Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          XxmQ99vnHoCrCHF66O6p1FlNDahNsyPywZZvQ5tn7/s=
Subject key identifier:   47:1A:12:A1:B9:3C:5D:F6:84:DC:F1:4A:01:30:7A:A2:D5:CE:F6:A2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       60F7A673D2AA97E44EA692D1E93EB02DD7B6421F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa
Signing time:             Tue 22 Apr 2025 01:56:45 +0000
ROA not before:           Tue 22 Apr 2025 01:51:45 +0000
ROA not after:            Tue 21 Apr 2026 01:56:45 +0000
asID:                     393942
IP address blocks:        45.135.250.0/24 maxlen: 24
                          192.166.82.0/24 maxlen: 24
                          193.111.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f7:a6:73:d2:aa:97:e4:4e:a6:92:d1:e9:3e:b0:2d:d7:b6:42:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 22 01:51:45 2025 GMT
            Not After : Apr 21 01:56:45 2026 GMT
        Subject: CN=471A12A1B93C5DF684DCF14A01307AA2D5CEF6A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fa:47:e2:5f:dc:00:68:91:c8:d2:3f:c8:e8:
                    62:79:30:91:3d:89:5c:66:95:7c:38:8b:d2:b2:0a:
                    51:c3:55:46:59:0b:99:5d:c9:a0:81:ea:04:fe:10:
                    a4:0d:4e:0a:cc:6a:84:e6:d9:76:c7:29:52:7f:a3:
                    6c:58:2a:57:96:90:66:ab:8f:97:33:6f:4c:31:62:
                    a7:4b:11:f3:4c:98:7d:a4:76:cd:96:2f:da:fa:2e:
                    e9:da:6e:b5:33:07:59:24:91:a3:47:72:24:ac:8d:
                    36:9e:32:81:c1:8a:95:63:f3:5f:c5:f8:d2:5b:0b:
                    01:d4:bd:83:1e:7e:a5:71:47:6a:ac:44:c3:36:1b:
                    0f:35:84:e8:1d:c7:f9:29:66:8b:90:93:fe:bd:35:
                    3a:70:12:52:20:8b:f1:96:2a:bf:6e:39:28:1d:c7:
                    fc:1b:86:57:33:6b:bf:bf:d2:3b:75:30:75:5b:0e:
                    2c:61:51:ca:ce:42:82:f6:6e:5d:03:a9:6b:20:cf:
                    9b:6a:ea:4d:c2:48:17:5b:3b:4b:5d:e3:23:f1:82:
                    4e:c0:35:89:0c:64:f2:9a:c3:ea:bf:1b:fa:b8:c4:
                    ca:00:ec:2c:f0:b9:d0:34:67:f8:d0:58:17:bf:34:
                    4d:15:32:95:61:bf:ed:ac:38:49:8f:3f:31:81:20:
                    0c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:1A:12:A1:B9:3C:5D:F6:84:DC:F1:4A:01:30:7A:A2:D5:CE:F6:A2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.250.0/24
                  192.166.82.0/24
                  193.111.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:17:d7:a8:95:22:c2:92:20:b3:ce:ed:fd:24:8b:d4:cf:0d:
         1b:c9:bc:aa:91:94:1e:fc:b6:40:aa:34:7f:86:bf:c3:73:a5:
         d1:9a:59:f2:78:04:14:97:9d:f8:4b:8e:0c:12:9c:38:8c:2e:
         c5:47:29:c5:15:b4:64:53:db:53:78:58:03:d2:36:a6:76:71:
         fd:d6:96:e3:90:9f:5e:b6:e6:32:45:a6:34:49:91:fc:d4:9f:
         30:b0:b3:17:6c:04:d6:ff:12:4a:1e:1c:37:a4:fe:3b:1e:bc:
         6e:b6:a0:47:02:b8:c3:f5:60:74:cf:b5:bf:72:18:55:89:93:
         d1:56:f5:56:fe:ca:d6:67:1d:42:3d:8d:27:a4:96:26:65:8f:
         75:20:1d:e1:88:fc:0f:55:e2:6e:94:45:b0:c1:60:e6:b5:e9:
         45:9d:15:1e:31:ab:a2:b3:a0:cb:0f:3b:71:e2:76:d5:8d:0c:
         66:ad:c0:88:e9:d6:cc:67:50:4a:c8:6b:7a:2b:be:61:80:84:
         04:9a:82:87:9a:25:3f:2e:1f:ba:d1:fe:5d:da:d1:24:1e:c8:
         d9:87:7e:3b:4c:42:cd:3a:d3:86:0b:b7:bc:9f:60:fe:9e:88:
         cd:3c:77:ab:0a:26:5a:90:2b:19:65:0d:80:65:58:ad:ff:c7:
         c2:4c:ad:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUYPemc9Kql+ROppLR6T6wLde2Qh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MjIwMTUxNDVaFw0yNjA0MjEwMTU2NDVaMDMxMTAvBgNV
BAMTKDQ3MUExMkExQjkzQzVERjY4NERDRjE0QTAxMzA3QUEyRDVDRUY2QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2+kfiX9wAaJHI0j/I6GJ5MJE9
iVxmlXw4i9KyClHDVUZZC5ldyaCB6gT+EKQNTgrMaoTm2XbHKVJ/o2xYKleWkGar
j5czb0wxYqdLEfNMmH2kds2WL9r6LunabrUzB1kkkaNHciSsjTaeMoHBipVj81/F
+NJbCwHUvYMefqVxR2qsRMM2Gw81hOgdx/kpZouQk/69NTpwElIgi/GWKr9uOSgd
x/wbhlcza7+/0jt1MHVbDixhUcrOQoL2bl0DqWsgz5tq6k3CSBdbO0td4yPxgk7A
NYkMZPKaw+q/G/q4xMoA7CzwudA0Z/jQWBe/NE0VMpVhv+2sOEmPPzGBIAyVAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQURxoSobk8XfaE3PFKATB6otXO9qIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYf6
AwQAwKZSAwQAwW90MA0GCSqGSIb3DQEBCwUAA4IBAQCSF9eolSLCkiCzzu39JIvU
zw0bybyqkZQe/LZAqjR/hr/Dc6XRmlnyeAQUl534S44MEpw4jC7FRynFFbRkU9tT
eFgD0jamdnH91pbjkJ9etuYyRaY0SZH81J8wsLMXbATW/xJKHhw3pP47HrxutqBH
ArjD9WB0z7W/chhViZPRVvVW/srWZx1CPY0npJYmZY91IB3hiPwPVeJulEWwwWDm
telFnRUeMauis6DLDztx4nbVjQxmrcCI6dbMZ1BKyGt6K75hgIQEmoKHmiU/Lh+6
0f5d2tEkHsjZh347TELNOtOGC7e8n2D+nojNPHerCiZakCsZZQ2AZVit/8fCTK36
-----END CERTIFICATE-----