Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa
File:                     AS46450.roa (raw, json)
Hash identifier:          Y7HdUEwSDPmIuCL2Rkt+p47Ab6OwyMS/pzURcmaJE4E=
Subject key identifier:   7A:2B:3E:DA:A5:E9:93:D8:25:17:AA:7B:E8:C0:35:14:AD:6A:39:32
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       350D6ECD0885FBF84BEE2DE4E1CBD51549A1A034
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa
Signing time:             Sun 19 May 2024 15:46:12 +0000
ROA not before:           Sun 19 May 2024 15:41:12 +0000
ROA not after:            Sun 18 May 2025 15:46:12 +0000
asID:                     46450
IP address blocks:        91.199.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:0d:6e:cd:08:85:fb:f8:4b:ee:2d:e4:e1:cb:d5:15:49:a1:a0:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 19 15:41:12 2024 GMT
            Not After : May 18 15:46:12 2025 GMT
        Subject: CN=7A2B3EDAA5E993D82517AA7BE8C03514AD6A3932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:7f:af:6f:bc:b6:02:86:3a:2d:31:29:a6:
                    d7:f3:d0:d4:4b:c3:7b:e8:32:19:a1:5b:17:2a:2c:
                    c7:e6:d6:49:96:4a:41:4d:84:0f:25:1f:92:33:2e:
                    e4:3b:09:a9:69:77:69:a3:c5:88:cd:48:f2:51:e2:
                    8d:4c:08:9b:3c:b3:d2:b1:ca:6c:b8:57:6d:51:8f:
                    87:0e:00:88:a7:a4:07:88:ce:8e:31:dd:d1:48:2f:
                    c2:17:49:fa:e7:06:68:3e:65:1c:45:1e:c8:d2:22:
                    48:2b:31:89:a0:aa:9a:02:6d:37:1b:15:85:e5:6a:
                    5a:00:09:d3:de:2a:7d:c1:42:1f:d0:73:8b:9e:f4:
                    1a:60:6e:85:4a:08:41:78:95:80:b0:64:c0:12:3e:
                    34:c6:da:ab:19:38:f5:76:10:1c:5b:99:e9:f6:ae:
                    3f:f2:1f:0c:33:9c:cf:88:e0:4e:46:3e:80:8b:5c:
                    21:81:47:d1:cf:eb:b8:e6:fb:b9:06:df:64:a0:4b:
                    ff:9c:48:80:d5:7a:04:e1:12:c2:17:79:03:6d:11:
                    6b:84:b4:26:c0:a2:46:66:61:b2:7c:91:9a:32:16:
                    5e:fd:67:f9:8d:e7:89:32:7d:33:6d:89:79:6c:c3:
                    3b:a9:f0:03:70:c2:4e:e4:7a:c1:7d:67:6b:5f:9a:
                    92:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:2B:3E:DA:A5:E9:93:D8:25:17:AA:7B:E8:C0:35:14:AD:6A:39:32
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ad:1d:0a:09:1d:17:81:d4:f6:43:f2:ed:1d:de:b0:d0:45:
         41:f1:99:8c:bb:2b:99:dd:73:84:98:41:87:8f:d0:e5:d1:6e:
         f3:d8:fb:43:9a:bf:61:4d:04:27:99:40:7f:d8:21:7b:10:21:
         e8:d9:fe:e6:56:5f:58:a9:d2:68:fb:43:e5:80:ad:e1:dd:3c:
         3c:24:00:3f:3e:d7:ca:1e:34:00:89:ab:f0:ef:17:d5:bf:c3:
         70:0c:ac:57:44:13:d6:01:f0:ad:1c:31:b2:0a:f0:2b:fc:5e:
         d9:ea:94:98:5e:76:dd:ff:bc:b2:3a:8f:84:cd:69:54:08:9a:
         1f:bc:51:e3:5e:c1:c3:83:e8:2a:57:f0:dc:ed:f0:cf:39:6e:
         5c:8f:95:a4:66:26:45:e7:e7:4e:d5:c7:6b:04:1c:80:1b:1d:
         8a:08:fc:14:ee:2d:78:76:67:bf:b1:ad:39:18:54:93:e1:71:
         07:58:9d:00:f9:b5:8f:ea:d6:dc:73:41:95:65:7e:b3:ec:d4:
         29:0f:b0:2d:f5:f3:48:ff:c7:eb:56:c7:73:82:39:33:2e:ac:
         98:69:8d:4f:72:0e:2c:55:18:01:fe:89:4d:e3:d3:58:a7:58:
         e8:62:28:00:78:99:d1:b5:0a:e5:dc:95:6f:95:38:8e:ad:d8:
         a6:20:74:15
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNQ1uzQiF+/hL7i3k4cvVFUmhoDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MTkxNTQxMTJaFw0yNTA1MTgxNTQ2MTJaMDMxMTAvBgNV
BAMTKDdBMkIzRURBQTVFOTkzRDgyNTE3QUE3QkU4QzAzNTE0QUQ2QTM5MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Jn+vb7y2AoY6LTEpptfz0NRL
w3voMhmhWxcqLMfm1kmWSkFNhA8lH5IzLuQ7Calpd2mjxYjNSPJR4o1MCJs8s9Kx
ymy4V21Rj4cOAIinpAeIzo4x3dFIL8IXSfrnBmg+ZRxFHsjSIkgrMYmgqpoCbTcb
FYXlaloACdPeKn3BQh/Qc4ue9BpgboVKCEF4lYCwZMASPjTG2qsZOPV2EBxbmen2
rj/yHwwznM+I4E5GPoCLXCGBR9HP67jm+7kG32SgS/+cSIDVegThEsIXeQNtEWuE
tCbAokZmYbJ8kZoyFl79Z/mN54kyfTNtiXlswzup8ANwwk7kesF9Z2tfmpLPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeis+2qXpk9glF6p76MA1FK1qOTIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDY0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbx6gw
DQYJKoZIhvcNAQELBQADggEBAJitHQoJHReB1PZD8u0d3rDQRUHxmYy7K5ndc4SY
QYeP0OXRbvPY+0Oav2FNBCeZQH/YIXsQIejZ/uZWX1ip0mj7Q+WAreHdPDwkAD8+
18oeNACJq/DvF9W/w3AMrFdEE9YB8K0cMbIK8Cv8XtnqlJhedt3/vLI6j4TNaVQI
mh+8UeNewcOD6CpX8Nzt8M85blyPlaRmJkXn507Vx2sEHIAbHYoI/BTuLXh2Z7+x
rTkYVJPhcQdYnQD5tY/q1txzQZVlfrPs1CkPsC3180j/x+tWx3OCOTMurJhpjU9y
DixVGAH+iU3j01inWOhiKAB4mdG1CuXclW+VOI6t2KYgdBU=
-----END CERTIFICATE-----