Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS202239.roa
File:                     AS202239.roa (raw, json)
Hash identifier:          7cynBXcUn7O2E6vcHN5KWzr96KhCe+Q+ZEyMU3PFkHg=
Subject key identifier:   B9:86:96:52:98:82:F3:D3:B7:D2:76:7B:9A:67:29:03:46:77:FE:1F
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       0DBA12B9F8D47A122C2954AF6F4F504EAD24C880
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS202239.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     202239
IP address blocks:        2a0f:85c1:211::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ba:12:b9:f8:d4:7a:12:2c:29:54:af:6f:4f:50:4e:ad:24:c8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=B98696529882F3D3B7D2767B9A6729034677FE1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a4:a0:14:d3:6c:64:89:4b:aa:d4:29:1a:21:
                    04:dc:32:96:ed:8b:20:a4:fc:d5:cf:05:de:54:49:
                    b5:e8:2c:1b:e7:2d:62:18:6d:80:3d:03:02:c2:f1:
                    a1:43:47:5f:be:8d:56:0f:d9:2c:40:e1:6f:44:b4:
                    45:5c:19:8e:66:6e:9e:1e:bb:8f:48:8f:af:0f:39:
                    76:1d:79:e4:ca:b7:09:d2:d4:cf:f7:55:52:59:51:
                    0a:a7:f9:43:dd:de:b7:2f:19:cc:22:be:6c:00:e3:
                    67:10:f5:b3:e0:fd:aa:a4:ce:0e:85:5d:c6:a4:69:
                    76:75:ac:46:17:dd:f2:f9:a1:e3:b1:6a:64:8a:15:
                    3d:22:a5:99:15:51:d4:5d:8f:c4:65:8e:c9:00:9f:
                    88:93:e2:2e:30:51:79:2b:d8:40:3c:22:25:6a:9f:
                    e6:60:dc:d3:12:4e:95:a2:24:4d:60:73:0f:83:d9:
                    e0:cf:20:1f:23:03:65:1f:f0:3a:40:02:9e:a7:78:
                    80:b6:e0:9f:75:e1:ce:41:3b:f3:e0:2c:2f:b4:f5:
                    9c:b7:d9:2a:4d:99:5c:95:57:8e:e1:0a:30:67:52:
                    14:6d:ac:35:ee:99:bb:55:dc:5e:51:18:30:9f:1f:
                    1f:fe:d2:17:ef:fb:d5:fd:5e:48:2a:c8:31:bd:a5:
                    a0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:86:96:52:98:82:F3:D3:B7:D2:76:7B:9A:67:29:03:46:77:FE:1F
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS202239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:211::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:2a:1b:94:2c:23:24:76:93:82:7a:99:ab:0b:bb:5e:2f:36:
         4c:c9:d5:68:3c:e9:cc:b6:30:e4:40:26:c5:31:ac:1d:8d:0e:
         17:dd:1f:4c:27:9b:49:a5:d9:59:2d:af:74:7f:46:fc:71:46:
         73:6c:d7:84:50:fb:eb:f0:56:bf:41:84:f6:1f:ad:35:1c:d6:
         b9:62:7c:4d:fe:64:a7:33:b7:21:42:58:7b:df:ca:46:35:a5:
         d2:5d:23:02:31:54:50:96:fa:c4:03:46:b4:0f:d8:b6:35:fc:
         5e:64:39:f3:65:0f:ff:93:89:86:10:6a:fa:e2:84:df:8a:53:
         d0:bb:da:74:92:19:99:a8:d6:52:23:32:b0:61:ae:02:97:3d:
         77:ad:9c:93:bc:da:0a:37:f9:87:d5:42:77:38:72:55:b8:6b:
         f9:7c:97:fb:dd:b3:12:7c:ff:13:26:26:69:ba:cc:dc:3f:aa:
         90:71:29:7e:a4:e7:a0:81:5d:83:69:b8:c3:dd:39:52:e6:85:
         ed:ff:2e:cb:e7:87:4a:3f:c5:a4:02:02:8b:9d:65:3b:2a:45:
         3a:70:ce:cd:af:71:28:54:e7:d8:c9:bf:b5:d3:76:2a:56:73:
         cf:6f:ac:92:88:69:49:69:21:89:d8:fe:44:b4:8f:8a:80:c1:
         19:38:3e:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDboSufjUehIsKVSvb09QTq0kyIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKEI5ODY5NjUyOTg4MkYzRDNCN0QyNzY3QjlBNjcyOTAzNDY3N0ZFMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFpKAU02xkiUuq1CkaIQTcMpbt
iyCk/NXPBd5USbXoLBvnLWIYbYA9AwLC8aFDR1++jVYP2SxA4W9EtEVcGY5mbp4e
u49Ij68POXYdeeTKtwnS1M/3VVJZUQqn+UPd3rcvGcwivmwA42cQ9bPg/aqkzg6F
XcakaXZ1rEYX3fL5oeOxamSKFT0ipZkVUdRdj8RljskAn4iT4i4wUXkr2EA8IiVq
n+Zg3NMSTpWiJE1gcw+D2eDPIB8jA2Uf8DpAAp6neIC24J914c5BO/PgLC+09Zy3
2SpNmVyVV47hCjBnUhRtrDXumbtV3F5RGDCfHx/+0hfv+9X9XkgqyDG9paBZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUuYaWUpiC89O30nZ7mmcpA0Z3/h8wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjAyMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQIRMA0GCSqGSIb3DQEBCwUAA4IBAQB8KhuULCMkdpOCepmrC7teLzZMydVoPOnM
tjDkQCbFMawdjQ4X3R9MJ5tJpdlZLa90f0b8cUZzbNeEUPvr8Fa/QYT2H601HNa5
YnxN/mSnM7chQlh738pGNaXSXSMCMVRQlvrEA0a0D9i2NfxeZDnzZQ//k4mGEGr6
4oTfilPQu9p0khmZqNZSIzKwYa4Clz13rZyTvNoKN/mH1UJ3OHJVuGv5fJf73bMS
fP8TJiZpuszcP6qQcSl+pOeggV2DabjD3TlS5oXt/y7L54dKP8WkAgKLnWU7KkU6
cM7Nr3EoVOfYyb+103YqVnPPb6ySiGlJaSGJ2P5EtI+KgMEZOD5T
-----END CERTIFICATE-----