Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          v5BxY9gSPDjpA/mr0wD0sk5ZS8Clm9CC6IvzSJO938I=
Subject key identifier:   89:65:C9:E0:C9:F8:85:A9:5B:98:5F:62:17:78:73:22:03:61:5E:15
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       63DCCE4915F9801F6864B0260B69FE045E8B2838
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa
Signing time:             Sat 21 Jun 2025 00:54:11 +0000
ROA not before:           Sat 21 Jun 2025 00:49:11 +0000
ROA not after:            Sat 20 Jun 2026 00:54:11 +0000
asID:                     400866
IP address blocks:        147.79.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:dc:ce:49:15:f9:80:1f:68:64:b0:26:0b:69:fe:04:5e:8b:28:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 21 00:49:11 2025 GMT
            Not After : Jun 20 00:54:11 2026 GMT
        Subject: CN=8965C9E0C9F885A95B985F621778732203615E15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b4:e8:da:fd:21:b1:1e:4d:48:c0:4f:23:dc:
                    2e:8a:62:e7:69:a5:02:06:5f:c6:39:22:c6:c2:47:
                    22:a8:90:4e:e9:9f:c1:58:fa:36:ca:de:cd:75:e3:
                    04:c8:68:15:40:fd:92:ed:9e:56:ed:ae:5e:9c:39:
                    69:31:8a:8e:d7:a6:57:44:40:8f:e2:78:7d:d2:4b:
                    29:37:84:ef:6a:1c:37:fe:7a:c4:27:84:df:b5:e7:
                    83:ec:a2:4c:f2:59:ed:4f:1f:09:9d:ee:d3:e5:a4:
                    49:62:23:4d:65:69:50:95:63:ea:99:00:63:78:43:
                    ec:a2:07:0e:ec:b6:e5:99:3b:fd:a7:22:ce:f1:79:
                    24:a9:52:a1:ca:d3:e9:ea:95:50:a8:01:c3:e5:a8:
                    dc:9a:59:de:2e:7b:4e:c7:50:8b:5c:5f:1f:33:54:
                    dd:4d:da:3f:80:14:16:84:dd:2b:e1:24:31:c8:09:
                    fe:0b:f7:c8:e2:b9:0f:a5:26:99:f6:e1:7a:0f:a1:
                    d8:1c:77:3f:75:f9:2d:b9:2b:fa:0f:a5:b6:73:4b:
                    a3:13:26:c5:47:4e:10:9f:a1:3f:af:ec:38:74:54:
                    8c:28:f7:06:81:c6:1a:59:ff:21:50:80:26:3f:a0:
                    78:fc:e1:b5:68:f1:00:cd:ba:31:5b:b5:93:c7:1f:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:65:C9:E0:C9:F8:85:A9:5B:98:5F:62:17:78:73:22:03:61:5E:15
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:d8:01:07:fa:85:19:2c:f5:13:bc:f1:ff:b6:53:50:dc:d8:
         17:cf:ac:0b:c8:ca:8c:7b:29:e1:06:2d:7d:a2:15:0e:1b:11:
         d0:a5:42:e8:6d:d3:59:a2:09:15:f3:5c:8d:83:de:5c:d9:96:
         ad:cb:db:95:e2:3d:70:c8:a3:aa:60:e5:30:86:90:49:f3:65:
         12:b2:cd:79:db:f3:43:3f:1e:5d:9f:04:05:61:ce:45:f0:04:
         f5:65:4d:08:00:27:b4:ec:2c:4e:10:c5:86:65:95:42:24:6d:
         7a:04:d6:62:c0:2d:80:cd:95:87:81:f0:c9:49:81:7b:4a:23:
         b7:5c:23:af:71:0b:56:ea:1c:d8:4a:9b:ee:c3:a5:45:77:a8:
         44:59:b9:49:f4:3e:dc:3c:d4:30:72:76:84:c8:ee:96:8c:4c:
         62:2d:d1:7c:7a:16:c0:a4:83:17:36:8f:6a:ea:0d:f4:53:a3:
         c1:98:db:79:e6:76:8e:b6:86:79:8d:b0:b4:94:95:f6:45:1a:
         85:02:73:8c:83:2b:79:54:b5:ae:9b:6e:55:3b:78:23:98:dd:
         f2:e4:53:b3:4a:0d:f2:af:b6:cf:70:0b:72:7a:3a:36:a1:85:
         e4:94:ab:10:e5:6d:cf:ee:6e:b7:67:6f:5b:d4:10:1f:2d:03:
         6c:05:82:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY9zOSRX5gB9oZLAmC2n+BF6LKDgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjEwMDQ5MTFaFw0yNjA2MjAwMDU0MTFaMDMxMTAvBgNV
BAMTKDg5NjVDOUUwQzlGODg1QTk1Qjk4NUY2MjE3Nzg3MzIyMDM2MTVFMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWtOja/SGxHk1IwE8j3C6KYudp
pQIGX8Y5IsbCRyKokE7pn8FY+jbK3s114wTIaBVA/ZLtnlbtrl6cOWkxio7XpldE
QI/ieH3SSyk3hO9qHDf+esQnhN+154PsokzyWe1PHwmd7tPlpEliI01laVCVY+qZ
AGN4Q+yiBw7stuWZO/2nIs7xeSSpUqHK0+nqlVCoAcPlqNyaWd4ue07HUItcXx8z
VN1N2j+AFBaE3SvhJDHICf4L98jiuQ+lJpn24XoPodgcdz91+S25K/oPpbZzS6MT
JsVHThCfoT+v7Dh0VIwo9waBxhpZ/yFQgCY/oHj84bVo8QDNujFbtZPHH9hXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiWXJ4Mn4halbmF9iF3hzIgNhXhUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08X
MA0GCSqGSIb3DQEBCwUAA4IBAQC42AEH+oUZLPUTvPH/tlNQ3NgXz6wLyMqMeynh
Bi19ohUOGxHQpULobdNZogkV81yNg95c2Zaty9uV4j1wyKOqYOUwhpBJ82USss15
2/NDPx5dnwQFYc5F8AT1ZU0IACe07CxOEMWGZZVCJG16BNZiwC2AzZWHgfDJSYF7
SiO3XCOvcQtW6hzYSpvuw6VFd6hEWblJ9D7cPNQwcnaEyO6WjExiLdF8ehbApIMX
No9q6g30U6PBmNt55naOtoZ5jbC0lJX2RRqFAnOMgyt5VLWum25VO3gjmN3y5FOz
Sg3yr7bPcAtyejo2oYXklKsQ5W3P7m63Z29b1BAfLQNsBYLr
-----END CERTIFICATE-----