Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400039.roa
File:                     AS400039.roa (raw, json)
Hash identifier:          zLPtm/fsKu/wWfPpayBKAc4fm/sGkiuxC5uiLpjcJSM=
Subject key identifier:   62:61:90:4D:79:98:1C:8C:4D:86:0E:83:5B:F7:09:83:59:C6:36:65
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6D6797FF54C02E3EE269C00C245974F3FDED4048
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400039.roa
Signing time:             Fri 01 Mar 2024 00:01:54 +0000
ROA not before:           Thu 29 Feb 2024 23:56:54 +0000
ROA not after:            Fri 28 Feb 2025 00:01:54 +0000
asID:                     400039
IP address blocks:        141.98.156.0/24 maxlen: 24
                          192.166.83.0/24 maxlen: 24
                          195.20.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:67:97:ff:54:c0:2e:3e:e2:69:c0:0c:24:59:74:f3:fd:ed:40:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 29 23:56:54 2024 GMT
            Not After : Feb 28 00:01:54 2025 GMT
        Subject: CN=6261904D79981C8C4D860E835BF7098359C63665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3a:d4:b0:70:5d:28:c9:06:69:aa:7d:e1:b3:
                    38:45:25:4f:5e:95:64:37:9c:73:51:16:98:5f:e7:
                    c9:e3:4c:59:4c:6b:e1:17:95:71:e9:96:16:4e:f6:
                    02:72:2a:d2:d3:3b:c9:32:37:e6:fa:6b:62:8d:5c:
                    d6:e2:a2:ef:0f:87:2c:a1:55:d7:b9:71:59:e1:db:
                    85:3d:ef:c2:a6:12:f8:11:5d:88:27:b9:7f:f1:98:
                    0f:e1:55:88:20:cd:cc:0f:29:80:c7:31:a1:fc:96:
                    89:11:e7:e3:af:89:40:b6:8f:10:cf:1c:1b:65:3e:
                    f5:bf:47:77:07:83:04:9d:76:bc:f9:05:a3:3d:2c:
                    e9:2f:a5:62:80:48:1d:3e:1b:17:ae:ca:71:52:7c:
                    36:01:d4:9f:31:09:55:e3:b0:35:e3:54:be:89:1d:
                    0b:90:b0:4b:b3:c9:56:9a:64:a0:fc:12:f2:ba:4f:
                    0c:9a:2a:0e:88:0a:e3:87:b6:c6:ba:0d:e7:c1:c7:
                    04:47:47:42:b3:ca:ac:61:cc:9f:fb:da:41:cd:ca:
                    9b:8e:f7:72:b6:93:39:53:c6:24:23:e9:0b:d9:03:
                    fd:ea:bb:99:03:13:a1:19:18:51:3c:8d:84:7c:ca:
                    c9:ac:c9:40:7a:7a:2d:bc:39:cd:8a:66:cd:b8:76:
                    91:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:61:90:4D:79:98:1C:8C:4D:86:0E:83:5B:F7:09:83:59:C6:36:65
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.156.0/24
                  192.166.83.0/24
                  195.20.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:51:76:f6:e8:43:6b:5d:9b:f0:a6:0a:68:30:14:c2:03:55:
         0b:c1:8d:08:64:45:c6:f1:14:ff:45:9c:c0:5e:06:ab:bf:e7:
         bc:3c:2b:79:bc:e3:91:ad:dc:16:98:02:8e:ad:a1:a3:3e:27:
         4e:a2:0d:16:88:cb:23:68:7e:9b:35:53:6f:33:50:b8:b3:95:
         ca:9e:ac:87:a6:9a:b3:3c:60:5e:6f:0e:4a:b6:90:38:85:72:
         7d:65:1f:93:8a:45:0c:3d:ca:84:29:7b:4b:c7:93:ab:47:d7:
         91:29:4e:6b:30:a5:cf:6e:5c:de:35:7e:cd:6b:2a:82:24:c4:
         99:5f:43:da:40:93:77:5d:46:b7:30:ce:4f:30:b0:01:aa:17:
         12:1c:16:e1:4e:43:1c:53:8b:aa:c7:8b:9c:35:5c:43:af:be:
         35:c0:9b:8a:43:52:71:5e:d8:cd:00:be:02:30:97:7a:65:cb:
         92:6b:5e:9a:e6:99:f1:a2:e6:44:02:0b:35:aa:3d:54:9f:a0:
         0b:a1:c4:35:37:23:7c:e5:32:3c:eb:91:f6:4e:15:c1:0b:a4:
         83:c3:ef:03:80:27:55:47:94:4d:d4:4d:75:d7:83:de:ec:7f:
         42:87:56:83:43:7b:98:ba:fd:fd:03:f5:3c:1c:b3:88:4e:fa:
         ed:b9:94:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUbWeX/1TALj7iacAMJFl08/3tQEgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjkyMzU2NTRaFw0yNTAyMjgwMDAxNTRaMDMxMTAvBgNV
BAMTKDYyNjE5MDRENzk5ODFDOEM0RDg2MEU4MzVCRjcwOTgzNTlDNjM2NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNOtSwcF0oyQZpqn3hszhFJU9e
lWQ3nHNRFphf58njTFlMa+EXlXHplhZO9gJyKtLTO8kyN+b6a2KNXNbiou8Phyyh
Vde5cVnh24U978KmEvgRXYgnuX/xmA/hVYggzcwPKYDHMaH8lokR5+OviUC2jxDP
HBtlPvW/R3cHgwSddrz5BaM9LOkvpWKASB0+GxeuynFSfDYB1J8xCVXjsDXjVL6J
HQuQsEuzyVaaZKD8EvK6TwyaKg6ICuOHtsa6DefBxwRHR0KzyqxhzJ/72kHNypuO
93K2kzlTxiQj6QvZA/3qu5kDE6EZGFE8jYR8ysmsyUB6ei28Oc2KZs24dpFTAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUYmGQTXmYHIxNhg6DW/cJg1nGNmUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwMDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjWKc
AwQAwKZTAwQAwxRpMA0GCSqGSIb3DQEBCwUAA4IBAQBTUXb26ENrXZvwpgpoMBTC
A1ULwY0IZEXG8RT/RZzAXgarv+e8PCt5vOORrdwWmAKOraGjPidOog0WiMsjaH6b
NVNvM1C4s5XKnqyHppqzPGBebw5KtpA4hXJ9ZR+TikUMPcqEKXtLx5OrR9eRKU5r
MKXPblzeNX7NayqCJMSZX0PaQJN3XUa3MM5PMLABqhcSHBbhTkMcU4uqx4ucNVxD
r741wJuKQ1JxXtjNAL4CMJd6ZcuSa16a5pnxouZEAgs1qj1Un6ALocQ1NyN85TI8
65H2ThXBC6SDw+8DgCdVR5RN1E1114Pe7H9Ch1aDQ3uYuv39A/U8HLOITvrtuZQf
-----END CERTIFICATE-----