Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa
File:                     AS400039.roa (raw, json)
Hash identifier:          3xDs5SSsl1KsMG2jeXRrjQi1jXhS1l79pXiq2JkfuMQ=
Subject key identifier:   41:04:50:E4:4C:A5:22:33:51:DA:5A:F7:A5:84:39:EB:DD:07:BC:4A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       74E0FFDD607755B619829C827E5F138CBCBBB246
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa
Signing time:             Thu 07 Nov 2024 05:43:27 +0000
ROA not before:           Thu 07 Nov 2024 05:38:27 +0000
ROA not after:            Thu 06 Nov 2025 05:43:27 +0000
asID:                     400039
IP address blocks:        141.11.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:e0:ff:dd:60:77:55:b6:19:82:9c:82:7e:5f:13:8c:bc:bb:b2:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  7 05:38:27 2024 GMT
            Not After : Nov  6 05:43:27 2025 GMT
        Subject: CN=410450E44CA5223351DA5AF7A58439EBDD07BC4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:92:b6:19:1b:b4:cd:c4:4f:5a:0c:23:f4:e3:
                    8c:59:2b:b0:5d:f7:47:08:a9:83:07:a0:68:c2:bb:
                    04:25:70:54:60:1c:32:8d:18:26:e6:23:42:22:6f:
                    dd:35:c6:bf:92:67:7e:3e:c2:90:19:3f:5b:df:c0:
                    7b:f7:a0:45:2e:e6:76:c9:7e:33:a1:19:fc:ff:6f:
                    a6:f8:72:90:6e:b7:90:39:fb:b9:5f:35:ad:c6:db:
                    1b:0e:ef:e3:26:02:6a:b0:c5:e2:0a:98:01:50:2b:
                    66:b5:79:fa:81:01:68:27:00:3b:37:81:7a:c4:16:
                    95:c9:98:43:3f:18:01:97:54:0e:9d:b5:d7:13:72:
                    d2:02:e9:36:e0:c4:98:35:af:61:5d:7c:53:50:45:
                    a7:22:83:dd:da:2e:3d:af:e1:4a:10:3b:e9:79:bb:
                    a8:5c:8c:3d:32:c2:9a:2e:1b:70:c1:ca:c4:aa:d0:
                    a1:13:79:ec:30:74:d2:28:27:b2:f0:78:87:0f:a7:
                    d6:e6:3d:bc:dd:57:48:3e:9e:1a:6f:6a:f8:86:04:
                    1c:e9:81:95:5e:a9:43:b5:f6:33:a8:54:44:2c:b0:
                    e6:1e:cc:b4:7e:38:2c:db:14:e9:ca:8b:d5:c8:d9:
                    86:0c:cf:37:f1:bc:c5:d8:8b:19:63:99:af:ee:d0:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:04:50:E4:4C:A5:22:33:51:DA:5A:F7:A5:84:39:EB:DD:07:BC:4A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a4:f9:b9:ce:a0:e4:d4:33:9a:ad:80:9e:7f:03:d0:d2:34:
         e4:9d:14:72:69:e1:ce:98:3a:9e:e0:45:8e:d0:5d:2d:c6:45:
         e5:46:a9:e5:fe:fb:96:8d:9c:df:83:75:95:b6:28:45:91:1c:
         b2:db:14:99:d3:25:28:32:1d:ed:6d:3b:5d:53:8b:86:9d:f0:
         28:de:85:54:27:ce:35:c8:ea:bb:df:d5:13:77:2f:fa:e9:9f:
         94:97:d8:8f:8f:11:b1:3e:93:cc:de:e1:63:b9:3e:82:72:eb:
         f2:54:a7:3f:0a:57:b2:06:f3:c3:6f:c5:cb:24:b6:40:04:83:
         6d:18:27:94:d3:71:5d:cf:f7:9e:46:e0:4f:a1:8a:b4:b0:e3:
         e1:60:38:0a:a9:23:84:64:e9:4a:e1:89:37:7e:d8:cc:da:44:
         69:e1:d4:09:7a:c7:b5:fa:ea:49:ea:b0:98:41:a0:20:44:53:
         c7:35:be:28:b7:c3:a1:d6:33:d6:4c:64:73:5c:10:cb:16:03:
         d5:20:ad:48:26:9f:09:89:ff:60:7e:e4:0f:01:88:e5:8a:25:
         68:31:bf:1e:fd:df:41:66:ee:e5:68:d1:07:c2:1e:82:a5:dc:
         9c:40:40:ab:8d:79:62:61:09:16:77:c8:e0:ff:d9:27:2c:9f:
         15:f1:94:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdOD/3WB3VbYZgpyCfl8TjLy7skYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMDcwNTM4MjdaFw0yNTExMDYwNTQzMjdaMDMxMTAvBgNV
BAMTKDQxMDQ1MEU0NENBNTIyMzM1MURBNUFGN0E1ODQzOUVCREQwN0JDNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCikrYZG7TNxE9aDCP044xZK7Bd
90cIqYMHoGjCuwQlcFRgHDKNGCbmI0Iib901xr+SZ34+wpAZP1vfwHv3oEUu5nbJ
fjOhGfz/b6b4cpBut5A5+7lfNa3G2xsO7+MmAmqwxeIKmAFQK2a1efqBAWgnADs3
gXrEFpXJmEM/GAGXVA6dtdcTctIC6TbgxJg1r2FdfFNQRacig93aLj2v4UoQO+l5
u6hcjD0ywpouG3DBysSq0KETeewwdNIoJ7LweIcPp9bmPbzdV0g+nhpvaviGBBzp
gZVeqUO19jOoVEQssOYezLR+OCzbFOnKi9XI2YYMzzfxvMXYixljma/u0JiNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQQRQ5EylIjNR2lr3pYQ5690HvEowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsE
MA0GCSqGSIb3DQEBCwUAA4IBAQCjpPm5zqDk1DOarYCefwPQ0jTknRRyaeHOmDqe
4EWO0F0txkXlRqnl/vuWjZzfg3WVtihFkRyy2xSZ0yUoMh3tbTtdU4uGnfAo3oVU
J841yOq739UTdy/66Z+Ul9iPjxGxPpPM3uFjuT6CcuvyVKc/CleyBvPDb8XLJLZA
BINtGCeU03Fdz/eeRuBPoYq0sOPhYDgKqSOEZOlK4Yk3ftjM2kRp4dQJese1+upJ
6rCYQaAgRFPHNb4ot8Oh1jPWTGRzXBDLFgPVIK1IJp8Jif9gfuQPAYjliiVoMb8e
/d9BZu7laNEHwh6CpdycQECrjXliYQkWd8jg/9knLJ8V8ZSs
-----END CERTIFICATE-----