Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS401838.roa
File:                     AS401838.roa (raw, json)
Hash identifier:          e8OPG2jqBTgHNDcANYBAeo8c4eSF+KQIh7bqqCFhwsA=
Subject key identifier:   09:BA:F9:0A:15:2C:08:DD:2B:B4:2D:1A:6F:3C:19:02:9F:6E:C3:0D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5043FD40E54DAF679170395D8179F42C04744D64
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS401838.roa
Signing time:             Wed 13 Aug 2025 05:14:17 +0000
ROA not before:           Wed 13 Aug 2025 05:09:17 +0000
ROA not after:            Wed 12 Aug 2026 05:14:17 +0000
asID:                     401838
IP address blocks:        45.155.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:43:fd:40:e5:4d:af:67:91:70:39:5d:81:79:f4:2c:04:74:4d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 13 05:09:17 2025 GMT
            Not After : Aug 12 05:14:17 2026 GMT
        Subject: CN=09BAF90A152C08DD2BB42D1A6F3C19029F6EC30D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:b3:67:d8:91:e2:16:a1:f9:3b:e6:dd:5f:
                    7d:0f:d7:25:9f:8c:ac:a6:78:db:ba:62:77:5d:e2:
                    37:df:2b:08:05:ab:a6:24:11:a1:09:44:6e:98:6b:
                    5b:34:78:d0:95:a2:d8:20:88:27:af:56:09:08:21:
                    8e:a3:3d:75:30:40:4e:e9:d6:07:dd:13:2f:c9:0a:
                    06:9c:e2:1d:61:43:f2:dc:5e:80:d7:17:d0:26:d3:
                    45:c1:59:09:dc:dd:a1:7b:0a:8d:e6:f3:6b:fa:9f:
                    8a:ae:bf:50:2e:26:8f:dc:6e:a5:06:34:e4:42:ca:
                    80:ca:86:54:ea:f8:09:e1:bd:1b:2a:e5:e9:93:6b:
                    7f:4f:7e:32:8b:17:f3:1a:ff:81:d6:b2:36:0a:15:
                    6d:b7:27:d7:86:50:ef:fe:91:3d:40:3a:71:90:93:
                    9d:d4:7f:a7:a7:68:ac:e9:15:5f:91:dc:6c:03:f8:
                    dc:b5:9a:8c:26:9b:85:6c:a8:2a:20:cb:70:b9:28:
                    ca:e2:4b:37:24:74:5a:8d:03:36:83:8e:e9:6d:1f:
                    ea:46:90:6c:2a:a4:73:a5:b5:c4:e5:be:cb:c9:7a:
                    e3:ca:57:8a:82:37:95:3c:52:39:a3:5f:2f:1d:c4:
                    f9:74:44:6d:a1:4c:40:18:8a:26:ce:23:83:4d:a0:
                    3b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BA:F9:0A:15:2C:08:DD:2B:B4:2D:1A:6F:3C:19:02:9F:6E:C3:0D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS401838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:0b:e8:91:9e:fa:4e:6b:4e:3b:8b:52:58:8d:a7:ba:01:d5:
         b5:1f:9b:74:69:6e:fb:22:8c:e7:bf:42:fa:86:28:6a:d0:9e:
         35:4b:72:4f:2a:59:1d:c5:ec:a5:05:fc:af:44:0b:0f:a7:d4:
         ca:23:18:4e:03:93:40:d0:e9:6a:b9:ae:99:6f:27:3b:52:df:
         7e:2c:74:91:39:b0:07:af:72:b5:17:2a:9a:15:3e:7b:be:9a:
         1f:3a:c7:d2:34:6f:82:a2:d2:da:fe:9b:0f:57:5e:d1:bb:57:
         11:1e:21:4b:8d:79:35:68:6c:46:a2:29:c0:fa:6e:20:c8:9d:
         41:69:03:1a:08:56:b4:8f:03:cc:da:da:60:3c:ee:3a:62:2f:
         21:48:91:f4:a3:5b:c3:7d:2f:28:da:28:3a:c6:f8:51:8f:a7:
         1b:c2:a8:99:ed:40:6c:53:82:ee:07:69:b7:bc:6c:45:08:ab:
         16:91:e4:9d:54:8f:72:13:e5:9a:4e:f8:1e:c9:ee:ba:f7:0a:
         95:1d:d5:5f:a5:6c:3f:a8:39:19:11:45:03:c2:8d:32:41:49:
         58:1a:73:92:d4:85:2d:f6:f1:b8:09:1f:83:44:01:5c:e0:5b:
         97:6e:41:b2:c3:6f:12:05:bf:b5:2d:1f:ad:33:d4:66:75:46:
         ab:14:4f:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUEP9QOVNr2eRcDldgXn0LAR0TWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MTMwNTA5MTdaFw0yNjA4MTIwNTE0MTdaMDMxMTAvBgNV
BAMTKDA5QkFGOTBBMTUyQzA4REQyQkI0MkQxQTZGM0MxOTAyOUY2RUMzMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3UrNn2JHiFqH5O+bdX30P1yWf
jKymeNu6Yndd4jffKwgFq6YkEaEJRG6Ya1s0eNCVotggiCevVgkIIY6jPXUwQE7p
1gfdEy/JCgac4h1hQ/LcXoDXF9Am00XBWQnc3aF7Co3m82v6n4quv1AuJo/cbqUG
NORCyoDKhlTq+AnhvRsq5emTa39PfjKLF/Ma/4HWsjYKFW23J9eGUO/+kT1AOnGQ
k53Uf6enaKzpFV+R3GwD+Ny1mowmm4VsqCogy3C5KMriSzckdFqNAzaDjultH+pG
kGwqpHOltcTlvsvJeuPKV4qCN5U8UjmjXy8dxPl0RG2hTEAYiibOI4NNoDvBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCbr5ChUsCN0rtC0abzwZAp9uww0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAxODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZsT
MA0GCSqGSIb3DQEBCwUAA4IBAQCoC+iRnvpOa047i1JYjae6AdW1H5t0aW77Iozn
v0L6hihq0J41S3JPKlkdxeylBfyvRAsPp9TKIxhOA5NA0Olqua6Zbyc7Ut9+LHSR
ObAHr3K1FyqaFT57vpofOsfSNG+CotLa/psPV17Ru1cRHiFLjXk1aGxGoinA+m4g
yJ1BaQMaCFa0jwPM2tpgPO46Yi8hSJH0o1vDfS8o2ig6xvhRj6cbwqiZ7UBsU4Lu
B2m3vGxFCKsWkeSdVI9yE+WaTvgeye669wqVHdVfpWw/qDkZEUUDwo0yQUlYGnOS
1IUt9vG4CR+DRAFc4FuXbkGyw28SBb+1LR+tM9RmdUarFE9Y
-----END CERTIFICATE-----