Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          /rMulwQKvcTurEdyHXJpH7vabBJ0rdKx3GUiByiHF64=
Subject key identifier:   C7:EF:47:BE:39:68:07:FC:DB:D5:EC:B4:CE:6F:46:B0:3C:0B:43:95
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       71BCEB1C7B6C141067C4E7DB273299E7074349FE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
Signing time:             Mon 30 Dec 2024 02:56:31 +0000
ROA not before:           Mon 30 Dec 2024 02:51:31 +0000
ROA not after:            Mon 29 Dec 2025 02:56:31 +0000
asID:                     395374
IP address blocks:        45.158.9.0/24 maxlen: 24
                          147.78.120.0/24 maxlen: 24
                          152.89.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:bc:eb:1c:7b:6c:14:10:67:c4:e7:db:27:32:99:e7:07:43:49:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 30 02:51:31 2024 GMT
            Not After : Dec 29 02:56:31 2025 GMT
        Subject: CN=C7EF47BE396807FCDBD5ECB4CE6F46B03C0B4395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7d:59:2f:bc:d8:46:09:35:73:1a:13:65:33:
                    c3:8d:63:d3:9f:ef:c3:1e:27:6c:4e:cb:79:f1:a5:
                    a0:a1:7f:3c:41:e1:5b:f9:dd:05:53:be:4e:20:60:
                    e1:bb:1a:f4:76:28:06:b1:4e:26:3c:d3:0a:6b:db:
                    f5:0f:b0:d2:6c:fa:7b:2c:5b:da:18:0a:21:98:aa:
                    80:3d:af:d3:35:6e:0c:e1:7e:cc:ff:c4:7e:2c:4f:
                    0d:82:cf:0b:dc:72:21:36:04:03:64:14:c7:46:16:
                    2b:f1:ad:fa:4e:df:d8:d1:a5:cb:15:bf:a0:91:59:
                    84:f1:53:d5:28:cc:69:0e:c0:e7:b0:10:21:65:ee:
                    59:91:9f:de:c3:d3:b9:25:7f:93:a1:ad:de:17:6f:
                    5b:e0:72:3b:35:62:a2:67:31:08:a4:e7:5c:98:7c:
                    e8:a3:10:7c:0b:50:56:f8:a8:aa:b3:04:0b:85:21:
                    b2:a3:73:c6:dc:59:45:02:3a:f8:36:b8:5e:d0:8d:
                    bd:bb:5b:a3:53:e4:02:04:c5:32:70:a8:e5:4c:65:
                    40:ee:dc:47:01:b8:d1:66:41:f1:42:94:5a:9e:a6:
                    ee:b6:85:ea:ed:60:cf:34:be:e3:bf:3d:5d:fe:b4:
                    43:e1:3a:76:63:50:72:64:93:61:06:fc:c7:6a:af:
                    e0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EF:47:BE:39:68:07:FC:DB:D5:EC:B4:CE:6F:46:B0:3C:0B:43:95
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.9.0/24
                  147.78.120.0/24
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:0b:59:41:21:15:87:7c:16:9e:1b:5c:03:40:cc:4e:90:5e:
         94:7c:13:62:90:47:e7:c9:7e:b9:a4:d3:0a:9f:f0:31:82:0d:
         88:05:e4:08:51:10:d3:dc:c0:a3:e2:df:fa:99:ca:e7:ab:64:
         58:dd:10:e5:17:15:df:35:a1:e2:7c:30:3f:35:d2:ed:d2:97:
         97:fc:1d:c7:a6:19:75:0a:ec:c9:74:70:67:c3:c1:be:8c:20:
         aa:36:ff:8f:39:f0:7e:aa:c7:c5:ca:04:46:be:d8:65:82:74:
         07:b7:bc:08:08:02:d1:f9:2f:b9:c0:c3:7a:de:4e:78:ed:41:
         0e:27:68:3c:85:ea:8f:6d:d8:ae:29:c0:cf:c2:03:6b:e0:63:
         9f:dc:08:55:f6:31:6c:18:bb:8f:69:28:ee:a8:7f:d4:dd:88:
         80:66:20:4b:ed:4e:c1:98:5f:bb:97:57:a9:7e:c8:a9:1e:cf:
         80:12:f4:1c:73:03:f1:76:e7:46:82:9c:d6:3c:1f:81:b3:da:
         da:87:bb:2b:24:d4:9a:99:ec:2b:af:df:6a:7f:96:a6:03:f2:
         f7:e9:68:e4:c8:06:0b:b7:10:dd:cf:da:2b:b7:62:90:2c:b0:
         9e:79:23:84:60:f8:77:2a:b3:e2:da:3e:e8:a9:09:53:c6:04:
         7a:b0:54:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcbzrHHtsFBBnxOfbJzKZ5wdDSf4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMzAwMjUxMzFaFw0yNTEyMjkwMjU2MzFaMDMxMTAvBgNV
BAMTKEM3RUY0N0JFMzk2ODA3RkNEQkQ1RUNCNENFNkY0NkIwM0MwQjQzOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrfVkvvNhGCTVzGhNlM8ONY9Of
78MeJ2xOy3nxpaChfzxB4Vv53QVTvk4gYOG7GvR2KAaxTiY80wpr2/UPsNJs+nss
W9oYCiGYqoA9r9M1bgzhfsz/xH4sTw2CzwvcciE2BANkFMdGFivxrfpO39jRpcsV
v6CRWYTxU9UozGkOwOewECFl7lmRn97D07klf5Ohrd4Xb1vgcjs1YqJnMQik51yY
fOijEHwLUFb4qKqzBAuFIbKjc8bcWUUCOvg2uF7Qjb27W6NT5AIExTJwqOVMZUDu
3EcBuNFmQfFClFqepu62hertYM80vuO/PV3+tEPhOnZjUHJkk2EG/Mdqr+DLAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUx+9HvjloB/zb1ey0zm9GsDwLQ5UwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZ4J
AwQAk054AwQAmFn6MA0GCSqGSIb3DQEBCwUAA4IBAQBzC1lBIRWHfBaeG1wDQMxO
kF6UfBNikEfnyX65pNMKn/Axgg2IBeQIURDT3MCj4t/6mcrnq2RY3RDlFxXfNaHi
fDA/NdLt0peX/B3Hphl1CuzJdHBnw8G+jCCqNv+POfB+qsfFygRGvthlgnQHt7wI
CALR+S+5wMN63k547UEOJ2g8heqPbdiuKcDPwgNr4GOf3AhV9jFsGLuPaSjuqH/U
3YiAZiBL7U7BmF+7l1epfsipHs+AEvQccwPxdudGgpzWPB+Bs9rah7srJNSamewr
r99qf5amA/L36WjkyAYLtxDdz9ort2KQLLCeeSOEYPh3KrPi2j7oqQlTxgR6sFSN
-----END CERTIFICATE-----