Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          PYGWvaBNSy9Az6bjsw/CR6eRs44NWCCV49QDlawuWMg=
Subject key identifier:   DA:15:58:10:EC:26:CD:13:C0:E9:B4:18:47:16:36:93:C5:D9:D5:BD
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1E2D7BD7160C0EA6998F6B238A059A20A7AFBEAA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
Signing time:             Tue 09 Apr 2024 18:12:55 +0000
ROA not before:           Tue 09 Apr 2024 18:07:55 +0000
ROA not after:            Tue 08 Apr 2025 18:12:55 +0000
asID:                     400866
IP address blocks:        141.11.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:2d:7b:d7:16:0c:0e:a6:99:8f:6b:23:8a:05:9a:20:a7:af:be:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  9 18:07:55 2024 GMT
            Not After : Apr  8 18:12:55 2025 GMT
        Subject: CN=DA155810EC26CD13C0E9B41847163693C5D9D5BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3c:c7:69:9d:f9:5e:63:7b:81:a2:03:87:af:
                    c7:62:3e:3e:99:5c:f9:da:c8:ff:a4:17:78:13:3b:
                    0f:d7:f1:65:b2:e3:2e:5b:c6:57:13:33:ad:d0:e2:
                    5a:38:c4:aa:03:2e:03:75:5f:86:1c:2e:db:2e:77:
                    23:c7:27:46:33:d1:9c:40:f9:48:a4:dc:18:a7:fd:
                    d0:c9:bb:2d:de:db:2c:83:cd:f0:81:da:9f:27:e8:
                    5b:26:3c:42:bf:0b:07:02:6d:3f:aa:49:3d:25:1a:
                    77:14:57:a4:2b:c2:1e:c1:c3:fd:20:80:81:c5:6a:
                    63:13:5b:41:ac:37:16:cf:9a:a2:3e:d6:55:57:01:
                    74:ec:7e:7d:c5:df:19:45:7a:04:7a:67:9a:2c:2f:
                    a6:f2:67:f7:a8:0b:fb:e2:04:84:07:a3:d5:bc:1f:
                    da:19:dd:7d:82:76:fd:b8:c7:ca:4f:c8:c3:22:8a:
                    e4:02:12:cb:48:8c:30:f5:87:ed:37:0f:50:db:21:
                    09:10:25:99:91:21:c9:7e:d1:8f:4a:6a:e4:8b:95:
                    7d:4f:88:82:00:d8:8c:e2:93:d8:45:7c:7b:9c:fa:
                    55:a8:59:96:7b:9c:7c:57:e5:bf:1e:cb:0e:de:c8:
                    02:93:5d:6f:5f:6d:ce:63:3a:1e:e1:37:f7:3c:29:
                    92:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:15:58:10:EC:26:CD:13:C0:E9:B4:18:47:16:36:93:C5:D9:D5:BD
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:8c:c2:49:1b:65:e1:cd:66:b0:82:ba:b1:e3:50:6f:21:de:
         0b:7d:74:e7:dd:8c:e5:6f:72:71:29:18:4f:fe:e7:f3:44:af:
         91:fe:9a:43:11:4e:c7:b3:a2:94:74:b1:ae:33:fd:95:9c:e6:
         24:75:76:04:b8:22:f2:f1:f4:6e:1a:5a:a0:7c:b3:51:e0:72:
         55:19:74:b8:74:b6:31:3a:6c:b8:7e:c0:2c:4e:9e:66:fd:0f:
         79:f5:ee:fb:c1:e5:6d:99:0f:cc:b7:19:28:62:43:d8:ef:18:
         16:4c:17:cf:48:8b:80:58:ea:8b:03:f1:35:b1:1a:ab:d4:06:
         ce:d2:b1:40:16:ec:b4:0c:c7:26:16:5d:9f:49:2c:61:78:c8:
         7f:ab:10:9e:5a:05:f3:65:73:ea:b1:1b:a6:9b:66:0f:f4:b3:
         46:a3:69:98:22:43:19:63:6d:08:0a:63:71:e7:81:8c:fc:7a:
         5e:1e:92:46:92:2c:6f:d8:c4:2c:3b:8d:95:b8:b1:be:20:e5:
         a3:d6:72:46:58:9c:77:d1:76:20:2a:a0:3c:f6:1f:d3:79:e9:
         f5:df:13:58:a8:73:52:05:9c:a4:27:25:bc:26:de:67:26:78:
         04:c6:87:9d:03:d0:b7:7d:38:b3:ad:a1:4a:3c:5e:0b:cc:1f:
         b7:6c:4c:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHi171xYMDqaZj2sjigWaIKevvqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA0MDkxODA3NTVaFw0yNTA0MDgxODEyNTVaMDMxMTAvBgNV
BAMTKERBMTU1ODEwRUMyNkNEMTNDMEU5QjQxODQ3MTYzNjkzQzVEOUQ1QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxPMdpnfleY3uBogOHr8diPj6Z
XPnayP+kF3gTOw/X8WWy4y5bxlcTM63Q4lo4xKoDLgN1X4YcLtsudyPHJ0Yz0ZxA
+Uik3Bin/dDJuy3e2yyDzfCB2p8n6FsmPEK/CwcCbT+qST0lGncUV6Qrwh7Bw/0g
gIHFamMTW0GsNxbPmqI+1lVXAXTsfn3F3xlFegR6Z5osL6byZ/eoC/viBIQHo9W8
H9oZ3X2Cdv24x8pPyMMiiuQCEstIjDD1h+03D1DbIQkQJZmRIcl+0Y9KauSLlX1P
iIIA2Izik9hFfHuc+lWoWZZ7nHxX5b8eyw7eyAKTXW9fbc5jOh7hN/c8KZI9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2hVYEOwmzRPA6bQYRxY2k8XZ1b0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt2
MA0GCSqGSIb3DQEBCwUAA4IBAQC0jMJJG2XhzWawgrqx41BvId4LfXTn3Yzlb3Jx
KRhP/ufzRK+R/ppDEU7Hs6KUdLGuM/2VnOYkdXYEuCLy8fRuGlqgfLNR4HJVGXS4
dLYxOmy4fsAsTp5m/Q959e77weVtmQ/MtxkoYkPY7xgWTBfPSIuAWOqLA/E1sRqr
1AbO0rFAFuy0DMcmFl2fSSxheMh/qxCeWgXzZXPqsRumm2YP9LNGo2mYIkMZY20I
CmNx54GM/HpeHpJGkixv2MQsO42VuLG+IOWj1nJGWJx30XYgKqA89h/Teen13xNY
qHNSBZykJyW8Jt5nJngExoedA9C3fTizraFKPF4LzB+3bEzq
-----END CERTIFICATE-----