Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          6hP0k9cYE98L1+w1o1NgFtDPLmeIzA43PPThu7GZWlw=
Subject key identifier:   EA:D4:CC:4E:B2:A8:23:E4:80:26:62:22:16:1E:9C:37:4D:71:42:B8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       29C8AE7F5D6D583E28249322475DAE39AF87DC96
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400909.roa
Signing time:             Mon 02 Dec 2024 16:43:28 +0000
ROA not before:           Mon 02 Dec 2024 16:38:28 +0000
ROA not after:            Mon 01 Dec 2025 16:43:28 +0000
asID:                     400909
IP address blocks:        141.11.168.0/23 maxlen: 23
                          141.11.170.0/23 maxlen: 23
                          141.11.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:c8:ae:7f:5d:6d:58:3e:28:24:93:22:47:5d:ae:39:af:87:dc:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec  2 16:38:28 2024 GMT
            Not After : Dec  1 16:43:28 2025 GMT
        Subject: CN=EAD4CC4EB2A823E480266222161E9C374D7142B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b4:e5:c7:fe:a8:03:8c:0a:ef:a8:2b:40:f5:
                    45:4e:d1:96:6a:5b:80:9a:b8:00:2d:88:d2:87:8e:
                    76:ca:5f:45:8b:ff:38:d6:20:9e:a5:04:65:d3:99:
                    cf:5a:3c:fb:ee:4d:4a:f2:80:cb:12:1c:9a:94:16:
                    89:e0:98:81:f6:a5:9a:d1:ba:8d:25:f2:ea:a4:46:
                    2c:7e:3c:e1:85:2d:2d:fc:f0:aa:32:51:6f:48:e1:
                    6a:72:3e:96:85:eb:f5:b3:b8:7f:d0:a0:06:d2:d5:
                    31:5f:b5:2f:99:d5:e0:4d:80:3c:9c:a4:cf:d7:11:
                    c2:17:e1:dc:6f:64:20:e4:c0:f6:6b:00:c2:75:c3:
                    a9:ca:0f:19:89:26:7a:eb:81:23:c1:22:5c:67:76:
                    a5:16:99:10:85:a4:d8:ea:19:6b:8b:e3:1a:7c:c1:
                    c1:a5:a8:35:96:d8:4a:a8:60:01:eb:6a:b5:ca:e4:
                    60:67:69:3c:ae:52:28:63:a3:82:57:c3:97:17:fd:
                    34:de:42:b4:68:4c:5b:38:54:36:ad:7c:39:48:e0:
                    1e:c2:72:97:9e:45:44:be:65:63:ad:31:4e:70:f2:
                    9e:03:f3:9f:ca:36:58:7d:b1:9c:d3:1c:b7:88:5e:
                    b0:6d:f7:59:c0:94:44:f9:0f:f8:b9:86:53:0a:6b:
                    21:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D4:CC:4E:B2:A8:23:E4:80:26:62:22:16:1E:9C:37:4D:71:42:B8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.168.0/22
                  141.11.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:ce:b9:7d:a1:4a:a1:d4:3d:a5:20:47:07:d1:d4:f3:aa:1a:
         f8:7b:f4:05:80:8c:05:34:46:e7:60:79:57:65:1c:7c:a9:12:
         6e:40:3d:a6:2e:3e:55:df:74:06:47:8d:b3:a8:df:d9:93:cb:
         9e:3c:74:f8:cf:2d:39:14:fd:1c:d6:b2:ff:d9:3e:90:7b:c2:
         5c:7e:9b:c5:1e:3c:68:2d:86:88:29:f1:57:16:1d:35:72:56:
         61:45:f6:ed:71:e8:c5:ae:fe:8b:73:00:b2:fe:59:86:e4:7c:
         ce:28:39:44:d1:77:b8:27:7e:08:a0:c3:4f:46:b6:af:54:f6:
         12:66:00:8c:05:bd:58:0d:39:12:49:4b:aa:e7:91:60:36:3c:
         13:4d:53:46:36:78:be:6d:8c:4a:bb:41:a9:79:fb:b6:73:12:
         02:19:ce:2f:ab:b1:25:d4:07:9b:c3:c6:71:af:29:96:2c:90:
         b3:44:47:da:14:6e:51:cf:be:0c:8c:2f:f3:3e:44:dd:36:b3:
         03:15:a2:94:c6:16:52:16:5c:b8:88:77:f8:e7:87:ac:85:87:
         8f:61:46:fa:fe:cd:ce:bb:b5:9d:72:21:82:b2:19:f7:02:e1:
         11:c0:d0:f2:25:72:55:75:00:67:f4:4e:4d:3b:db:83:cb:3d:
         27:a5:d1:e9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKciuf11tWD4oJJMiR12uOa+H3JYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEyMDIxNjM4MjhaFw0yNTEyMDExNjQzMjhaMDMxMTAvBgNV
BAMTKEVBRDRDQzRFQjJBODIzRTQ4MDI2NjIyMjE2MUU5QzM3NEQ3MTQyQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDStOXH/qgDjArvqCtA9UVO0ZZq
W4CauAAtiNKHjnbKX0WL/zjWIJ6lBGXTmc9aPPvuTUrygMsSHJqUFongmIH2pZrR
uo0l8uqkRix+POGFLS388KoyUW9I4WpyPpaF6/WzuH/QoAbS1TFftS+Z1eBNgDyc
pM/XEcIX4dxvZCDkwPZrAMJ1w6nKDxmJJnrrgSPBIlxndqUWmRCFpNjqGWuL4xp8
wcGlqDWW2EqoYAHrarXK5GBnaTyuUihjo4JXw5cX/TTeQrRoTFs4VDatfDlI4B7C
cpeeRUS+ZWOtMU5w8p4D85/KNlh9sZzTHLeIXrBt91nAlET5D/i5hlMKayGhAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6tTMTrKoI+SAJmIiFh6cN01xQrgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCjQuo
AwQBjQveMA0GCSqGSIb3DQEBCwUAA4IBAQADzrl9oUqh1D2lIEcH0dTzqhr4e/QF
gIwFNEbnYHlXZRx8qRJuQD2mLj5V33QGR42zqN/Zk8uePHT4zy05FP0c1rL/2T6Q
e8JcfpvFHjxoLYaIKfFXFh01clZhRfbtcejFrv6LcwCy/lmG5HzOKDlE0Xe4J34I
oMNPRravVPYSZgCMBb1YDTkSSUuq55FgNjwTTVNGNni+bYxKu0Gpefu2cxICGc4v
q7El1Aebw8ZxrymWLJCzREfaFG5Rz74MjC/zPkTdNrMDFaKUxhZSFly4iHf454es
hYePYUb6/s3Ou7WdciGCshn3AuERwNDyJXJVdQBn9E5NO9uDyz0npdHp
-----END CERTIFICATE-----