Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          txt3ja2CjRhF/beR5cQEqoPwY8lFyjVsd2Ph5FysAMQ=
Subject key identifier:   92:47:30:21:BF:0C:26:25:0D:FF:7B:BB:77:D7:A6:FB:7C:7F:5B:C6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       728D18A7540E257CBAA4D475EC85D726E1595F6D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
Signing time:             Wed 21 May 2025 00:00:38 +0000
ROA not before:           Tue 20 May 2025 23:55:38 +0000
ROA not after:            Wed 20 May 2026 00:00:38 +0000
asID:                     393942
IP address blocks:        45.135.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:8d:18:a7:54:0e:25:7c:ba:a4:d4:75:ec:85:d7:26:e1:59:5f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 20 23:55:38 2025 GMT
            Not After : May 20 00:00:38 2026 GMT
        Subject: CN=92473021BF0C26250DFF7BBB77D7A6FB7C7F5BC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a6:01:45:b0:33:59:d9:cc:30:bf:ff:44:61:
                    ab:df:94:f3:fd:a5:b5:54:fa:7b:8a:a9:11:c7:a6:
                    17:aa:b9:92:4f:88:65:90:c0:cc:6c:81:98:88:a2:
                    29:86:87:48:dd:9a:1d:70:92:a3:a9:83:ca:f5:2a:
                    c1:07:1a:37:65:42:b1:a5:f8:a9:eb:9b:96:09:64:
                    34:84:86:05:45:04:7b:8d:df:0a:0d:81:d9:36:06:
                    fc:f4:e6:c4:93:4a:e8:28:ed:25:12:c5:2e:15:d5:
                    61:3d:ee:7b:f3:80:31:af:b3:1d:30:7b:f4:60:58:
                    8b:46:47:f6:26:7d:d9:19:99:c3:d4:10:8c:8a:7e:
                    b7:c5:94:e2:54:52:14:b6:aa:a1:42:f7:e5:8c:e2:
                    d7:69:d7:eb:01:0f:67:ac:26:3b:94:56:c0:5f:11:
                    25:17:2d:cf:38:30:18:9a:b2:10:a4:68:a2:10:80:
                    52:66:98:e8:5f:24:59:c1:e3:ca:d5:18:62:bd:de:
                    aa:b9:7e:94:6c:95:4c:67:0c:1e:a6:f7:51:9e:f1:
                    11:42:5d:e1:7c:cc:0d:29:da:03:86:65:58:80:16:
                    05:ee:6e:58:4d:78:c7:77:bd:5b:c2:0c:e5:28:32:
                    86:3e:63:df:3f:db:3b:ac:61:4f:ca:ab:7a:79:90:
                    bf:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:47:30:21:BF:0C:26:25:0D:FF:7B:BB:77:D7:A6:FB:7C:7F:5B:C6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:51:70:ab:43:b3:65:a0:d2:ad:34:aa:35:fa:63:6a:f4:eb:
         89:ff:ee:a0:2f:4e:04:22:2e:ee:ea:94:fe:c8:27:6e:b9:51:
         18:35:2d:37:00:65:f1:1f:ec:c5:7b:59:bd:5b:12:34:9e:90:
         c9:d0:79:18:21:31:94:37:a4:0a:c8:e2:6a:48:56:f2:1e:a4:
         05:e0:2f:32:6b:fe:7e:2c:f4:dc:da:11:70:ca:6b:dd:0b:fa:
         2d:fa:ef:f0:99:62:b3:b6:e0:21:7b:73:c4:5e:5e:95:94:eb:
         e4:d6:1f:17:4f:34:07:7a:3e:3e:f7:33:b7:34:72:0d:6a:87:
         bc:bc:bf:cd:f1:36:7f:6c:4f:88:85:1a:93:73:90:46:d7:f5:
         1a:b4:5e:da:b2:69:8d:9d:35:5a:8d:3c:10:84:75:22:43:35:
         9d:30:cf:e6:0a:c1:79:ff:2b:61:d4:fd:ac:99:76:5c:09:ee:
         8b:9d:48:4b:4b:f8:8e:80:4e:a1:5f:6b:4f:b0:19:9d:72:bb:
         00:1a:2d:91:44:5d:1d:9e:cd:62:7a:13:9f:60:54:2d:27:aa:
         d4:59:9f:9a:d1:42:63:e0:08:62:75:3a:33:89:2d:ce:7f:2a:
         9f:07:07:80:e5:97:f6:20:38:c8:cc:f6:72:c8:89:e5:63:47:
         20:60:cc:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUco0Yp1QOJXy6pNR17IXXJuFZX20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MjAyMzU1MzhaFw0yNjA1MjAwMDAwMzhaMDMxMTAvBgNV
BAMTKDkyNDczMDIxQkYwQzI2MjUwREZGN0JCQjc3RDdBNkZCN0M3RjVCQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5pgFFsDNZ2cwwv/9EYavflPP9
pbVU+nuKqRHHphequZJPiGWQwMxsgZiIoimGh0jdmh1wkqOpg8r1KsEHGjdlQrGl
+Knrm5YJZDSEhgVFBHuN3woNgdk2Bvz05sSTSugo7SUSxS4V1WE97nvzgDGvsx0w
e/RgWItGR/YmfdkZmcPUEIyKfrfFlOJUUhS2qqFC9+WM4tdp1+sBD2esJjuUVsBf
ESUXLc84MBiashCkaKIQgFJmmOhfJFnB48rVGGK93qq5fpRslUxnDB6m91Ge8RFC
XeF8zA0p2gOGZViAFgXublhNeMd3vVvCDOUoMoY+Y98/2zusYU/Kq3p5kL/jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkkcwIb8MJiUN/3u7d9em+3x/W8YwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYf6
MA0GCSqGSIb3DQEBCwUAA4IBAQBHUXCrQ7NloNKtNKo1+mNq9OuJ/+6gL04EIi7u
6pT+yCduuVEYNS03AGXxH+zFe1m9WxI0npDJ0HkYITGUN6QKyOJqSFbyHqQF4C8y
a/5+LPTc2hFwymvdC/ot+u/wmWKztuAhe3PEXl6VlOvk1h8XTzQHej4+9zO3NHIN
aoe8vL/N8TZ/bE+IhRqTc5BG1/UatF7asmmNnTVajTwQhHUiQzWdMM/mCsF5/yth
1P2smXZcCe6LnUhLS/iOgE6hX2tPsBmdcrsAGi2RRF0dns1iehOfYFQtJ6rUWZ+a
0UJj4AhidToziS3OfyqfBweA5Zf2IDjIzPZyyInlY0cgYMxu
-----END CERTIFICATE-----