Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          IhIue+jcuX9D40F6e59bYcTooybdzLna6qEqEY6MqnI=
Subject key identifier:   B0:4E:02:39:99:16:D3:0B:05:34:79:84:4F:F0:16:AC:29:22:30:A6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3D077849E254163E2BF14DAC8F4C420C8C854A84
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25369.roa
Signing time:             Sat 16 Dec 2023 21:01:38 +0000
ROA not before:           Sat 16 Dec 2023 20:56:38 +0000
ROA not after:            Sat 14 Dec 2024 21:01:38 +0000
asID:                     25369
IP address blocks:        45.155.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:07:78:49:e2:54:16:3e:2b:f1:4d:ac:8f:4c:42:0c:8c:85:4a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 16 20:56:38 2023 GMT
            Not After : Dec 14 21:01:38 2024 GMT
        Subject: CN=B04E02399916D30B053479844FF016AC292230A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:a9:a9:3b:3f:da:ca:97:6a:d4:91:57:ee:
                    41:00:9e:d5:2a:ab:2d:40:36:b6:0f:27:0e:4a:44:
                    73:e2:65:f5:25:d2:17:89:aa:16:d8:82:f0:e9:05:
                    55:07:7f:23:62:e9:3c:db:d7:d1:33:af:b6:7f:a9:
                    0b:1c:b4:27:83:68:9c:e9:ba:e4:7c:96:13:f9:19:
                    1a:27:9b:7b:77:87:a2:1c:ba:44:e8:21:de:7f:5b:
                    6f:69:9b:eb:1c:6c:af:fc:08:e0:fd:64:6e:44:1c:
                    f9:99:66:ed:33:3f:2c:82:90:ab:91:73:8b:63:b4:
                    ca:87:2b:a5:86:ea:a9:e1:fc:a6:64:c1:49:d0:96:
                    cb:0a:d8:9d:88:51:e3:97:79:2f:38:42:0e:fb:83:
                    d8:99:6f:0b:3e:b1:19:9d:5e:2c:6d:77:73:c2:79:
                    67:15:43:90:ce:3b:89:f7:21:c6:a8:ae:bb:96:06:
                    c2:85:a2:8e:51:03:83:fc:2e:c4:47:9f:e2:4b:a3:
                    7f:46:ee:b4:22:05:0b:bc:b3:91:28:a6:b4:40:b8:
                    a5:d2:14:3a:4f:7f:c4:e7:e7:3f:19:c9:20:16:3e:
                    a5:63:d8:4b:24:83:11:60:6a:10:45:93:5e:f8:43:
                    76:af:89:51:f3:9a:46:17:b5:6b:9b:8e:f7:2e:a6:
                    91:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:4E:02:39:99:16:D3:0B:05:34:79:84:4F:F0:16:AC:29:22:30:A6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:24:7e:eb:40:36:e9:2d:83:07:96:2f:1f:f2:30:b1:28:d4:
         c9:e5:a4:d5:0e:e5:72:cb:cc:ed:38:2b:8c:a8:2f:6a:cf:1e:
         e3:7e:31:13:54:b6:c8:63:09:22:a4:72:41:7b:fc:05:82:09:
         88:e1:18:cf:d5:85:8c:56:3d:14:fb:f6:67:29:37:92:7d:22:
         c7:45:cb:06:82:d2:d3:4a:c8:9f:14:77:61:e4:c3:f3:a8:f5:
         fe:37:3b:0c:cf:42:94:65:74:67:bf:27:24:6c:66:60:9c:55:
         74:ec:1d:b0:c4:58:27:12:ce:b3:7e:56:14:eb:66:a6:d0:b0:
         ec:49:fa:ee:3d:6f:fd:7c:b9:64:3f:44:95:d6:94:7e:bf:01:
         ce:44:df:0e:c8:4e:dd:27:24:99:a1:3f:ad:5d:ef:c9:ce:c2:
         38:f9:1a:3e:ba:50:35:10:74:df:12:1b:93:15:64:e5:ad:7f:
         9d:bc:1c:ea:dc:56:ba:e3:c4:2f:13:a3:98:7e:b7:43:92:7e:
         1b:b6:ed:05:e1:b6:16:55:a2:e3:17:14:cc:f7:9b:0a:33:bc:
         d9:03:3f:39:a9:f6:03:a7:9e:8d:65:64:0b:5c:c2:08:f7:87:
         fe:9d:24:a0:e6:52:ec:b6:25:60:57:72:23:ad:87:28:6b:0a:
         cb:ed:8e:20
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPQd4SeJUFj4r8U2sj0xCDIyFSoQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMTYyMDU2MzhaFw0yNDEyMTQyMTAxMzhaMDMxMTAvBgNV
BAMTKEIwNEUwMjM5OTkxNkQzMEIwNTM0Nzk4NDRGRjAxNkFDMjkyMjMwQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXl6mpOz/aypdq1JFX7kEAntUq
qy1ANrYPJw5KRHPiZfUl0heJqhbYgvDpBVUHfyNi6Tzb19Ezr7Z/qQsctCeDaJzp
uuR8lhP5GRonm3t3h6IcukToId5/W29pm+scbK/8COD9ZG5EHPmZZu0zPyyCkKuR
c4tjtMqHK6WG6qnh/KZkwUnQlssK2J2IUeOXeS84Qg77g9iZbws+sRmdXixtd3PC
eWcVQ5DOO4n3IcaorruWBsKFoo5RA4P8LsRHn+JLo39G7rQiBQu8s5EoprRAuKXS
FDpPf8Tn5z8ZySAWPqVj2EskgxFgahBFk174Q3aviVHzmkYXtWubjvcuppFHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUsE4COZkW0wsFNHmET/AWrCkiMKYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtmxIw
DQYJKoZIhvcNAQELBQADggEBAGYkfutANuktgweWLx/yMLEo1MnlpNUO5XLLzO04
K4yoL2rPHuN+MRNUtshjCSKkckF7/AWCCYjhGM/VhYxWPRT79mcpN5J9IsdFywaC
0tNKyJ8Ud2Hkw/Oo9f43OwzPQpRldGe/JyRsZmCcVXTsHbDEWCcSzrN+VhTrZqbQ
sOxJ+u49b/18uWQ/RJXWlH6/Ac5E3w7ITt0nJJmhP61d78nOwjj5Gj66UDUQdN8S
G5MVZOWtf528HOrcVrrjxC8To5h+t0OSfhu27QXhthZVouMXFMz3mwozvNkDPzmp
9gOnno1lZAtcwgj3h/6dJKDmUuy2JWBXciOthyhrCsvtjiA=
-----END CERTIFICATE-----