Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          EtI7jHYizfVX0PAGv783OpX9z9TzHpHCKWuJ6lHB3VU=
Subject key identifier:   7E:A6:32:67:9D:0B:1D:31:AC:9A:46:56:A3:DC:F0:3C:83:3E:93:DF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       675F3B3B772F0F6F349A79F69D5E78A7202345EC
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
Signing time:             Fri 25 Oct 2024 04:48:23 +0000
ROA not before:           Fri 25 Oct 2024 04:43:23 +0000
ROA not after:            Fri 24 Oct 2025 04:48:23 +0000
asID:                     395374
IP address blocks:        45.158.9.0/24 maxlen: 24
                          147.78.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:5f:3b:3b:77:2f:0f:6f:34:9a:79:f6:9d:5e:78:a7:20:23:45:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 25 04:43:23 2024 GMT
            Not After : Oct 24 04:48:23 2025 GMT
        Subject: CN=7EA632679D0B1D31AC9A4656A3DCF03C833E93DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b9:c1:9c:3a:22:70:d9:70:b7:a2:94:88:ba:
                    fb:4a:05:78:c6:9c:38:7d:3b:e6:18:52:b7:7b:6f:
                    17:e8:5e:dd:4a:75:40:92:79:74:d3:25:05:89:51:
                    73:cc:01:89:04:f0:cb:97:b9:47:3b:b1:39:76:86:
                    93:1f:61:3c:af:cd:a2:65:26:4a:9d:f4:96:d4:a1:
                    3c:37:bf:36:5e:a0:2d:98:5e:f4:d8:8b:12:55:be:
                    0f:9b:6d:29:c4:3b:80:91:14:ac:e2:24:31:d4:aa:
                    57:0d:3c:96:69:c1:c1:ca:57:69:28:2e:51:b6:97:
                    d3:19:5a:ca:3a:06:7d:8b:46:78:3c:cd:1b:8e:ae:
                    03:02:8a:94:ed:11:2b:08:1a:0b:a1:b3:fb:35:fa:
                    7e:37:8e:1b:d3:5a:f7:5e:24:1f:64:d0:27:b7:96:
                    99:e1:b3:25:ae:17:b1:99:fb:b0:26:99:e5:90:8a:
                    4a:32:d7:59:e8:48:79:7b:d8:fd:0d:c1:1c:2a:59:
                    38:d9:28:3a:a4:a2:b7:25:58:12:82:25:26:b4:e1:
                    f7:25:6b:68:40:c6:dd:35:9d:f6:3e:35:50:42:7d:
                    f4:0d:72:35:63:b5:85:be:3c:b6:c2:90:59:af:0f:
                    87:d2:38:33:41:03:17:0e:90:ab:08:da:01:48:04:
                    fe:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A6:32:67:9D:0B:1D:31:AC:9A:46:56:A3:DC:F0:3C:83:3E:93:DF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.9.0/24
                  147.78.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:eb:35:de:9d:9a:08:64:9b:c4:c9:21:3d:d4:ba:29:82:bb:
         7a:b6:65:a7:3d:08:87:d3:ff:09:45:af:1e:8a:99:e8:60:44:
         82:9e:ba:18:23:a0:78:c8:fa:7e:08:7b:88:e0:20:ad:7d:93:
         04:aa:cb:90:42:1f:34:c1:be:2c:e4:75:38:ae:67:28:98:59:
         bc:29:b1:b4:cc:9a:61:ac:d3:6b:9b:40:37:85:16:cf:ee:c5:
         86:8c:18:fb:7a:fc:52:fc:31:9d:40:bb:91:14:2f:1b:f1:39:
         b3:f0:49:4c:9a:09:a9:c8:dd:cb:69:b8:f3:5d:04:89:44:7a:
         f8:ed:18:af:e9:22:2d:1b:a5:12:a0:d7:39:2f:6d:42:f4:54:
         2b:87:84:95:a8:41:01:32:c2:9a:1a:1c:49:4c:9d:34:b1:fd:
         07:03:56:b4:7d:3c:43:a6:c6:95:62:1a:86:e9:27:c0:a7:93:
         3b:25:06:e3:36:05:56:6e:bb:6f:2f:aa:2d:8b:b4:ee:00:2d:
         9e:6d:3a:5b:f3:2c:be:80:b6:4b:5c:3d:23:31:47:4b:d3:20:
         64:ca:66:4b:63:c2:70:ba:41:6f:df:81:d3:32:a3:ea:5e:47:
         bd:a8:c3:50:eb:9e:e4:fd:d8:c0:f1:ee:f1:6a:5d:9d:a6:aa:
         fa:51:43:83
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUZ187O3cvD280mnn2nV54pyAjRewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMjUwNDQzMjNaFw0yNTEwMjQwNDQ4MjNaMDMxMTAvBgNV
BAMTKDdFQTYzMjY3OUQwQjFEMzFBQzlBNDY1NkEzRENGMDNDODMzRTkzREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOucGcOiJw2XC3opSIuvtKBXjG
nDh9O+YYUrd7bxfoXt1KdUCSeXTTJQWJUXPMAYkE8MuXuUc7sTl2hpMfYTyvzaJl
Jkqd9JbUoTw3vzZeoC2YXvTYixJVvg+bbSnEO4CRFKziJDHUqlcNPJZpwcHKV2ko
LlG2l9MZWso6Bn2LRng8zRuOrgMCipTtESsIGguhs/s1+n43jhvTWvdeJB9k0Ce3
lpnhsyWuF7GZ+7AmmeWQikoy11noSHl72P0NwRwqWTjZKDqkorclWBKCJSa04fcl
a2hAxt01nfY+NVBCffQNcjVjtYW+PLbCkFmvD4fSODNBAxcOkKsI2gFIBP63AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfqYyZ50LHTGsmkZWo9zwPIM+k98wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ4J
AwQAk054MA0GCSqGSIb3DQEBCwUAA4IBAQAI6zXenZoIZJvEySE91Lopgrt6tmWn
PQiH0/8JRa8eipnoYESCnroYI6B4yPp+CHuI4CCtfZMEqsuQQh80wb4s5HU4rmco
mFm8KbG0zJphrNNrm0A3hRbP7sWGjBj7evxS/DGdQLuRFC8b8Tmz8ElMmgmpyN3L
abjzXQSJRHr47Riv6SItG6USoNc5L21C9FQrh4SVqEEBMsKaGhxJTJ00sf0HA1a0
fTxDpsaVYhqG6SfAp5M7JQbjNgVWbrtvL6oti7TuAC2ebTpb8yy+gLZLXD0jMUdL
0yBkymZLY8JwukFv34HTMqPqXke9qMNQ657k/djA8e7xal2dpqr6UUOD
-----END CERTIFICATE-----