Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          NlWzh8tGp/ANEoXfRax0YncAzY/mF/EcKeaRZIkq6w0=
Subject key identifier:   41:5B:BD:C5:2B:C5:F3:1D:6B:7C:2F:B5:1E:37:68:C2:F5:EA:AC:F6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       20B22986E414A0A682EF0AD7C435F19CACF7809A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa
Signing time:             Sat 14 Dec 2024 05:53:48 +0000
ROA not before:           Sat 14 Dec 2024 05:48:48 +0000
ROA not after:            Sat 13 Dec 2025 05:53:48 +0000
asID:                     400810
IP address blocks:        45.153.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b2:29:86:e4:14:a0:a6:82:ef:0a:d7:c4:35:f1:9c:ac:f7:80:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 14 05:48:48 2024 GMT
            Not After : Dec 13 05:53:48 2025 GMT
        Subject: CN=415BBDC52BC5F31D6B7C2FB51E3768C2F5EAACF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:60:c4:4a:6e:67:13:0d:b0:8f:42:3a:22:e6:
                    94:76:5e:77:cc:88:7d:b3:51:2e:51:fb:ea:44:ae:
                    6f:c4:f6:85:fa:35:45:7a:20:ea:98:23:43:d8:4d:
                    b7:c8:ce:a0:f8:d1:cd:82:a7:aa:9f:4d:26:b9:40:
                    c4:25:2f:aa:3c:e9:e3:34:71:7a:12:e1:4b:a9:b2:
                    3b:8d:3b:24:7f:88:46:b7:dc:a1:b8:2f:7f:35:f0:
                    97:f1:9a:83:a1:2c:9b:ca:4e:ac:26:61:5e:7a:44:
                    e8:d3:5c:81:9d:cc:59:90:85:84:aa:54:c0:99:aa:
                    2c:de:45:39:8b:26:40:c9:0e:89:dd:3b:e8:4f:1e:
                    1c:ad:29:85:b9:f5:c0:ac:10:bc:0b:86:de:49:8e:
                    d4:ae:a3:88:5a:69:aa:60:d2:08:9d:2a:a9:bd:30:
                    c7:ba:8f:35:39:09:3a:e3:ca:36:8f:60:fe:d0:14:
                    36:af:dd:50:50:36:04:a1:bd:5d:70:72:5b:ec:49:
                    af:27:f1:64:ed:fd:5a:5e:8c:72:17:0c:6b:d4:b9:
                    21:d6:9a:f3:b0:f9:76:f2:a3:29:6f:33:82:cc:09:
                    33:49:77:21:79:cc:b8:3e:81:55:ef:47:31:e4:89:
                    52:07:51:01:96:71:65:4c:1f:58:37:4b:6c:63:fc:
                    54:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5B:BD:C5:2B:C5:F3:1D:6B:7C:2F:B5:1E:37:68:C2:F5:EA:AC:F6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a9:ad:10:cd:83:f3:ad:55:cd:16:a3:c3:ed:11:e4:a6:ab:
         7b:63:6c:eb:7e:6a:dd:55:6e:31:c0:0a:2d:f6:a3:88:1a:bd:
         27:d7:91:4d:14:c6:b1:db:1e:65:f6:fa:b7:8b:a9:24:dd:a4:
         25:c6:c6:46:38:77:3b:66:24:3d:54:a7:ff:7d:50:90:7b:7e:
         ea:a3:de:1f:06:a3:e1:8f:74:e2:0d:e0:0b:f1:c0:e9:95:f6:
         bd:c6:fa:ae:f0:5b:36:04:01:a0:e5:1a:1f:0c:22:8e:e5:91:
         4d:24:9e:e6:2e:74:2c:16:d7:f5:e7:a7:58:3b:86:cf:39:82:
         76:65:38:b8:8a:ff:04:51:18:d2:17:83:e6:6f:7a:98:20:9d:
         f1:59:29:f0:71:ea:86:58:6b:d0:4b:08:b5:82:cf:27:36:b6:
         b7:3d:9e:9c:8a:f1:92:ae:75:f3:cd:d6:c5:b5:c0:1d:5c:4e:
         53:0b:7d:1b:7d:1c:28:94:a0:d0:25:3d:41:e0:7c:30:45:50:
         1e:14:20:25:dd:5a:87:ef:8b:a9:c7:08:f0:08:88:82:59:b5:
         9e:f2:65:4a:c1:57:6e:0d:84:3d:0e:6d:d0:c6:b3:25:20:a4:
         0b:90:2e:4f:a6:b6:41:c8:dc:17:2d:38:4b:fd:4d:4d:d5:bd:
         0e:7b:18:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUILIphuQUoKaC7wrXxDXxnKz3gJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMTQwNTQ4NDhaFw0yNTEyMTMwNTUzNDhaMDMxMTAvBgNV
BAMTKDQxNUJCREM1MkJDNUYzMUQ2QjdDMkZCNTFFMzc2OEMyRjVFQUFDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuYMRKbmcTDbCPQjoi5pR2XnfM
iH2zUS5R++pErm/E9oX6NUV6IOqYI0PYTbfIzqD40c2Cp6qfTSa5QMQlL6o86eM0
cXoS4UupsjuNOyR/iEa33KG4L3818JfxmoOhLJvKTqwmYV56ROjTXIGdzFmQhYSq
VMCZqizeRTmLJkDJDondO+hPHhytKYW59cCsELwLht5JjtSuo4haaapg0gidKqm9
MMe6jzU5CTrjyjaPYP7QFDav3VBQNgShvV1wclvsSa8n8WTt/VpejHIXDGvUuSHW
mvOw+XbyoylvM4LMCTNJdyF5zLg+gVXvRzHkiVIHUQGWcWVMH1g3S2xj/FQBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQVu9xSvF8x1rfC+1HjdowvXqrPYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkG
MA0GCSqGSIb3DQEBCwUAA4IBAQAfqa0QzYPzrVXNFqPD7RHkpqt7Y2zrfmrdVW4x
wAot9qOIGr0n15FNFMax2x5l9vq3i6kk3aQlxsZGOHc7ZiQ9VKf/fVCQe37qo94f
BqPhj3TiDeAL8cDplfa9xvqu8Fs2BAGg5RofDCKO5ZFNJJ7mLnQsFtf156dYO4bP
OYJ2ZTi4iv8EURjSF4Pmb3qYIJ3xWSnwceqGWGvQSwi1gs8nNra3PZ6civGSrnXz
zdbFtcAdXE5TC30bfRwolKDQJT1B4HwwRVAeFCAl3VqH74upxwjwCIiCWbWe8mVK
wVduDYQ9Dm3QxrMlIKQLkC5PprZByNwXLThL/U1N1b0OexgW
-----END CERTIFICATE-----