Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          swUD3CCNrAzCncnbruvguS0mYRFmm7ki3JR3DcT6JcE=
Subject key identifier:   8D:95:12:E1:8F:C3:1D:F3:57:12:05:FD:98:11:73:AD:94:B5:DF:86
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       75249D7FFDCB6AC76CF82A2344EB2E734C8A171B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
Signing time:             Fri 07 Jun 2024 00:00:05 +0000
ROA not before:           Thu 06 Jun 2024 23:55:05 +0000
ROA not after:            Fri 06 Jun 2025 00:00:05 +0000
asID:                     400866
IP address blocks:        141.11.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:24:9d:7f:fd:cb:6a:c7:6c:f8:2a:23:44:eb:2e:73:4c:8a:17:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  6 23:55:05 2024 GMT
            Not After : Jun  6 00:00:05 2025 GMT
        Subject: CN=8D9512E18FC31DF3571205FD981173AD94B5DF86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8e:5c:4a:f1:de:15:85:62:d2:de:96:1e:4d:
                    58:79:08:44:40:0a:51:73:66:c6:09:19:01:21:fb:
                    75:26:e7:6d:e0:a1:2f:e3:60:8e:30:23:99:55:c9:
                    63:9b:3f:d2:fb:0d:7d:16:14:5a:ae:67:62:f6:c9:
                    0f:5c:23:52:14:95:bf:e6:c2:dd:e9:e7:42:5d:b5:
                    ce:a5:c8:35:bd:c2:99:fb:08:2b:1c:a4:d4:a0:4e:
                    dd:b5:32:14:30:aa:c9:c6:a9:4d:30:17:a5:21:2d:
                    44:15:14:e2:28:b7:0b:f5:00:36:88:ed:6d:5b:b9:
                    45:6e:49:0a:d9:55:46:4e:97:af:86:ac:e1:36:71:
                    26:61:1f:93:85:01:e6:75:d2:51:5b:dc:55:d2:76:
                    21:81:72:03:d9:2d:b3:72:0a:47:7b:78:25:2a:dc:
                    f9:ed:31:10:4c:16:b2:b8:68:d8:19:21:56:0d:e7:
                    ad:df:ed:68:33:bc:1b:5d:92:57:99:42:7a:ae:a2:
                    c2:c6:92:d5:65:67:da:75:7b:c5:e7:e5:78:ee:ff:
                    b0:cc:ac:3b:ce:bf:8f:31:2c:7e:e8:99:8f:c1:e3:
                    32:18:75:76:14:87:f5:43:0f:92:4b:68:22:d6:39:
                    e4:68:d3:79:b7:b8:ad:7c:d9:07:12:69:60:ff:5d:
                    74:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:95:12:E1:8F:C3:1D:F3:57:12:05:FD:98:11:73:AD:94:B5:DF:86
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:73:6d:96:9d:f8:28:52:0b:27:12:4b:2e:3b:ce:19:a1:ef:
         93:0f:6e:31:10:3e:39:f8:d7:bb:c6:26:79:5f:2e:80:36:fe:
         bb:23:e7:ab:0e:5e:33:de:b7:fd:7f:5c:d2:49:8b:05:b1:a0:
         7e:00:bc:fa:f3:93:d3:36:65:db:2c:87:de:8d:a3:89:84:02:
         5c:ee:7c:2c:d0:f8:e5:55:62:17:70:dc:d3:d5:9c:8b:0b:66:
         4d:0a:59:68:b8:76:65:4c:4c:d5:ab:6b:e0:e5:0b:41:99:8f:
         94:9d:25:58:c1:87:38:b2:ca:ca:c8:dc:69:d9:3e:77:a8:4c:
         7f:0f:1e:be:e1:ab:5a:6e:49:3f:89:d8:79:cb:af:93:a7:97:
         b2:22:f3:38:fd:20:ab:57:89:cd:f4:d2:2b:1a:0d:45:6a:77:
         60:2a:67:11:47:26:b3:55:d0:da:d5:da:e2:d3:41:92:a1:29:
         4e:dc:c3:ed:95:eb:f5:54:fa:dc:5c:b1:07:75:91:e7:65:d4:
         48:4c:6f:49:11:bb:ac:a5:da:03:d2:c1:eb:34:e9:e3:89:2e:
         b8:8d:14:d1:63:4a:69:19:53:f3:14:27:0d:19:fa:04:d5:12:
         04:83:c5:eb:be:5e:13:08:ad:1a:66:31:05:d9:5b:ce:35:33:
         b2:f9:63:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdSSdf/3Lasds+CojROsuc0yKFxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MDYyMzU1MDVaFw0yNTA2MDYwMDAwMDVaMDMxMTAvBgNV
BAMTKDhEOTUxMkUxOEZDMzFERjM1NzEyMDVGRDk4MTE3M0FEOTRCNURGODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3jlxK8d4VhWLS3pYeTVh5CERA
ClFzZsYJGQEh+3Um523goS/jYI4wI5lVyWObP9L7DX0WFFquZ2L2yQ9cI1IUlb/m
wt3p50Jdtc6lyDW9wpn7CCscpNSgTt21MhQwqsnGqU0wF6UhLUQVFOIotwv1ADaI
7W1buUVuSQrZVUZOl6+GrOE2cSZhH5OFAeZ10lFb3FXSdiGBcgPZLbNyCkd7eCUq
3PntMRBMFrK4aNgZIVYN563f7WgzvBtdkleZQnquosLGktVlZ9p1e8Xn5Xju/7DM
rDvOv48xLH7omY/B4zIYdXYUh/VDD5JLaCLWOeRo03m3uK182QcSaWD/XXQDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjZUS4Y/DHfNXEgX9mBFzrZS134YwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsd
MA0GCSqGSIb3DQEBCwUAA4IBAQBHc22WnfgoUgsnEksuO84Zoe+TD24xED45+Ne7
xiZ5Xy6ANv67I+erDl4z3rf9f1zSSYsFsaB+ALz685PTNmXbLIfejaOJhAJc7nws
0PjlVWIXcNzT1ZyLC2ZNCllouHZlTEzVq2vg5QtBmY+UnSVYwYc4ssrKyNxp2T53
qEx/Dx6+4atabkk/idh5y6+Tp5eyIvM4/SCrV4nN9NIrGg1FandgKmcRRyazVdDa
1dri00GSoSlO3MPtlev1VPrcXLEHdZHnZdRITG9JEbuspdoD0sHrNOnjiS64jRTR
Y0ppGVPzFCcNGfoE1RIEg8Xrvl4TCK0aZjEF2VvONTOy+WPj
-----END CERTIFICATE-----