Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399641.roa
File:                     AS399641.roa (raw, json)
Hash identifier:          NChyvIHiGOquGu1S2XPjrnrAouZHY3H8W46Sis0fVsY=
Subject key identifier:   CD:7E:E9:C3:60:10:83:59:43:B9:5B:58:8B:88:14:0E:F4:A4:67:FF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       65BA63617FCD9357D40959F461DA75240ED91152
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399641.roa
Signing time:             Fri 01 Mar 2024 00:00:07 +0000
ROA not before:           Thu 29 Feb 2024 23:55:07 +0000
ROA not after:            Fri 28 Feb 2025 00:00:07 +0000
asID:                     399641
IP address blocks:        192.166.115.0/24 maxlen: 24
                          193.176.55.0/24 maxlen: 24
                          195.20.98.0/24 maxlen: 24
                          195.206.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Mar 2024 21:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ba:63:61:7f:cd:93:57:d4:09:59:f4:61:da:75:24:0e:d9:11:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 29 23:55:07 2024 GMT
            Not After : Feb 28 00:00:07 2025 GMT
        Subject: CN=CD7EE9C36010835943B95B588B88140EF4A467FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ac:ee:59:07:b4:1f:7f:52:b9:ea:e9:20:00:
                    18:b7:65:44:69:bb:5a:7c:5b:13:b5:e1:1a:3c:ba:
                    f8:1c:5f:9e:bb:6b:65:bc:43:68:a2:d3:40:8c:91:
                    ab:13:a8:78:4e:8a:8d:22:79:10:9b:33:5b:4e:3d:
                    e1:00:fb:02:9f:61:f3:00:53:0a:e4:f9:04:b3:41:
                    9c:c9:3f:25:95:cc:24:dc:3f:cf:ec:bf:f8:dd:40:
                    c4:d4:80:d9:f5:93:e6:59:4a:af:9a:3e:77:85:8d:
                    f4:4f:ca:f6:3c:83:6c:50:27:24:a1:69:a1:e3:df:
                    cb:be:15:30:00:1d:f9:d0:8e:be:f4:1f:32:53:1e:
                    3d:55:09:80:ad:96:9c:f1:1c:1a:23:f0:a9:d6:b9:
                    97:11:ed:ce:9b:b4:8b:a4:1c:78:28:b6:16:fe:85:
                    7f:74:e7:42:5b:1a:b4:fc:e2:41:95:e4:50:1a:f6:
                    7d:40:81:7f:31:68:41:fb:64:be:42:68:19:64:9d:
                    3b:59:95:3d:98:fb:1e:f4:cc:20:92:6e:43:b6:17:
                    44:f6:0d:a4:84:25:bc:e9:f3:b8:2a:57:30:b5:4b:
                    c2:29:c0:03:7e:5f:75:7e:64:c5:38:3f:1b:56:00:
                    0c:0c:7b:6d:3b:a9:be:d2:4d:6e:9f:49:cf:94:70:
                    ae:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:7E:E9:C3:60:10:83:59:43:B9:5B:58:8B:88:14:0E:F4:A4:67:FF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.115.0/24
                  193.176.55.0/24
                  195.20.98.0/24
                  195.206.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ac:c7:66:ed:65:85:98:32:ae:ad:01:03:89:81:ea:cb:66:
         9f:67:3e:9a:32:34:d8:41:88:ca:7e:6d:67:3d:56:e5:ae:6b:
         a2:76:0d:c9:37:f6:9f:e2:4b:70:29:28:ed:21:f1:d0:73:0c:
         09:a7:fb:64:a9:01:ee:1e:f2:e9:4e:85:ea:7e:ca:9a:cb:f0:
         76:ff:1c:ce:ec:ff:7c:a1:3a:92:64:78:b5:a3:1a:3e:54:60:
         e8:71:d0:40:20:31:a0:bb:75:07:6b:a9:d6:8d:01:e6:48:7d:
         3f:e9:8a:6d:d8:5e:81:4c:18:0a:bd:5f:c2:6d:b4:92:db:30:
         40:2c:bf:c7:22:3e:84:61:3e:0b:7d:0d:7d:ea:ca:fb:5f:5a:
         25:6a:13:4b:42:27:24:37:e6:0d:bc:6f:04:ec:d9:3e:52:16:
         62:c6:ce:f2:c0:a6:9b:bf:bd:81:af:eb:0f:95:50:82:44:6a:
         6c:26:1f:40:85:d7:9a:41:63:58:d1:83:47:f8:58:d3:55:82:
         e2:80:04:9a:bb:77:fb:df:15:e0:28:6f:db:40:c2:8d:ab:8e:
         84:2b:2d:5b:9a:c0:7b:94:68:68:a5:a5:e8:65:6e:bb:57:9a:
         d6:59:ce:99:3f:b8:d4:17:2c:28:66:ea:ef:2d:4d:2a:d2:97:
         40:02:a7:ed
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUZbpjYX/Nk1fUCVn0Ydp1JA7ZEVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjkyMzU1MDdaFw0yNTAyMjgwMDAwMDdaMDMxMTAvBgNV
BAMTKENEN0VFOUMzNjAxMDgzNTk0M0I5NUI1ODhCODgxNDBFRjRBNDY3RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2rO5ZB7Qff1K56ukgABi3ZURp
u1p8WxO14Ro8uvgcX567a2W8Q2ii00CMkasTqHhOio0ieRCbM1tOPeEA+wKfYfMA
Uwrk+QSzQZzJPyWVzCTcP8/sv/jdQMTUgNn1k+ZZSq+aPneFjfRPyvY8g2xQJySh
aaHj38u+FTAAHfnQjr70HzJTHj1VCYCtlpzxHBoj8KnWuZcR7c6btIukHHgothb+
hX9050JbGrT84kGV5FAa9n1AgX8xaEH7ZL5CaBlknTtZlT2Y+x70zCCSbkO2F0T2
DaSEJbzp87gqVzC1S8IpwAN+X3V+ZMU4PxtWAAwMe207qb7STW6fSc+UcK6XAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUzX7pw2AQg1lDuVtYi4gUDvSkZ/8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk5NjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwKZz
AwQAwbA3AwQAwxRiAwQAw87nMA0GCSqGSIb3DQEBCwUAA4IBAQBHrMdm7WWFmDKu
rQEDiYHqy2afZz6aMjTYQYjKfm1nPVblrmuidg3JN/af4ktwKSjtIfHQcwwJp/tk
qQHuHvLpToXqfsqay/B2/xzO7P98oTqSZHi1oxo+VGDocdBAIDGgu3UHa6nWjQHm
SH0/6Ypt2F6BTBgKvV/CbbSS2zBALL/HIj6EYT4LfQ196sr7X1olahNLQickN+YN
vG8E7Nk+UhZixs7ywKabv72Br+sPlVCCRGpsJh9AhdeaQWNY0YNH+FjTVYLigASa
u3f73xXgKG/bQMKNq46EKy1bmsB7lGhopaXoZW67V5rWWc6ZP7jUFywoZurvLU0q
0pdAAqft
-----END CERTIFICATE-----
Generated at Fri Mar 1 02:46:25 2024 by rpki-client on console-ams.rpki-client.org