Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          lt+SXlT8u+Qf0AXaq0nyQ0K4Dx2YFOfNj/l6ISs/MBo=
Subject key identifier:   59:1D:F0:EE:AB:A9:7B:12:CE:8A:DE:8D:DB:C6:8F:B4:A4:ED:52:A3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5D665D4D280441D2470451AD28CD6CC996C140B8
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa
Signing time:             Tue 09 Jan 2024 00:00:05 +0000
ROA not before:           Mon 08 Jan 2024 23:55:05 +0000
ROA not after:            Tue 07 Jan 2025 00:00:05 +0000
asID:                     62240
IP address blocks:        45.158.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:66:5d:4d:28:04:41:d2:47:04:51:ad:28:cd:6c:c9:96:c1:40:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan  8 23:55:05 2024 GMT
            Not After : Jan  7 00:00:05 2025 GMT
        Subject: CN=591DF0EEABA97B12CE8ADE8DDBC68FB4A4ED52A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:04:79:0e:dc:24:09:64:c3:9a:76:e7:5f:9e:
                    fb:e5:b7:f9:61:30:a3:f0:39:be:68:02:41:59:9c:
                    b2:ce:c7:15:7e:8f:8f:0b:84:86:29:78:b4:6d:f8:
                    b6:1e:27:0a:d4:f5:9b:65:69:d7:4f:8c:16:db:77:
                    d7:f0:02:d8:b6:58:e4:b7:3d:a9:8f:0f:9f:68:1e:
                    89:12:82:00:7b:3d:9b:52:95:d3:46:93:1c:00:03:
                    fd:24:7c:e4:7d:ad:03:54:09:67:e0:ab:fa:e1:19:
                    97:84:57:c1:b7:c5:ce:3b:c2:85:7f:9b:46:3b:df:
                    06:58:0a:82:1c:0b:4f:4a:8e:4b:fa:01:04:0d:cf:
                    a0:29:b5:65:7f:0a:23:40:dd:92:3f:f2:7e:20:22:
                    b8:e4:9f:1e:0a:e6:a5:3b:f3:c3:52:f0:7b:52:90:
                    be:15:ab:96:c4:e8:1b:fa:8b:19:f9:1e:96:7f:82:
                    ad:8c:7b:55:71:e7:da:b9:52:01:e2:12:0f:e6:a9:
                    3a:7b:46:76:80:c9:06:85:1d:07:f4:e0:c4:1d:fc:
                    45:8e:cc:9e:59:9e:56:5d:57:5c:51:87:a5:88:c9:
                    66:ec:36:1b:d3:c8:1c:20:87:7f:30:37:86:df:5f:
                    b8:5d:97:5b:59:1a:d8:ac:d1:dc:86:86:19:f5:32:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1D:F0:EE:AB:A9:7B:12:CE:8A:DE:8D:DB:C6:8F:B4:A4:ED:52:A3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d7:b4:ea:df:1a:73:6c:1a:3a:35:07:b5:bd:b5:e3:18:cd:
         6b:99:4c:98:d2:45:ca:51:a2:d3:36:11:a6:04:88:70:b1:37:
         b0:fb:e9:df:73:69:2e:7d:23:38:83:87:3b:51:5b:b9:4d:50:
         8a:4a:c8:a7:e9:4a:bf:1b:f8:cc:53:28:a4:1d:ee:2c:7e:3b:
         88:79:ac:08:a2:51:74:64:84:53:2c:c8:10:ef:71:5c:9b:49:
         8e:95:02:69:79:f9:3f:64:35:69:47:50:75:a2:5f:69:f8:af:
         23:4a:5d:30:14:4c:c4:4b:19:1c:c6:c3:40:a7:ec:f2:69:5b:
         f4:d3:d9:07:70:e0:dc:fe:b4:6e:93:40:de:7e:88:7f:cc:b1:
         aa:58:e4:14:a5:8f:aa:d3:5b:07:a1:d5:d2:0e:78:cb:43:c0:
         ea:b5:8f:4f:06:ca:31:2b:58:8e:eb:0f:4c:3c:87:a8:64:42:
         66:57:0f:d5:40:a4:08:cc:5c:e3:e6:f3:b8:3d:38:47:fa:b4:
         7f:aa:5c:4b:9f:8e:38:11:55:af:3a:2c:d5:9a:e6:a1:9c:b1:
         3f:f5:70:d8:5a:b8:08:d0:47:4a:dc:22:03:99:05:9e:a7:5f:
         8c:dc:c6:e1:ad:20:fc:fd:ba:18:b7:a7:bb:28:b5:87:45:c3:
         18:69:bc:54
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXWZdTSgEQdJHBFGtKM1syZbBQLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMDgyMzU1MDVaFw0yNTAxMDcwMDAwMDVaMDMxMTAvBgNV
BAMTKDU5MURGMEVFQUJBOTdCMTJDRThBREU4RERCQzY4RkI0QTRFRDUyQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpBHkO3CQJZMOadudfnvvlt/lh
MKPwOb5oAkFZnLLOxxV+j48LhIYpeLRt+LYeJwrU9ZtladdPjBbbd9fwAti2WOS3
PamPD59oHokSggB7PZtSldNGkxwAA/0kfOR9rQNUCWfgq/rhGZeEV8G3xc47woV/
m0Y73wZYCoIcC09Kjkv6AQQNz6AptWV/CiNA3ZI/8n4gIrjknx4K5qU788NS8HtS
kL4Vq5bE6Bv6ixn5HpZ/gq2Me1Vx59q5UgHiEg/mqTp7RnaAyQaFHQf04MQd/EWO
zJ5ZnlZdV1xRh6WIyWbsNhvTyBwgh38wN4bfX7hdl1tZGtis0dyGhhn1MgoJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUWR3w7qupexLOit6N28aPtKTtUqMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtngow
DQYJKoZIhvcNAQELBQADggEBAHjXtOrfGnNsGjo1B7W9teMYzWuZTJjSRcpRotM2
EaYEiHCxN7D76d9zaS59IziDhztRW7lNUIpKyKfpSr8b+MxTKKQd7ix+O4h5rAii
UXRkhFMsyBDvcVybSY6VAml5+T9kNWlHUHWiX2n4ryNKXTAUTMRLGRzGw0Cn7PJp
W/TT2Qdw4Nz+tG6TQN5+iH/MsapY5BSlj6rTWweh1dIOeMtDwOq1j08GyjErWI7r
D0w8h6hkQmZXD9VApAjMXOPm87g9OEf6tH+qXEufjjgRVa86LNWa5qGcsT/1cNha
uAjQR0rcIgOZBZ6nX4zcxuGtIPz9uhi3p7sotYdFwxhpvFQ=
-----END CERTIFICATE-----