Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          6aD0kLotLwLT2wpxBcECBvuAhaYYUvga+kf9aek6bwc=
Subject key identifier:   70:96:F2:B0:7F:79:FB:58:C1:B5:EE:21:7B:68:44:A0:A0:ED:A4:2D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7F102258214580B113A793254A725F669DE0F64D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa
Signing time:             Sat 13 Jan 2024 05:05:08 +0000
ROA not before:           Sat 13 Jan 2024 05:00:08 +0000
ROA not after:            Sat 11 Jan 2025 05:05:08 +0000
asID:                     400810
IP address blocks:        45.153.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:10:22:58:21:45:80:b1:13:a7:93:25:4a:72:5f:66:9d:e0:f6:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 13 05:00:08 2024 GMT
            Not After : Jan 11 05:05:08 2025 GMT
        Subject: CN=7096F2B07F79FB58C1B5EE217B6844A0A0EDA42D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:df:c6:87:35:64:f8:a0:47:ee:ec:91:b1:d3:
                    07:39:ac:9f:57:08:5d:86:88:41:14:9c:67:47:48:
                    99:4b:3c:43:2c:56:ea:41:d5:74:c3:0d:61:dd:49:
                    44:86:90:0f:64:c6:59:51:d5:35:bf:ac:a4:58:18:
                    ad:4d:27:f8:fa:84:35:97:19:ce:ef:25:57:ee:8d:
                    c0:e7:79:ca:7a:ae:4c:4c:29:c6:8c:85:44:cb:38:
                    af:9a:6d:23:1b:68:aa:21:78:a7:fe:24:c1:04:3e:
                    93:35:ed:25:93:c2:8a:7e:d7:0e:25:d4:5b:05:87:
                    a9:0c:b6:f5:3b:a7:5b:bd:9f:0d:42:75:53:21:6e:
                    b0:0c:2a:e3:7a:6f:7b:cd:24:1f:ea:c6:f3:9d:27:
                    59:c1:85:ab:62:51:c2:41:38:4a:1a:03:1c:5f:dc:
                    b7:68:e2:16:97:16:72:c4:5c:69:49:0d:ef:9f:fc:
                    7e:d4:4e:5e:f0:7b:0b:e8:76:41:72:90:e5:5b:05:
                    04:27:80:c6:ff:2f:a2:f0:59:c7:1f:7d:a3:24:c3:
                    45:4e:e3:dd:d6:28:95:e4:f5:8e:ef:a4:c8:cb:74:
                    5b:8c:66:c8:32:c2:34:6e:e9:9c:bc:6d:14:19:93:
                    28:b8:29:20:59:85:1d:4c:d0:74:6e:00:b0:df:70:
                    67:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:96:F2:B0:7F:79:FB:58:C1:B5:EE:21:7B:68:44:A0:A0:ED:A4:2D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9c:10:24:a1:fc:61:c8:b6:57:d6:9e:5a:bc:a9:49:c2:a8:
         ad:35:c6:1d:f8:ee:bb:87:18:82:f5:a9:19:8c:da:ad:85:ff:
         51:31:84:54:11:f8:50:88:d2:f9:2f:d4:9e:36:30:28:7a:48:
         52:78:6c:f4:99:7d:80:9a:95:62:a4:3e:78:3c:39:4f:a3:99:
         ec:bb:fe:b9:fd:fe:8e:3a:ad:d2:62:a1:1d:a3:0c:5a:ac:9a:
         6d:b6:ec:a5:61:ac:17:6b:04:02:01:2a:7f:be:7c:9d:c5:69:
         54:1f:b5:3e:be:55:90:1a:f8:51:be:42:3d:02:ce:15:49:b8:
         7f:09:57:40:36:20:1d:ad:fe:ac:bb:88:4c:38:8e:cd:60:26:
         98:95:42:7d:11:59:ca:d6:15:bc:a3:5b:9f:b9:32:40:b3:eb:
         3d:ac:a8:52:e0:ed:52:67:9c:02:78:72:97:6e:f1:dc:fd:e0:
         a4:82:ac:27:74:41:4a:c9:b6:ce:e8:56:3a:9a:00:a6:84:8a:
         ba:50:18:a6:8f:03:83:35:47:70:98:8a:7f:f4:45:f7:db:3a:
         07:de:98:24:be:66:04:98:07:8f:9e:14:9b:d6:1e:ac:57:37:
         38:82:a1:f2:cd:b2:a4:c7:be:e2:9e:37:dd:87:fc:27:bc:eb:
         e9:55:41:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfxAiWCFFgLETp5MlSnJfZp3g9k0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMTMwNTAwMDhaFw0yNTAxMTEwNTA1MDhaMDMxMTAvBgNV
BAMTKDcwOTZGMkIwN0Y3OUZCNThDMUI1RUUyMTdCNjg0NEEwQTBFREE0MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ38aHNWT4oEfu7JGx0wc5rJ9X
CF2GiEEUnGdHSJlLPEMsVupB1XTDDWHdSUSGkA9kxllR1TW/rKRYGK1NJ/j6hDWX
Gc7vJVfujcDnecp6rkxMKcaMhUTLOK+abSMbaKoheKf+JMEEPpM17SWTwop+1w4l
1FsFh6kMtvU7p1u9nw1CdVMhbrAMKuN6b3vNJB/qxvOdJ1nBhatiUcJBOEoaAxxf
3Ldo4haXFnLEXGlJDe+f/H7UTl7wewvodkFykOVbBQQngMb/L6LwWccffaMkw0VO
493WKJXk9Y7vpMjLdFuMZsgywjRu6Zy8bRQZkyi4KSBZhR1M0HRuALDfcGdlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcJbysH95+1jBte4he2hEoKDtpC0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkG
MA0GCSqGSIb3DQEBCwUAA4IBAQCRnBAkofxhyLZX1p5avKlJwqitNcYd+O67hxiC
9akZjNqthf9RMYRUEfhQiNL5L9SeNjAoekhSeGz0mX2AmpVipD54PDlPo5nsu/65
/f6OOq3SYqEdowxarJpttuylYawXawQCASp/vnydxWlUH7U+vlWQGvhRvkI9As4V
Sbh/CVdANiAdrf6su4hMOI7NYCaYlUJ9EVnK1hW8o1ufuTJAs+s9rKhS4O1SZ5wC
eHKXbvHc/eCkgqwndEFKybbO6FY6mgCmhIq6UBimjwODNUdwmIp/9EX32zoH3pgk
vmYEmAePnhSb1h6sVzc4gqHyzbKkx77injfdh/wnvOvpVUFh
-----END CERTIFICATE-----