3e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:94:00:AF:76:8F:A7:09:0D:B2:5F:2C:A6:40:8B:2D:04:B5:6F:E8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:16:18:b7:e6:be:11:13:85:dc:cf:75:9b:2e:8e:18:bb:26:
         6e:86:c7:de:e3:23:46:53:09:df:95:3a:f2:25:a7:b6:17:d6:
         34:8c:7a:bb:8d:53:bb:20:5e:d7:e2:87:5a:9e:3e:d9:62:52:
         c8:ce:1a:f9:ec:2a:59:1d:3a:1f:a8:08:be:9c:b3:97:c4:67:
         16:7f:67:c0:50:ec:4c:6e:f3:10:d9:aa:a8:cd:a5:9d:6d:be:
         5d:f2:2b:e2:52:a4:0c:7a:e9:06:f7:26:ea:69:4e:f4:bd:17:
         09:64:01:5f:c2:f2:37:90:3a:36:a0:1e:f4:9e:d2:12:57:49:
         a3:51:d1:da:fa:94:29:90:cb:f4:12:f1:5d:26:a8:f2:92:4d:
         61:81:18:7c:45:b7:14:85:d0:0b:0b:ce:57:c5:19:9d:b9:64:
         1b:27:ae:a7:5a:74:e2:28:29:b3:3e:06:9e:9c:6e:9e:68:6f:
         2b:3f:a6:16:0a:2d:11:8e:fb:e4:5c:d0:9e:6d:05:4a:7d:83:
         7e:f2:50:b0:a0:83:9e:20:37:1f:fe:12:a0:a1:bc:99:a8:19:
         5b:ed:e3:64:6d:70:e1:b5:d3:f3:d7:9a:70:70:f4:4f:41:b6:
         35:cd:69:39:46:7d:17:e5:19:9c:1a:4d:ce:5f:ea:e5:7e:2d:
         bb:10:ff:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeZkFB5smZ0+PNP451XW64fMI+CMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMjgxNDI4MjhaFw0yNjAzMjcxNDMzMjhaMDMxMTAvBgNV
BAMTKDhEOTQwMEFGNzY4RkE3MDkwREIyNUYyQ0E2NDA4QjJEMDRCNTZGRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJLbgTJn54l6BxHTzEJRzcuWLH
EJUhcZxmNK+1ApB/MijufGozTlsZRkk3kbHdPH6bvXPOlXOyOmjH94DAXJGMthh4
DwQ4NV1P1XUP9ZdkVzylaKLP7M7MiCvbwWdR+cVMttb8wYgTVq+b9lg1EU7IgPlr
wQmFYDgEKdHvYDqPxBDlQq4wggrbwTyY7cCaDyKlBOAsh+1TOhur95aQ4h0+IrdK
LkdpnFPWNS3W9IznQzu/qXa8IzrVRgYyN0Pl1GuzXraK0K6IGvNANlByaJmmOc+m
HyAG67LHxH+n/BkDPfseC1OYit51GAG0CFnVXF7Y1vX+ghU3l3i138JTTT7vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjZQAr3aPpwkNsl8spkCLLQS1b+gwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ6o
MA0GCSqGSIb3DQEBCwUAA4IBAQAIFhi35r4RE4Xcz3WbLo4YuyZuhsfe4yNGUwnf
lTryJae2F9Y0jHq7jVO7IF7X4odanj7ZYlLIzhr57CpZHTofqAi+nLOXxGcWf2fA
UOxMbvMQ2aqozaWdbb5d8iviUqQMeukG9ybqaU70vRcJZAFfwvI3kDo2oB70ntIS
V0mjUdHa+pQpkMv0EvFdJqjykk1hgRh8RbcUhdALC85XxRmduWQbJ66nWnTiKCmz
PgaenG6eaG8rP6YWCi0RjvvkXNCebQVKfYN+8lCwoIOeIDcf/hKgobyZqBlb7eNk
bXDhtdPz15pwcPRPQbY1zWk5Rn0X5RmcGk3OX+rlfi27EP+t
-----END CERTIFICATE-----