Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS973.roa
File:                     AS973.roa (raw, json)
Hash identifier:          f3xyHG8IoD5Y0WO8MU7zs2Y5z2GZr2h8haU/We7quxE=
Subject key identifier:   47:44:69:BB:7E:E3:28:57:BF:9D:72:81:36:C6:EC:50:60:FA:FC:C6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7DDB954744C32844302146F602F3F427EFB91FCD
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS973.roa
Signing time:             Wed 15 Oct 2025 23:09:50 +0000
ROA not before:           Wed 15 Oct 2025 23:04:50 +0000
ROA not after:            Wed 14 Oct 2026 23:09:50 +0000
asID:                     973
IP address blocks:        45.152.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:14:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:db:95:47:44:c3:28:44:30:21:46:f6:02:f3:f4:27:ef:b9:1f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 15 23:04:50 2025 GMT
            Not After : Oct 14 23:09:50 2026 GMT
        Subject: CN=474469BB7EE32857BF9D728136C6EC5060FAFCC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:dd:51:52:97:ae:9f:45:8a:1e:21:b8:ad:1e:
                    1e:70:94:bf:90:2e:13:e4:53:a7:cb:7b:74:53:75:
                    06:2b:e5:23:2a:61:aa:8d:43:ef:fd:0a:54:83:dc:
                    0d:cb:e1:6f:78:8d:b9:7c:ca:d7:1c:e1:a4:c4:cb:
                    eb:d2:18:bf:c5:d3:af:06:84:1c:79:eb:06:65:d2:
                    fe:6f:84:3c:0f:a2:09:33:50:94:51:28:5e:fe:77:
                    fa:ff:95:e4:6f:b8:6a:a9:a5:1b:aa:30:83:c6:09:
                    61:6b:26:a7:55:e6:a1:72:1d:8b:fe:a7:94:58:dc:
                    bb:ab:d9:75:a0:be:e7:a5:75:d9:22:fc:d3:de:5b:
                    d1:34:9d:b9:5d:86:78:7d:bb:e3:0d:b8:c2:18:cd:
                    4d:69:58:c6:8b:10:cd:ed:87:d9:47:ad:d9:4f:9f:
                    62:74:cf:b4:a6:25:d7:cc:0f:14:8a:5d:32:49:04:
                    ed:2d:cb:44:24:38:0f:1d:a4:4e:1e:fb:79:87:89:
                    36:c7:11:07:ef:18:19:9f:13:f2:67:3b:50:65:76:
                    22:cb:08:d5:f0:16:94:34:5f:99:6f:0b:f1:32:fa:
                    63:c2:b0:29:6c:f6:55:50:59:83:b6:b6:f9:0f:2c:
                    3f:62:70:aa:1a:e9:2d:6f:8e:1b:db:a1:b5:bc:50:
                    a5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:44:69:BB:7E:E3:28:57:BF:9D:72:81:36:C6:EC:50:60:FA:FC:C6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS973.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:e7:c4:32:85:1b:0b:20:6b:f1:fb:d3:e9:0c:af:be:93:96:
         93:02:5e:0b:86:93:4d:99:7f:f9:4e:1e:62:99:2a:4f:e5:da:
         f0:1b:d5:b6:bf:4d:76:c1:f1:f9:31:8e:35:2b:d2:45:02:5e:
         3c:25:fb:65:c9:b3:33:a5:ef:66:28:28:b5:34:3d:4a:7e:e2:
         a5:a9:fe:0c:63:48:10:e2:ee:68:eb:f7:27:47:94:71:ed:0f:
         9e:74:4c:e1:5f:c4:b7:75:58:ea:76:b6:93:68:ce:45:e7:fe:
         89:ec:82:20:b5:71:00:18:91:cc:6f:c5:4b:b4:99:3b:f3:75:
         09:2e:0a:bf:04:d0:26:21:97:25:20:c9:a5:39:a2:a9:a1:d8:
         d3:3a:58:c5:58:99:53:2a:35:4c:2f:25:1e:d1:d0:f7:9c:66:
         83:37:95:c7:16:38:81:f4:3f:75:b5:2a:35:26:81:81:c7:85:
         8d:ee:a7:8b:9b:74:7d:79:48:ba:25:a9:32:23:0d:60:61:e1:
         84:70:11:9c:c0:29:9d:ba:d5:a0:cc:94:8b:ec:af:5b:85:ab:
         5c:ca:1a:6c:6f:85:1f:45:89:11:bb:27:39:66:5f:d5:07:c7:
         a7:9b:47:94:97:43:92:57:a0:0a:f8:03:bb:e7:da:22:f8:76:
         ab:cb:89:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUfduVR0TDKEQwIUb2AvP0J++5H80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMTUyMzA0NTBaFw0yNjEwMTQyMzA5NTBaMDMxMTAvBgNV
BAMTKDQ3NDQ2OUJCN0VFMzI4NTdCRjlENzI4MTM2QzZFQzUwNjBGQUZDQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY3VFSl66fRYoeIbitHh5wlL+Q
LhPkU6fLe3RTdQYr5SMqYaqNQ+/9ClSD3A3L4W94jbl8ytcc4aTEy+vSGL/F068G
hBx56wZl0v5vhDwPogkzUJRRKF7+d/r/leRvuGqppRuqMIPGCWFrJqdV5qFyHYv+
p5RY3Lur2XWgvuelddki/NPeW9E0nbldhnh9u+MNuMIYzU1pWMaLEM3th9lHrdlP
n2J0z7SmJdfMDxSKXTJJBO0ty0QkOA8dpE4e+3mHiTbHEQfvGBmfE/JnO1BldiLL
CNXwFpQ0X5lvC/Ey+mPCsCls9lVQWYO2tvkPLD9icKoa6S1vjhvbobW8UKUNAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUR0Rpu37jKFe/nXKBNsbsUGD6/MYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTczLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBu58QyhRsLIGvx+9PpDK++k5aTAl4LhpNNmX/5Th5i
mSpP5drwG9W2v012wfH5MY41K9JFAl48JftlybMzpe9mKCi1ND1KfuKlqf4MY0gQ
4u5o6/cnR5Rx7Q+edEzhX8S3dVjqdraTaM5F5/6J7IIgtXEAGJHMb8VLtJk783UJ
Lgq/BNAmIZclIMmlOaKpodjTOljFWJlTKjVMLyUe0dD3nGaDN5XHFjiB9D91tSo1
JoGBx4WN7qeLm3R9eUi6JakyIw1gYeGEcBGcwCmdutWgzJSL7K9bhatcyhpsb4Uf
RYkRuyc5Zl/VB8enm0eUl0OSV6AK+AO759oi+Hary4mK
-----END CERTIFICATE-----