Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          WJRGxNIgkdCzSoOkF9wcePxWX39ra2X+IOPgdiQPq8E=
Subject key identifier:   E1:7F:F0:89:9A:3C:F7:D5:C4:BA:ED:E3:DD:FA:A2:EF:94:DB:99:4B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2C895BDF221B360CEFDDB0D1AA2A8FB7EF2C45FC
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS43641.roa
Signing time:             Sun 22 Sep 2024 15:03:52 +0000
ROA not before:           Sun 22 Sep 2024 14:58:52 +0000
ROA not after:            Sun 21 Sep 2025 15:03:52 +0000
asID:                     43641
IP address blocks:        45.157.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:89:5b:df:22:1b:36:0c:ef:dd:b0:d1:aa:2a:8f:b7:ef:2c:45:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 22 14:58:52 2024 GMT
            Not After : Sep 21 15:03:52 2025 GMT
        Subject: CN=E17FF0899A3CF7D5C4BAEDE3DDFAA2EF94DB994B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bc:24:5e:28:5d:a8:60:ad:22:70:26:81:21:
                    2d:e8:45:f6:35:d7:bd:78:9f:d6:91:ae:b1:ad:be:
                    af:1c:4e:48:49:5f:f7:27:a0:f6:98:fb:10:d3:95:
                    31:e1:4c:bf:58:1d:04:7d:bc:da:ef:88:ec:a7:fd:
                    d9:4d:05:fa:e0:81:dc:4e:62:00:7f:3b:c4:43:7a:
                    3b:38:f3:5e:a0:45:39:42:c4:fc:36:89:ce:f5:1f:
                    fd:3e:aa:a2:df:f0:02:a9:6c:05:6f:93:1b:f6:e2:
                    f0:c0:8d:46:8c:47:b6:03:95:af:42:a2:36:33:fc:
                    eb:e8:73:4a:c9:5f:b1:1c:3b:2c:c5:11:45:67:3a:
                    7d:57:74:80:fd:8b:25:55:a3:34:8d:38:24:7e:81:
                    56:2c:42:ae:8e:f0:51:2c:cf:90:b1:64:54:52:64:
                    89:bd:d6:73:38:d4:22:9f:3e:3b:af:c7:01:67:0c:
                    70:7f:55:e3:d4:9a:0d:65:ef:db:30:33:ff:da:06:
                    44:44:a3:29:f9:64:c1:dd:8e:35:d9:f5:c8:93:7d:
                    fe:9f:2e:2c:fd:71:de:b4:65:45:66:e8:57:29:ec:
                    7d:b9:07:77:38:37:9b:b8:49:c7:35:90:0a:0d:8b:
                    db:d8:ec:7c:0e:0c:eb:45:03:f4:11:92:ae:e5:5a:
                    24:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7F:F0:89:9A:3C:F7:D5:C4:BA:ED:E3:DD:FA:A2:EF:94:DB:99:4B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ba:88:51:a4:cc:f7:b3:14:40:3d:c2:39:5e:91:38:64:ad:
         84:99:c6:4f:e8:93:1b:83:b1:6b:28:3c:99:07:7d:3c:e8:f9:
         ac:66:a4:df:6d:b3:9c:14:e2:1a:aa:85:4e:39:e2:17:fc:28:
         27:a6:02:96:e2:ba:f4:72:99:38:3b:80:3d:24:26:9f:51:1e:
         eb:24:7d:3e:09:2f:a8:cb:10:2e:45:c0:69:73:fa:c3:ac:b0:
         b1:3c:c5:5a:ea:84:9e:15:33:04:08:a5:0b:1f:90:2e:3b:e9:
         70:f1:bc:98:1a:87:64:66:83:59:b1:0e:29:ce:85:fc:f6:4a:
         60:38:37:e6:09:f7:85:07:01:a3:c7:7b:8d:f0:c0:be:26:91:
         fa:19:e4:ba:68:e4:a5:ed:84:98:c1:5b:43:3d:74:b4:f9:6e:
         a2:01:5d:7f:de:6b:6f:90:30:85:dc:80:d8:9b:48:97:92:d0:
         d8:53:f6:bb:f2:bc:d5:9c:94:35:89:e0:5a:55:50:87:dc:98:
         fe:12:02:19:52:53:a2:10:ae:a7:54:3d:60:ce:75:1f:da:51:
         e9:de:a4:9f:eb:ce:f7:ff:95:2a:a0:35:9e:a4:7f:5b:a8:ec:
         05:ad:ee:49:29:34:0e:72:56:94:ba:fa:24:d8:fb:0d:3d:a9:
         65:c8:23:d1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULIlb3yIbNgzv3bDRqiqPt+8sRfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA5MjIxNDU4NTJaFw0yNTA5MjExNTAzNTJaMDMxMTAvBgNV
BAMTKEUxN0ZGMDg5OUEzQ0Y3RDVDNEJBRURFM0RERkFBMkVGOTREQjk5NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtvCReKF2oYK0icCaBIS3oRfY1
1714n9aRrrGtvq8cTkhJX/cnoPaY+xDTlTHhTL9YHQR9vNrviOyn/dlNBfrggdxO
YgB/O8RDejs4816gRTlCxPw2ic71H/0+qqLf8AKpbAVvkxv24vDAjUaMR7YDla9C
ojYz/Ovoc0rJX7EcOyzFEUVnOn1XdID9iyVVozSNOCR+gVYsQq6O8FEsz5CxZFRS
ZIm91nM41CKfPjuvxwFnDHB/VePUmg1l79swM//aBkREoyn5ZMHdjjXZ9ciTff6f
Liz9cd60ZUVm6Fcp7H25B3c4N5u4Scc1kAoNi9vY7HwODOtFA/QRkq7lWiR9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU4X/wiZo899XEuu3j3fqi75TbmUswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnREw
DQYJKoZIhvcNAQELBQADggEBAH66iFGkzPezFEA9wjlekThkrYSZxk/okxuDsWso
PJkHfTzo+axmpN9ts5wU4hqqhU454hf8KCemApbiuvRymTg7gD0kJp9RHuskfT4J
L6jLEC5FwGlz+sOssLE8xVrqhJ4VMwQIpQsfkC476XDxvJgah2Rmg1mxDinOhfz2
SmA4N+YJ94UHAaPHe43wwL4mkfoZ5Lpo5KXthJjBW0M9dLT5bqIBXX/ea2+QMIXc
gNibSJeS0NhT9rvyvNWclDWJ4FpVUIfcmP4SAhlSU6IQrqdUPWDOdR/aUenepJ/r
zvf/lSqgNZ6kf1uo7AWt7kkpNA5yVpS6+iTY+w09qWXII9E=
-----END CERTIFICATE-----