Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa
File:                     AS3170.roa (raw, json)
Hash identifier:          J/lItQfqvjGzajcRI3CCZwyHYtpco3Q6DFPAQmRhFMo=
Subject key identifier:   DA:CD:E5:A8:16:14:34:33:B4:BF:0E:CD:2C:D0:83:84:B4:C8:B0:86
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6829474B5B344C46DB7DECC3217D784CA78996B0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa
Signing time:             Sat 10 Jun 2023 22:16:03 +0000
ROA not before:           Sat 10 Jun 2023 22:11:03 +0000
ROA not after:            Sat 08 Jun 2024 22:16:03 +0000
asID:                     3170
IP address blocks:        45.149.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:29:47:4b:5b:34:4c:46:db:7d:ec:c3:21:7d:78:4c:a7:89:96:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 10 22:11:03 2023 GMT
            Not After : Jun  8 22:16:03 2024 GMT
        Subject: CN=DACDE5A816143433B4BF0ECD2CD08384B4C8B086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b5:0f:84:73:af:f8:e5:f4:ca:bb:d1:e5:86:
                    91:b5:69:cd:e9:02:fe:1b:e9:02:ca:b8:68:5c:60:
                    b1:04:e1:67:7e:b4:27:23:80:8b:c6:65:46:92:b3:
                    ba:be:97:73:34:8c:d4:f5:58:bd:1b:3f:7d:60:4f:
                    87:3c:aa:fa:14:02:21:4c:4c:33:f5:5d:df:a4:17:
                    31:28:ef:51:14:4e:fa:b8:73:91:d3:d3:33:6b:37:
                    d2:3b:e2:a1:42:cc:eb:e0:ce:d5:15:81:6b:7a:93:
                    b3:1a:20:2c:46:66:a1:ad:39:51:9d:6b:dd:8c:6f:
                    7d:8d:39:c8:f8:2e:0f:8e:0d:62:ea:6c:25:20:35:
                    e7:c6:9a:95:c7:f0:9f:e6:0f:68:99:e2:dd:81:23:
                    b3:74:bf:ab:96:44:01:dc:eb:51:fd:57:80:6a:8a:
                    c3:aa:e1:5d:90:08:ad:a0:0a:ca:da:32:70:b6:aa:
                    a4:94:44:f1:f6:3e:61:d8:7e:85:8e:bc:06:ed:9a:
                    2a:7b:88:d7:37:85:ec:ec:33:3a:6f:d5:69:01:26:
                    fc:e6:d8:72:d6:b1:b4:ff:fd:2c:98:0c:0d:0b:68:
                    54:bb:17:fc:fe:1b:68:47:ed:84:5d:3d:84:f2:4e:
                    fc:ff:70:6e:6f:58:39:b1:fe:41:ce:66:c5:57:43:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CD:E5:A8:16:14:34:33:B4:BF:0E:CD:2C:D0:83:84:B4:C8:B0:86
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:12:0d:40:17:04:cd:d0:74:63:fe:10:d0:f8:16:91:9a:88:
         5c:ac:21:70:99:7e:a7:93:9d:4f:a4:36:9d:a6:17:05:2c:19:
         89:12:e9:a8:79:00:d9:c7:82:8e:88:8e:06:5f:db:68:4c:73:
         c1:67:c4:3d:03:cf:a2:c5:de:19:7d:62:4b:02:17:e3:e9:08:
         57:5d:bf:6f:62:68:1c:2f:1b:0f:2c:38:69:9f:72:9e:ff:e0:
         cb:0a:26:9b:c7:ca:e0:fd:c2:9f:e2:f0:15:59:77:54:94:ae:
         14:40:1e:ff:6e:b6:4b:0c:8a:95:01:ec:91:56:77:1d:f1:60:
         30:31:9a:b3:70:f5:53:1b:4b:9b:15:05:30:98:1a:af:2e:66:
         c8:a5:24:9c:a9:c5:00:bd:7a:0e:26:8e:55:80:71:98:09:b2:
         5b:5d:28:33:e5:6b:59:af:e2:9f:51:9b:9f:d3:c6:2b:3d:c1:
         a5:42:bc:2e:a6:3a:f7:22:de:37:ca:7a:6b:e5:50:ad:e3:17:
         73:b6:9c:b8:f5:27:b5:3d:2e:09:f8:44:4b:b1:bb:95:48:9d:
         d8:08:b9:ff:73:fe:00:5d:9f:95:40:3d:ec:58:a1:03:b8:c6:
         3e:1c:a9:68:1e:0c:61:a0:7f:38:54:76:2a:be:ab:f8:08:00:
         a2:fd:e0:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUaClHS1s0TEbbfezDIX14TKeJlrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA2MTAyMjExMDNaFw0yNDA2MDgyMjE2MDNaMDMxMTAvBgNV
BAMTKERBQ0RFNUE4MTYxNDM0MzNCNEJGMEVDRDJDRDA4Mzg0QjRDOEIwODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgtQ+Ec6/45fTKu9HlhpG1ac3p
Av4b6QLKuGhcYLEE4Wd+tCcjgIvGZUaSs7q+l3M0jNT1WL0bP31gT4c8qvoUAiFM
TDP1Xd+kFzEo71EUTvq4c5HT0zNrN9I74qFCzOvgztUVgWt6k7MaICxGZqGtOVGd
a92Mb32NOcj4Lg+ODWLqbCUgNefGmpXH8J/mD2iZ4t2BI7N0v6uWRAHc61H9V4Bq
isOq4V2QCK2gCsraMnC2qqSURPH2PmHYfoWOvAbtmip7iNc3hezsMzpv1WkBJvzm
2HLWsbT//SyYDA0LaFS7F/z+G2hH7YRdPYTyTvz/cG5vWDmx/kHOZsVXQ517AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU2s3lqBYUNDO0vw7NLNCDhLTIsIYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzE3MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2VuDAN
BgkqhkiG9w0BAQsFAAOCAQEADBINQBcEzdB0Y/4Q0PgWkZqIXKwhcJl+p5OdT6Q2
naYXBSwZiRLpqHkA2ceCjoiOBl/baExzwWfEPQPPosXeGX1iSwIX4+kIV12/b2Jo
HC8bDyw4aZ9ynv/gywomm8fK4P3Cn+LwFVl3VJSuFEAe/262SwyKlQHskVZ3HfFg
MDGas3D1UxtLmxUFMJgary5myKUknKnFAL16DiaOVYBxmAmyW10oM+VrWa/in1Gb
n9PGKz3BpUK8LqY69yLeN8p6a+VQreMXc7acuPUntT0uCfhES7G7lUid2Ai5/3P+
AF2flUA97FihA7jGPhypaB4MYaB/OFR2Kr6r+AgAov3gQg==
-----END CERTIFICATE-----