Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          nYgX3HL3tTZlCgIzVoUTKngIIhDdMaxvIe1yQ3fiD+Q=
Subject key identifier:   6B:A3:6F:A9:74:E5:A0:75:90:2B:F9:16:D7:8C:91:A6:61:62:2B:3D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0C24D0002B985BE905583D257C98AC8D9E787653
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400866.roa
Signing time:             Tue 07 May 2024 18:52:37 +0000
ROA not before:           Tue 07 May 2024 18:47:37 +0000
ROA not after:            Tue 06 May 2025 18:52:37 +0000
asID:                     400866
IP address blocks:        91.199.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:24:d0:00:2b:98:5b:e9:05:58:3d:25:7c:98:ac:8d:9e:78:76:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May  7 18:47:37 2024 GMT
            Not After : May  6 18:52:37 2025 GMT
        Subject: CN=6BA36FA974E5A075902BF916D78C91A661622B3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:aa:d7:e3:96:8d:4c:7f:05:99:87:96:80:c8:
                    87:32:8e:da:fc:f9:ab:a5:ea:e4:ee:94:80:52:1b:
                    ad:4b:f7:9c:cf:9f:c8:af:4e:2f:1c:79:1d:13:92:
                    3b:54:0a:c6:db:35:e4:ed:3a:fa:9d:3b:a6:73:bf:
                    ea:c8:83:58:e3:54:a6:e0:79:2d:b1:95:ac:77:f3:
                    67:5b:72:22:bf:a3:94:3a:34:d2:4a:20:f4:94:25:
                    5d:d2:ff:34:7b:d4:52:77:91:eb:a6:01:67:c7:73:
                    5c:9c:df:82:8c:3d:61:b9:be:3b:1a:24:20:50:66:
                    11:f0:6c:4e:a8:2c:7c:55:b4:8e:aa:40:65:fc:c7:
                    3a:f1:29:88:57:19:50:70:9c:a9:62:90:ba:fe:ce:
                    05:f3:e3:4a:1e:dd:36:dd:70:4a:82:02:35:86:44:
                    9a:97:b4:2e:ec:1e:86:68:f6:65:7a:92:7c:05:58:
                    3f:2e:68:df:bc:13:ef:d7:af:72:f3:7d:c3:eb:17:
                    b0:c5:f0:bf:0a:63:7f:5d:cb:57:c3:41:9d:11:3d:
                    45:b4:26:bc:6d:5e:a6:ef:fc:50:97:e4:ec:75:49:
                    4c:3c:41:11:45:7d:ca:2d:3f:4c:e0:21:88:7d:12:
                    80:a0:04:f6:b5:5a:4e:cb:53:f7:e1:69:ff:84:a6:
                    4b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A3:6F:A9:74:E5:A0:75:90:2B:F9:16:D7:8C:91:A6:61:62:2B:3D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:26:84:eb:20:8e:4d:29:fa:9f:98:4e:4a:af:cf:3c:00:30:
         86:b4:c2:5e:d0:2d:67:55:d6:d7:3a:26:93:7c:55:79:a9:fe:
         33:a2:76:f5:c1:b4:c1:05:94:0e:82:10:51:7e:25:26:eb:55:
         5e:03:b7:56:93:9e:80:df:de:d2:8b:b0:03:16:46:3c:85:fb:
         7e:95:04:f1:35:91:92:3c:f7:a6:7c:8d:e5:f0:37:36:d5:f4:
         77:d3:49:4d:47:ba:c6:28:98:4a:6b:d6:15:b5:73:be:a8:98:
         14:b9:e6:f7:3a:cb:11:2b:ab:d4:6a:bb:d1:2a:a3:6a:0b:0f:
         fd:2f:d6:1d:9f:e8:d3:0e:c9:05:55:9f:51:75:be:9f:b0:a4:
         1c:89:76:da:3e:a6:32:8c:fc:f3:e6:6a:c5:64:50:e3:a5:f6:
         82:5f:f8:8f:a6:63:05:16:38:b9:f6:0e:8a:b6:48:13:d4:e0:
         df:b4:47:01:c9:2e:b0:0a:f9:ed:41:05:16:66:21:65:65:c5:
         8f:f8:31:cd:a9:12:71:1a:03:51:d2:48:67:d4:04:24:42:a1:
         54:e0:89:5f:51:ef:79:b3:61:52:c9:47:3d:76:ea:1b:90:7c:
         64:30:39:b6:f4:ce:7c:17:cc:9a:c7:51:74:0f:32:b7:ea:57:
         91:f8:fe:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDCTQACuYW+kFWD0lfJisjZ54dlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MDcxODQ3MzdaFw0yNTA1MDYxODUyMzdaMDMxMTAvBgNV
BAMTKDZCQTM2RkE5NzRFNUEwNzU5MDJCRjkxNkQ3OEM5MUE2NjE2MjJCM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmqtfjlo1MfwWZh5aAyIcyjtr8
+aul6uTulIBSG61L95zPn8ivTi8ceR0TkjtUCsbbNeTtOvqdO6Zzv+rIg1jjVKbg
eS2xlax382dbciK/o5Q6NNJKIPSUJV3S/zR71FJ3keumAWfHc1yc34KMPWG5vjsa
JCBQZhHwbE6oLHxVtI6qQGX8xzrxKYhXGVBwnKlikLr+zgXz40oe3TbdcEqCAjWG
RJqXtC7sHoZo9mV6knwFWD8uaN+8E+/Xr3LzfcPrF7DF8L8KY39dy1fDQZ0RPUW0
JrxtXqbv/FCX5Ox1SUw8QRFFfcotP0zgIYh9EoCgBPa1Wk7LU/fhaf+EpktfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUa6NvqXTloHWQK/kW14yRpmFiKz0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ej
MA0GCSqGSIb3DQEBCwUAA4IBAQAhJoTrII5NKfqfmE5Kr888ADCGtMJe0C1nVdbX
OiaTfFV5qf4zonb1wbTBBZQOghBRfiUm61VeA7dWk56A397Si7ADFkY8hft+lQTx
NZGSPPemfI3l8Dc21fR300lNR7rGKJhKa9YVtXO+qJgUueb3OssRK6vUarvRKqNq
Cw/9L9Ydn+jTDskFVZ9Rdb6fsKQciXbaPqYyjPzz5mrFZFDjpfaCX/iPpmMFFji5
9g6KtkgT1ODftEcByS6wCvntQQUWZiFlZcWP+DHNqRJxGgNR0khn1AQkQqFU4Ilf
Ue95s2FSyUc9duobkHxkMDm29M58F8yax1F0DzK36leR+P7/
-----END CERTIFICATE-----