Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
File:                     AS216183.roa (raw, json)
Hash identifier:          2VzFkHQEfRe1jV6WQeCfLdQWl2lOwkaRJawB3F/9zhA=
Subject key identifier:   DA:E2:82:04:6D:47:83:8D:78:EA:86:AB:74:6F:83:45:6D:38:94:54
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       461694650EF2F2DA48BD6DC788B0A79AB3853E6A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
Signing time:             Mon 18 Nov 2024 15:43:28 +0000
ROA not before:           Mon 18 Nov 2024 15:38:28 +0000
ROA not after:            Mon 17 Nov 2025 15:43:28 +0000
asID:                     216183
IP address blocks:        45.153.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:16:94:65:0e:f2:f2:da:48:bd:6d:c7:88:b0:a7:9a:b3:85:3e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 18 15:38:28 2024 GMT
            Not After : Nov 17 15:43:28 2025 GMT
        Subject: CN=DAE282046D47838D78EA86AB746F83456D389454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c6:36:3d:e4:2e:72:11:e2:e8:14:16:f0:7b:
                    8a:6c:24:3d:8d:1e:01:2e:93:1c:37:ea:42:89:31:
                    00:ad:22:1b:9c:24:eb:3c:c3:20:23:27:a6:6b:02:
                    be:31:e5:98:2f:77:13:44:6e:c3:1d:b1:f7:d4:f8:
                    1f:9a:6c:7a:ed:e8:75:49:e9:db:67:29:b6:8a:65:
                    6a:01:94:84:d4:8f:0f:be:04:59:16:6a:d6:96:0a:
                    63:51:63:94:22:7b:16:f9:8e:42:ed:5f:9a:e7:98:
                    95:92:63:30:a6:69:b0:4b:c8:ef:c8:8d:31:f9:2d:
                    e8:7f:a5:98:ea:cd:b7:93:92:99:d2:1b:5c:d4:c6:
                    03:0a:f9:b0:50:d9:31:05:50:1f:3b:c5:0f:d8:55:
                    7f:55:3d:52:b2:27:b4:3e:26:11:6e:5e:b8:51:f8:
                    fe:f0:d2:fe:82:27:e4:e8:77:80:d0:f0:f0:0f:60:
                    e1:d9:e7:70:17:d2:71:21:a1:11:ea:d6:27:4e:cb:
                    5c:c5:57:d6:ea:a4:76:86:3f:34:6d:73:4e:e8:99:
                    d6:90:4a:64:2c:6a:79:32:e5:33:e0:fe:f3:ab:ae:
                    e8:7f:25:cc:d1:cd:df:71:c6:b6:31:f1:77:76:d8:
                    eb:36:bd:f3:66:20:51:c3:41:17:e5:2d:85:30:a8:
                    2b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:E2:82:04:6D:47:83:8D:78:EA:86:AB:74:6F:83:45:6D:38:94:54
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e4:bf:97:59:af:dd:ba:b4:bc:2d:51:08:31:d7:42:84:99:
         21:1f:cc:ce:c0:3d:d7:2e:2f:0c:02:a4:4a:a6:d8:6b:1e:b4:
         07:52:e4:77:e7:97:6c:f8:48:1e:b6:65:df:db:c4:72:eb:95:
         a6:ee:7d:b8:ec:f7:8f:71:80:68:e9:99:b9:36:59:20:f3:d6:
         b8:a2:5c:23:ce:71:da:84:0e:16:21:a2:fd:59:68:82:d1:04:
         49:01:b3:6f:fb:01:9d:92:d7:18:10:1c:92:9f:3b:a7:51:c1:
         1d:f4:29:3f:7d:5d:71:1e:2d:fb:f8:8a:13:17:d1:29:23:46:
         ab:37:5e:1e:c0:09:b6:e0:d0:65:e6:fb:82:7b:d4:3f:5d:c8:
         38:3a:16:47:86:0c:10:82:f4:5c:a8:20:04:50:1c:43:43:a8:
         99:73:b0:b1:c6:41:f8:eb:b8:48:8a:aa:01:af:09:da:48:4c:
         47:2d:a2:9c:79:05:e1:b4:fc:7d:57:d2:35:34:14:62:8f:c8:
         ca:d2:46:90:57:74:c4:a4:ef:2b:99:e6:9a:6d:19:7d:f0:8e:
         d3:13:39:65:83:bb:22:dd:26:c8:9b:ba:2e:2b:07:dd:f4:c4:
         79:72:58:28:ff:e0:d2:1f:f9:82:85:45:ab:a4:10:20:28:61:
         0d:a9:a9:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURhaUZQ7y8tpIvW3HiLCnmrOFPmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTgxNTM4MjhaFw0yNTExMTcxNTQzMjhaMDMxMTAvBgNV
BAMTKERBRTI4MjA0NkQ0NzgzOEQ3OEVBODZBQjc0NkY4MzQ1NkQzODk0NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/xjY95C5yEeLoFBbwe4psJD2N
HgEukxw36kKJMQCtIhucJOs8wyAjJ6ZrAr4x5ZgvdxNEbsMdsffU+B+abHrt6HVJ
6dtnKbaKZWoBlITUjw++BFkWataWCmNRY5Qiexb5jkLtX5rnmJWSYzCmabBLyO/I
jTH5Leh/pZjqzbeTkpnSG1zUxgMK+bBQ2TEFUB87xQ/YVX9VPVKyJ7Q+JhFuXrhR
+P7w0v6CJ+Tod4DQ8PAPYOHZ53AX0nEhoRHq1idOy1zFV9bqpHaGPzRtc07omdaQ
SmQsanky5TPg/vOrruh/JczRzd9xxrYx8Xd22Os2vfNmIFHDQRflLYUwqCuJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2uKCBG1Hg4146oardG+DRW04lFQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MTgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkF
MA0GCSqGSIb3DQEBCwUAA4IBAQB/5L+XWa/durS8LVEIMddChJkhH8zOwD3XLi8M
AqRKpthrHrQHUuR355ds+EgetmXf28Ry65Wm7n247PePcYBo6Zm5Nlkg89a4olwj
znHahA4WIaL9WWiC0QRJAbNv+wGdktcYEBySnzunUcEd9Ck/fV1xHi37+IoTF9Ep
I0arN14ewAm24NBl5vuCe9Q/Xcg4OhZHhgwQgvRcqCAEUBxDQ6iZc7CxxkH467hI
iqoBrwnaSExHLaKceQXhtPx9V9I1NBRij8jK0kaQV3TEpO8rmeaabRl98I7TEzll
g7si3SbIm7ouKwfd9MR5clgo/+DSH/mChUWrpBAgKGENqalE
-----END CERTIFICATE-----