Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          VKrcaaQ+WyR+bzWaDOQXk5+mldPscI5ScqIam/HAKTw=
Subject key identifier:   61:0E:C2:95:E0:03:E5:CA:14:35:55:51:66:3A:E3:FA:1C:DB:30:BC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       703C82120E6803EBB4FD4E0267450FB2C096B004
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
Signing time:             Fri 25 Oct 2024 04:48:22 +0000
ROA not before:           Fri 25 Oct 2024 04:43:22 +0000
ROA not after:            Fri 24 Oct 2025 04:48:22 +0000
asID:                     393942
IP address blocks:        45.135.250.0/24 maxlen: 24
                          195.20.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3c:82:12:0e:68:03:eb:b4:fd:4e:02:67:45:0f:b2:c0:96:b0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 25 04:43:22 2024 GMT
            Not After : Oct 24 04:48:22 2025 GMT
        Subject: CN=610EC295E003E5CA14355551663AE3FA1CDB30BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:61:c5:de:1e:72:a0:fd:98:f9:cc:a9:6e:4a:
                    07:f4:88:5d:89:7b:d0:a4:02:37:7f:d2:e5:d7:d4:
                    3b:78:4d:86:7e:80:f6:7f:3b:8f:41:77:84:33:65:
                    c5:1f:a0:74:b3:45:a1:52:28:d0:16:bd:32:be:4d:
                    ee:86:8d:5b:48:9e:91:a1:8a:f7:f8:1e:36:43:0f:
                    59:f8:34:a2:22:90:ac:11:11:dd:2e:10:c3:3d:db:
                    c0:4c:2a:ce:51:bb:50:73:40:e4:cd:0a:45:5f:5c:
                    06:60:4d:38:4d:b9:b5:cc:7f:b0:21:ee:82:49:66:
                    b4:ad:7b:39:6d:5e:39:54:54:39:a8:e3:4c:fe:b0:
                    8c:15:8d:e6:81:a1:dc:4a:47:2f:99:03:23:ae:fe:
                    7e:1d:94:1f:23:c8:1e:0c:b6:ff:d5:c5:53:cc:41:
                    6f:54:32:1d:06:85:25:99:8c:dd:af:0f:51:b2:bd:
                    a9:30:1a:ad:63:90:e0:04:2d:91:72:79:d4:da:67:
                    ef:55:65:15:be:6f:7b:87:94:d0:20:21:f1:62:88:
                    85:08:ac:e0:e5:17:5e:c2:50:f1:88:dd:e2:a9:af:
                    1f:38:f6:ea:23:8e:10:67:c2:50:f6:54:bc:26:ee:
                    ee:09:91:89:64:1b:0b:88:0d:f9:fc:1e:8c:17:84:
                    29:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0E:C2:95:E0:03:E5:CA:14:35:55:51:66:3A:E3:FA:1C:DB:30:BC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.250.0/24
                  195.20.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:58:97:b2:86:80:13:24:b7:5a:30:af:09:40:70:f5:a0:1d:
         54:75:40:96:30:4a:18:25:77:f9:12:ff:28:a1:b6:69:d6:a7:
         d3:45:bb:64:a3:29:bf:bc:4d:a6:38:34:94:d9:63:51:6e:e0:
         85:d4:86:fc:94:21:d7:61:40:31:b3:83:24:f0:3a:56:3c:ce:
         c6:c3:e1:3c:e6:33:31:92:9a:9f:c5:9f:b0:cb:0e:53:1b:58:
         bf:ff:ab:9a:0c:5c:7b:21:67:57:ef:a9:f2:e1:27:39:12:27:
         dc:95:49:b3:b5:5e:9e:e8:61:f7:fd:3a:9e:e4:34:fb:cd:4c:
         67:7d:39:91:c3:b0:6a:ad:7f:60:d2:15:94:f8:62:1a:82:d2:
         bd:f6:55:b5:71:47:dc:6f:84:5d:6f:a4:e5:66:79:1f:99:80:
         55:7e:59:80:01:79:6b:c6:19:74:5a:69:27:24:05:84:4b:7f:
         7f:ef:ff:9f:ea:a2:cb:49:1d:8e:18:8d:39:5b:2a:fb:3b:66:
         34:56:30:af:58:d6:23:7c:50:5a:d9:e4:27:28:ce:b7:d1:8c:
         c8:63:4a:e2:15:49:1b:8c:4e:1e:b0:8f:1c:52:d9:46:35:4d:
         0a:ed:35:6b:7b:a1:96:e0:68:01:c0:4d:26:bd:35:9f:dc:9b:
         8d:dc:92:bd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcDyCEg5oA+u0/U4CZ0UPssCWsAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMjUwNDQzMjJaFw0yNTEwMjQwNDQ4MjJaMDMxMTAvBgNV
BAMTKDYxMEVDMjk1RTAwM0U1Q0ExNDM1NTU1MTY2M0FFM0ZBMUNEQjMwQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRYcXeHnKg/Zj5zKluSgf0iF2J
e9CkAjd/0uXX1Dt4TYZ+gPZ/O49Bd4QzZcUfoHSzRaFSKNAWvTK+Te6GjVtInpGh
ivf4HjZDD1n4NKIikKwREd0uEMM928BMKs5Ru1BzQOTNCkVfXAZgTThNubXMf7Ah
7oJJZrStezltXjlUVDmo40z+sIwVjeaBodxKRy+ZAyOu/n4dlB8jyB4Mtv/VxVPM
QW9UMh0GhSWZjN2vD1GyvakwGq1jkOAELZFyedTaZ+9VZRW+b3uHlNAgIfFiiIUI
rODlF17CUPGI3eKprx849uojjhBnwlD2VLwm7u4JkYlkGwuIDfn8HowXhCkHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUYQ7CleAD5coUNVVRZjrj+hzbMLwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYf6
AwQAwxRoMA0GCSqGSIb3DQEBCwUAA4IBAQBNWJeyhoATJLdaMK8JQHD1oB1UdUCW
MEoYJXf5Ev8oobZp1qfTRbtkoym/vE2mODSU2WNRbuCF1Ib8lCHXYUAxs4Mk8DpW
PM7Gw+E85jMxkpqfxZ+wyw5TG1i//6uaDFx7IWdX76ny4Sc5EifclUmztV6e6GH3
/Tqe5DT7zUxnfTmRw7BqrX9g0hWU+GIagtK99lW1cUfcb4Rdb6TlZnkfmYBVflmA
AXlrxhl0WmknJAWES39/7/+f6qLLSR2OGI05Wyr7O2Y0VjCvWNYjfFBa2eQnKM63
0YzIY0riFUkbjE4esI8cUtlGNU0K7TVre6GW4GgBwE0mvTWf3JuN3JK9
-----END CERTIFICATE-----