Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400529.roa
File:                     AS400529.roa (raw, json)
Hash identifier:          6xzWxqd7DJBTxB28TAwwLuu4q5g+jupknTB4MKZFtOA=
Subject key identifier:   13:5C:80:78:B2:A5:B6:AC:22:B3:F1:A7:BB:E1:B2:A4:27:50:2A:12
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       05AC2DA9F929FEBCFB6A0C942454D2AF8CE939F6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400529.roa
Signing time:             Tue 09 Apr 2024 20:05:16 +0000
ROA not before:           Tue 09 Apr 2024 20:00:16 +0000
ROA not after:            Tue 08 Apr 2025 20:05:16 +0000
asID:                     400529
IP address blocks:        45.149.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ac:2d:a9:f9:29:fe:bc:fb:6a:0c:94:24:54:d2:af:8c:e9:39:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  9 20:00:16 2024 GMT
            Not After : Apr  8 20:05:16 2025 GMT
        Subject: CN=135C8078B2A5B6AC22B3F1A7BBE1B2A427502A12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:d5:78:eb:46:3c:f6:32:a2:3e:29:86:e9:90:
                    80:86:57:e1:e4:24:dd:ee:9f:d8:e5:0a:90:d9:a8:
                    75:56:70:ac:bd:d3:9e:b8:0b:74:b4:1e:fd:bc:51:
                    28:2d:2c:53:ca:5e:6c:3f:16:b6:b0:53:cf:9d:e1:
                    87:39:49:26:09:1f:02:bc:49:a8:ee:04:e1:31:57:
                    3d:d3:85:15:f2:f9:28:d9:03:d2:10:63:3b:7e:1c:
                    bb:d2:ee:3f:ea:45:34:b8:f8:38:93:8c:83:31:4f:
                    90:52:58:74:85:78:7f:ea:fd:77:03:c6:2d:6d:fe:
                    d4:09:23:5a:bd:80:50:8a:f5:8f:16:eb:61:88:48:
                    93:65:64:7b:c3:6f:63:c8:6a:f7:cc:10:07:e0:6e:
                    c6:55:88:ad:bc:f2:85:07:75:07:b8:6b:57:74:00:
                    6d:a2:73:66:b8:a5:8e:bf:81:93:2a:c2:bc:6b:88:
                    f4:8a:33:93:a8:08:c6:a2:bf:a9:58:c0:b4:7c:bc:
                    4a:64:60:5d:3d:d9:46:b5:4d:6a:e9:3d:06:9a:82:
                    0b:21:7c:fd:ec:3b:34:a1:60:8c:6d:99:d7:99:05:
                    1c:5d:3f:0b:7b:45:ba:85:cb:68:24:9c:82:50:f6:
                    c2:52:62:ef:f9:2e:6f:2e:dc:c1:23:2d:c0:8d:2e:
                    4e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5C:80:78:B2:A5:B6:AC:22:B3:F1:A7:BB:E1:B2:A4:27:50:2A:12
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400529.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:00:95:c3:be:36:17:d9:48:d7:86:f6:f0:07:88:ac:35:ef:
         74:c9:9f:a6:2a:b0:59:21:cc:ea:39:0f:05:b0:33:20:7f:85:
         27:7d:48:4a:a5:27:a6:60:ce:64:a0:66:f6:13:f2:eb:17:d7:
         97:42:ea:2e:19:4d:a6:00:27:f6:50:22:de:a6:f9:3f:f0:45:
         b9:34:ca:3c:33:da:e0:0c:e4:9d:2e:8b:b6:e0:ff:04:90:45:
         48:03:cb:99:c4:2e:fe:cc:60:d4:43:cd:05:44:af:65:59:cc:
         57:2c:f8:6f:91:41:fb:b3:73:ee:9d:70:8c:6a:dc:91:f9:94:
         c7:d9:d0:67:e8:64:9f:83:ca:bc:cc:ce:30:8f:30:d0:db:04:
         5a:9f:e4:75:7f:0e:91:13:9c:f0:f6:c9:ea:8a:9b:c4:ce:6f:
         66:45:a9:5e:99:d0:61:65:d5:bd:c2:e8:00:76:ea:54:2e:a8:
         97:f5:fa:8d:fe:0a:86:56:18:47:68:4f:c7:60:1b:78:c0:4e:
         2e:6a:62:10:8b:9e:47:28:0f:05:9f:26:65:16:42:b6:ee:90:
         d8:e9:b3:c4:aa:7a:c4:18:f2:fd:d3:60:af:d1:a2:03:d9:44:
         fc:6f:d4:3a:95:3d:e0:fb:f7:60:74:e8:1a:2a:e4:a7:55:58:
         71:d9:93:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBawtqfkp/rz7agyUJFTSr4zpOfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA0MDkyMDAwMTZaFw0yNTA0MDgyMDA1MTZaMDMxMTAvBgNV
BAMTKDEzNUM4MDc4QjJBNUI2QUMyMkIzRjFBN0JCRTFCMkE0Mjc1MDJBMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu1XjrRjz2MqI+KYbpkICGV+Hk
JN3un9jlCpDZqHVWcKy90564C3S0Hv28USgtLFPKXmw/FrawU8+d4Yc5SSYJHwK8
SajuBOExVz3ThRXy+SjZA9IQYzt+HLvS7j/qRTS4+DiTjIMxT5BSWHSFeH/q/XcD
xi1t/tQJI1q9gFCK9Y8W62GISJNlZHvDb2PIavfMEAfgbsZViK288oUHdQe4a1d0
AG2ic2a4pY6/gZMqwrxriPSKM5OoCMaiv6lYwLR8vEpkYF092Ua1TWrpPQaaggsh
fP3sOzShYIxtmdeZBRxdPwt7RbqFy2gknIJQ9sJSYu/5Lm8u3MEjLcCNLk4rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUE1yAeLKltqwis/Gnu+GypCdQKhIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwNTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZW5
MA0GCSqGSIb3DQEBCwUAA4IBAQCyAJXDvjYX2UjXhvbwB4isNe90yZ+mKrBZIczq
OQ8FsDMgf4UnfUhKpSemYM5koGb2E/LrF9eXQuouGU2mACf2UCLepvk/8EW5NMo8
M9rgDOSdLou24P8EkEVIA8uZxC7+zGDUQ80FRK9lWcxXLPhvkUH7s3PunXCMatyR
+ZTH2dBn6GSfg8q8zM4wjzDQ2wRan+R1fw6RE5zw9snqipvEzm9mRalemdBhZdW9
wugAdupULqiX9fqN/gqGVhhHaE/HYBt4wE4uamIQi55HKA8FnyZlFkK27pDY6bPE
qnrEGPL902Cv0aID2UT8b9Q6lT3g+/dgdOgaKuSnVVhx2ZPR
-----END CERTIFICATE-----