Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS204844.roa
File:                     AS204844.roa (raw, json)
Hash identifier:          TYQol8dH6K+tfSxlbVN79n82fud3Im83VW+gJRXBPeI=
Subject key identifier:   EE:BD:2C:6C:7F:F4:FB:B1:34:25:89:02:EC:54:61:22:FC:B1:D0:78
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5631A1BC54F5F481F0F7FF732936854B431D114F
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS204844.roa
Signing time:             Thu 06 Jun 2024 03:43:37 +0000
ROA not before:           Thu 06 Jun 2024 03:38:37 +0000
ROA not after:            Thu 05 Jun 2025 03:43:37 +0000
asID:                     204844
IP address blocks:        2a0f:85c1:801::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:31:a1:bc:54:f5:f4:81:f0:f7:ff:73:29:36:85:4b:43:1d:11:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun  6 03:38:37 2024 GMT
            Not After : Jun  5 03:43:37 2025 GMT
        Subject: CN=EEBD2C6C7FF4FBB134258902EC546122FCB1D078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:04:90:6f:c8:d8:41:66:11:91:b6:dd:d9:6e:
                    79:f8:f9:2a:71:3a:1b:83:61:1a:ef:d9:b4:1f:9e:
                    c4:f6:5b:1c:b0:05:53:17:35:b7:a2:b1:45:f5:d1:
                    73:71:46:8a:53:bf:90:46:78:c5:04:18:5f:8a:a2:
                    c5:75:ec:69:cd:32:67:04:f9:9a:4b:e4:1f:4e:4f:
                    ac:ee:9d:dd:8b:23:11:3a:2f:b9:60:ac:2b:5d:29:
                    49:80:2c:69:a7:c1:40:ee:68:c9:ee:03:1f:25:93:
                    dd:5a:ee:bc:8a:44:e6:ec:12:cd:90:32:89:17:86:
                    34:0b:ac:ab:37:dc:80:e1:2f:05:52:51:74:3b:63:
                    e2:ae:cf:a7:b6:d0:fb:54:6f:5c:3b:09:e0:c4:f1:
                    b8:50:b1:1a:ce:9e:6c:cd:dc:3e:4c:c6:6a:be:09:
                    4f:c0:8a:0d:79:26:c5:e6:0b:60:49:ff:a1:06:00:
                    fd:e6:65:c5:fb:db:60:41:24:e6:de:8e:37:39:14:
                    83:39:2f:02:27:81:69:08:e7:fb:f5:d4:54:f7:9f:
                    2d:87:cf:99:ea:a6:75:08:b3:c5:df:51:74:d2:38:
                    8c:dc:85:5a:e2:a2:5f:d0:c7:c7:66:3e:81:20:a1:
                    ef:46:72:86:83:06:d4:fd:16:66:7c:d4:e0:41:ce:
                    75:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:BD:2C:6C:7F:F4:FB:B1:34:25:89:02:EC:54:61:22:FC:B1:D0:78
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS204844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:801::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:52:49:52:fe:97:56:27:d4:7a:8e:2d:83:d6:b6:72:13:ec:
         bc:89:e9:a1:52:2d:e7:a6:04:41:17:0f:85:da:96:ca:aa:d4:
         64:5a:9e:38:e8:5c:1c:7e:95:62:37:71:74:66:90:e5:8b:50:
         6e:ee:60:d2:57:d8:6c:e5:44:be:9b:3e:f6:73:ec:47:97:53:
         ed:e5:60:04:e5:69:cd:2a:eb:04:77:1e:a2:fa:99:fd:6f:74:
         4d:24:89:d2:7a:db:20:fb:1b:b2:05:60:bd:ac:fc:e6:af:b4:
         15:88:bb:9f:2a:76:bf:29:0c:26:b3:4c:c4:a6:68:e5:44:34:
         79:6a:fd:52:e7:bb:dd:73:46:26:54:45:fb:a7:f2:e2:46:f3:
         b7:1b:88:90:19:1b:0b:f9:ea:48:30:f8:3f:a0:ba:c3:08:f9:
         65:8a:1a:2e:78:26:35:40:4b:44:32:3c:25:ae:e8:e4:b4:a6:
         ea:88:d7:01:c8:aa:07:85:9a:22:58:0c:92:73:33:9c:7a:de:
         49:e4:e5:06:f0:9f:b7:89:4f:26:24:3d:bd:76:3f:ac:5d:79:
         74:9c:d9:42:b5:c9:aa:5f:4b:07:ed:11:1c:44:e4:d3:94:72:
         62:37:74:82:b6:03:fe:96:31:2d:4a:f3:f1:62:d9:8a:bf:45:
         54:6c:1b:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVjGhvFT19IHw9/9zKTaFS0MdEU8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MDYwMzM4MzdaFw0yNTA2MDUwMzQzMzdaMDMxMTAvBgNV
BAMTKEVFQkQyQzZDN0ZGNEZCQjEzNDI1ODkwMkVDNTQ2MTIyRkNCMUQwNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBJBvyNhBZhGRtt3Zbnn4+Spx
OhuDYRrv2bQfnsT2WxywBVMXNbeisUX10XNxRopTv5BGeMUEGF+KosV17GnNMmcE
+ZpL5B9OT6zund2LIxE6L7lgrCtdKUmALGmnwUDuaMnuAx8lk91a7ryKRObsEs2Q
MokXhjQLrKs33IDhLwVSUXQ7Y+Kuz6e20PtUb1w7CeDE8bhQsRrOnmzN3D5Mxmq+
CU/Aig15JsXmC2BJ/6EGAP3mZcX722BBJObejjc5FIM5LwIngWkI5/v11FT3ny2H
z5nqpnUIs8XfUXTSOIzchVriol/Qx8dmPoEgoe9GcoaDBtT9FmZ81OBBznWjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU7r0sbH/0+7E0JYkC7FRhIvyx0HgwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA0ODQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgBMA0GCSqGSIb3DQEBCwUAA4IBAQAnUklS/pdWJ9R6ji2D1rZyE+y8iemhUi3n
pgRBFw+F2pbKqtRkWp446FwcfpViN3F0ZpDli1Bu7mDSV9hs5US+mz72c+xHl1Pt
5WAE5WnNKusEdx6i+pn9b3RNJInSetsg+xuyBWC9rPzmr7QViLufKna/KQwms0zE
pmjlRDR5av1S57vdc0YmVEX7p/LiRvO3G4iQGRsL+epIMPg/oLrDCPllihoueCY1
QEtEMjwlrujktKbqiNcByKoHhZoiWAySczOcet5J5OUG8J+3iU8mJD29dj+sXXl0
nNlCtcmqX0sH7REcROTTlHJiN3SCtgP+ljEtSvPxYtmKv0VUbBvC
-----END CERTIFICATE-----