Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          8oLFaJbTtgTDEL2Mbm/7L9Z5LJgU3C36uOFnl4F4zSg=
Subject key identifier:   D5:77:A5:49:D4:C3:FE:AF:F4:88:90:3C:88:69:C7:7E:C8:A7:06:2D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       505450688A49F3313453C47CD025CA8159FF1247
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS400909.roa
Signing time:             Sat 16 Nov 2024 09:47:07 +0000
ROA not before:           Sat 16 Nov 2024 09:42:07 +0000
ROA not after:            Sat 15 Nov 2025 09:47:07 +0000
asID:                     400909
IP address blocks:        92.113.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:54:50:68:8a:49:f3:31:34:53:c4:7c:d0:25:ca:81:59:ff:12:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 16 09:42:07 2024 GMT
            Not After : Nov 15 09:47:07 2025 GMT
        Subject: CN=D577A549D4C3FEAFF488903C8869C77EC8A7062D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:38:b4:5e:92:25:01:e0:b5:bd:aa:72:65:ce:
                    81:a8:df:4b:a9:7f:bc:d8:da:82:ac:d7:d5:e4:d6:
                    b4:3b:2d:37:99:33:b6:a2:bd:a6:9c:91:d6:fa:b3:
                    16:ce:62:3f:88:59:35:82:0f:17:4f:43:da:34:d1:
                    f5:a2:ee:90:fd:9e:47:97:2d:f9:22:1e:f7:3d:fb:
                    35:81:79:d6:90:52:d6:17:cd:e0:d3:1f:fd:d7:d7:
                    f4:13:6c:3e:8e:8b:4e:7c:dc:14:94:b3:2c:c4:dd:
                    fa:d5:5a:ce:7c:0d:6a:7d:44:6d:d0:a8:7b:f7:5e:
                    51:78:99:7b:54:18:ab:9e:85:a7:be:d1:c1:b0:3e:
                    7b:c4:cd:c1:28:a0:a7:ac:d3:7d:d5:e1:c1:fc:a2:
                    40:9c:98:e8:2d:c5:88:07:59:0d:fd:73:5b:35:85:
                    05:bf:44:33:28:04:21:a9:98:73:4f:ee:1a:de:f4:
                    84:55:d5:4d:1e:9e:5e:3d:c6:1f:59:7f:a0:45:fa:
                    0c:93:4b:84:18:5e:26:64:67:df:b2:8a:c8:1b:85:
                    26:bf:6f:4b:30:a4:cb:37:78:e4:db:9a:21:b8:08:
                    80:e4:79:19:14:67:39:5a:fe:f0:9a:22:cc:0e:b8:
                    0a:2f:d1:da:7f:ef:e5:e1:16:36:90:77:a8:c4:67:
                    9a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:77:A5:49:D4:C3:FE:AF:F4:88:90:3C:88:69:C7:7E:C8:A7:06:2D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:0d:d5:e4:1c:03:d5:e8:ea:b4:11:7c:77:e9:0d:8a:9a:98:
         9d:92:80:97:d5:7e:67:88:3e:81:11:5a:07:88:da:f9:69:68:
         ad:37:97:5c:6f:ed:c4:20:03:69:98:e6:fb:bc:f1:7b:71:2a:
         83:74:48:0a:64:0e:89:ba:90:d5:15:2c:e1:9b:96:e6:cd:89:
         36:81:88:42:bb:7c:28:2b:4f:3e:d0:fa:d7:3f:4d:cd:cd:8a:
         3e:44:26:ce:2b:ec:58:c8:33:3f:1a:9e:98:09:56:b2:38:8a:
         e9:0d:2b:7e:dd:81:d8:12:b9:44:52:df:27:01:96:11:6a:c4:
         7a:74:4c:e5:54:45:d2:15:3b:0b:fb:a0:c5:ee:89:73:48:6c:
         c3:85:20:4a:b0:5d:2c:ed:50:f7:40:40:a1:14:4f:01:96:ce:
         7a:44:87:d5:5f:17:21:c3:06:68:28:e6:04:b4:48:5f:66:85:
         9a:60:d9:d6:d8:1e:c5:8b:f2:41:c6:e7:e7:f3:26:78:57:c9:
         06:b0:fb:71:01:7e:56:0b:95:26:1c:19:03:c0:db:db:74:d6:
         d0:25:72:b1:46:5f:57:84:cb:bc:71:57:0b:30:92:9f:d3:ba:
         91:e9:ac:cf:00:28:3a:bb:36:0f:ab:7f:f4:2d:37:5c:e2:ce:
         b9:f3:19:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUFRQaIpJ8zE0U8R80CXKgVn/EkcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMTYwOTQyMDdaFw0yNTExMTUwOTQ3MDdaMDMxMTAvBgNV
BAMTKEQ1NzdBNTQ5RDRDM0ZFQUZGNDg4OTAzQzg4NjlDNzdFQzhBNzA2MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChOLRekiUB4LW9qnJlzoGo30up
f7zY2oKs19Xk1rQ7LTeZM7aivaackdb6sxbOYj+IWTWCDxdPQ9o00fWi7pD9nkeX
LfkiHvc9+zWBedaQUtYXzeDTH/3X1/QTbD6Oi0583BSUsyzE3frVWs58DWp9RG3Q
qHv3XlF4mXtUGKuehae+0cGwPnvEzcEooKes033V4cH8okCcmOgtxYgHWQ39c1s1
hQW/RDMoBCGpmHNP7hre9IRV1U0enl49xh9Zf6BF+gyTS4QYXiZkZ9+yisgbhSa/
b0swpMs3eOTbmiG4CIDkeRkUZzla/vCaIswOuAov0dp/7+XhFjaQd6jEZ5rpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1XelSdTD/q/0iJA8iGnHfsinBi0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXHGm
MA0GCSqGSIb3DQEBCwUAA4IBAQBtDdXkHAPV6Oq0EXx36Q2KmpidkoCX1X5niD6B
EVoHiNr5aWitN5dcb+3EIANpmOb7vPF7cSqDdEgKZA6JupDVFSzhm5bmzYk2gYhC
u3woK08+0PrXP03NzYo+RCbOK+xYyDM/Gp6YCVayOIrpDSt+3YHYErlEUt8nAZYR
asR6dEzlVEXSFTsL+6DF7olzSGzDhSBKsF0s7VD3QEChFE8Bls56RIfVXxchwwZo
KOYEtEhfZoWaYNnW2B7Fi/JBxufn8yZ4V8kGsPtxAX5WC5UmHBkDwNvbdNbQJXKx
Rl9XhMu8cVcLMJKf07qR6azPACg6uzYPq3/0LTdc4s658xlN
-----END CERTIFICATE-----