Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          Rje5b1j/jbOXBoaco7cMQkl1X5LDo2B8SJbOPcAXPLc=
Subject key identifier:   5B:EE:F8:2F:BE:F9:94:90:2F:6C:98:C2:4E:6A:5C:A9:91:EB:C2:65
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2B09B930163BEC9155551BF2F3E05992F5EA737E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
Signing time:             Fri 09 May 2025 00:54:08 +0000
ROA not before:           Fri 09 May 2025 00:49:08 +0000
ROA not after:            Fri 08 May 2026 00:54:08 +0000
asID:                     400866
IP address blocks:        141.11.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:09:b9:30:16:3b:ec:91:55:55:1b:f2:f3:e0:59:92:f5:ea:73:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  9 00:49:08 2025 GMT
            Not After : May  8 00:54:08 2026 GMT
        Subject: CN=5BEEF82FBEF994902F6C98C24E6A5CA991EBC265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4a:46:5b:7d:42:95:a8:0e:d0:a1:39:aa:64:
                    0b:69:f6:50:3d:d7:3f:37:2c:1e:e5:5f:cf:5c:34:
                    ba:93:1f:4d:3e:2e:37:95:34:a5:2d:6f:56:2a:fe:
                    92:d8:3e:38:3f:41:cc:37:07:13:af:69:63:d0:9e:
                    1d:47:93:a3:a5:7b:ed:3a:41:67:08:5a:f7:2d:3a:
                    a8:3e:4b:2b:af:65:0d:e2:1a:c5:05:1b:a7:11:d7:
                    8e:f7:f5:6a:57:5a:ba:b9:1c:e1:10:fc:8d:bd:69:
                    c8:8d:81:28:9b:3a:7a:59:0e:d2:87:04:16:1a:11:
                    43:0e:c7:5d:65:93:43:1a:4c:dc:b1:c6:f7:fc:df:
                    56:f2:ca:08:b5:d3:89:dc:a1:62:17:78:aa:5f:2a:
                    92:64:95:71:1d:48:3a:ed:a6:06:c9:32:69:5f:56:
                    6f:80:c7:fa:64:e1:06:75:cc:c6:d8:28:b4:f0:e1:
                    8d:48:1f:c3:7b:dc:cb:da:e5:34:9a:4b:e5:34:b7:
                    eb:99:bf:02:da:d8:d9:f2:ef:94:a8:9e:b3:ac:97:
                    3a:de:b9:11:72:d9:6d:88:78:58:78:0e:3c:da:1c:
                    c7:87:fc:83:ad:33:b1:af:d3:fb:8f:57:58:b8:17:
                    4b:1d:e9:65:a2:e8:b7:b2:02:2a:4a:9c:48:d2:81:
                    33:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:EE:F8:2F:BE:F9:94:90:2F:6C:98:C2:4E:6A:5C:A9:91:EB:C2:65
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:3d:97:05:2b:47:9d:cd:b2:c5:3b:5d:e7:a5:7f:7d:fa:9d:
         35:61:ac:9c:f1:bc:42:20:62:51:6f:b5:4c:cb:b8:d1:95:94:
         ac:97:cd:17:1e:5a:8d:57:de:b9:bd:92:d3:61:6f:9d:f4:88:
         13:ac:16:c1:07:a2:ae:55:39:74:2a:18:12:5d:44:e3:2b:c2:
         5b:48:44:86:d2:1c:4d:a7:be:ee:19:24:8f:74:f1:fb:51:2c:
         06:93:99:4a:ae:27:dc:ca:9c:6e:58:b1:fd:32:ff:ca:5c:00:
         21:06:22:21:da:ed:dc:fe:10:8d:7d:65:3b:36:a9:c5:5f:17:
         85:f6:a0:a7:82:1d:1f:ad:f7:5d:02:a0:94:58:d0:1e:e2:05:
         14:6e:ae:6a:cc:3e:29:85:e1:6e:9a:a6:03:51:1e:68:30:a1:
         eb:2e:e7:3f:eb:37:d7:43:e3:d9:5a:35:26:45:ec:f0:6b:dd:
         e6:11:ef:7d:8e:4a:c3:01:33:c7:f5:67:b8:2d:89:aa:2c:6b:
         ca:f7:4e:a1:cb:1d:f9:7b:c4:4f:97:ee:d6:34:b2:9c:0a:20:
         dc:b0:05:a6:63:5c:9d:d4:16:30:78:bc:10:8a:1c:39:85:0b:
         c0:7b:36:08:3d:7e:40:8a:dd:49:af:9e:a9:ea:06:0c:2a:ba:
         8c:e6:93:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKwm5MBY77JFVVRvy8+BZkvXqc34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MDkwMDQ5MDhaFw0yNjA1MDgwMDU0MDhaMDMxMTAvBgNV
BAMTKDVCRUVGODJGQkVGOTk0OTAyRjZDOThDMjRFNkE1Q0E5OTFFQkMyNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcSkZbfUKVqA7QoTmqZAtp9lA9
1z83LB7lX89cNLqTH00+LjeVNKUtb1Yq/pLYPjg/Qcw3BxOvaWPQnh1Hk6Ole+06
QWcIWvctOqg+SyuvZQ3iGsUFG6cR14739WpXWrq5HOEQ/I29aciNgSibOnpZDtKH
BBYaEUMOx11lk0MaTNyxxvf831byygi104ncoWIXeKpfKpJklXEdSDrtpgbJMmlf
Vm+Ax/pk4QZ1zMbYKLTw4Y1IH8N73Mva5TSaS+U0t+uZvwLa2Nny75SonrOslzre
uRFy2W2IeFh4DjzaHMeH/IOtM7Gv0/uPV1i4F0sd6WWi6LeyAipKnEjSgTOvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUW+74L775lJAvbJjCTmpcqZHrwmUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsd
MA0GCSqGSIb3DQEBCwUAA4IBAQBmPZcFK0edzbLFO13npX99+p01Yayc8bxCIGJR
b7VMy7jRlZSsl80XHlqNV965vZLTYW+d9IgTrBbBB6KuVTl0KhgSXUTjK8JbSESG
0hxNp77uGSSPdPH7USwGk5lKrifcypxuWLH9Mv/KXAAhBiIh2u3c/hCNfWU7NqnF
XxeF9qCngh0frfddAqCUWNAe4gUUbq5qzD4pheFumqYDUR5oMKHrLuc/6zfXQ+PZ
WjUmRezwa93mEe99jkrDATPH9We4LYmqLGvK906hyx35e8RPl+7WNLKcCiDcsAWm
Y1yd1BYweLwQihw5hQvAezYIPX5Ait1Jr56p6gYMKrqM5pOm
-----END CERTIFICATE-----