Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS205398.roa
File:                     AS205398.roa (raw, json)
Hash identifier:          rroqp60xonk7Z1DkeERdSxO3ljErASMDbQMHnl0keyU=
Subject key identifier:   63:C4:7A:98:A2:90:13:C3:DD:C5:8E:8E:0F:7D:5A:82:EB:29:B3:EF
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       466CAC33563E7124CC40B4F0E73B049103736C07
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS205398.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     205398
IP address blocks:        2a0f:85c1:260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6c:ac:33:56:3e:71:24:cc:40:b4:f0:e7:3b:04:91:03:73:6c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=63C47A98A29013C3DDC58E8E0F7D5A82EB29B3EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:32:51:89:ac:2d:c1:29:0f:b5:bb:5b:ec:a9:
                    9e:a2:00:79:c7:97:bb:d9:58:63:b9:54:5f:73:6e:
                    1b:f5:64:21:7e:e2:b8:ea:48:ae:d4:d4:69:3f:b8:
                    0f:24:05:8d:70:26:17:ef:a6:ff:df:15:4f:39:b8:
                    f8:2e:e1:33:d2:4c:2f:c3:bd:97:58:b2:94:4f:38:
                    d8:2d:aa:ee:4c:02:37:47:22:b5:1c:62:b3:1b:a0:
                    32:49:f8:bb:dc:14:af:7b:37:b4:eb:37:49:52:c8:
                    ff:df:a9:d6:cb:f3:6f:c3:98:c1:70:9a:b5:0a:64:
                    3e:8f:9e:83:da:a7:6f:83:3d:60:bb:0e:1b:90:5a:
                    bc:d0:cd:ac:b9:50:ac:22:49:bf:eb:02:2a:5b:40:
                    cf:64:f4:bf:ab:94:a5:7c:e2:ec:be:ad:a1:22:b5:
                    3a:18:48:09:5c:c0:61:12:4c:cc:68:aa:e0:64:9f:
                    8a:c5:b0:12:f5:a2:af:f5:65:a9:b5:64:38:23:f1:
                    32:a4:5d:b1:d1:8b:ad:32:94:df:2e:0d:70:d3:af:
                    a7:71:2b:2c:9a:e5:a2:0b:5d:fd:82:69:09:93:84:
                    ad:62:de:1a:ba:7c:81:ea:34:3d:57:2a:89:5d:c7:
                    75:98:e7:f9:c2:37:a1:fb:48:d8:55:fb:7b:0a:36:
                    43:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C4:7A:98:A2:90:13:C3:DD:C5:8E:8E:0F:7D:5A:82:EB:29:B3:EF
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS205398.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:7c:ce:82:c8:18:04:06:e6:67:8d:89:2b:8b:42:3b:74:9e:
         c0:3d:18:fe:30:3a:a9:93:a2:9d:c9:b1:6d:92:12:f7:7d:b4:
         68:55:fe:c3:58:50:de:30:37:8d:ab:51:cc:95:c2:de:61:02:
         ee:3b:90:c1:ae:2f:f0:24:0e:7f:91:9c:8d:1c:53:8f:03:0d:
         dc:1c:96:e4:65:c6:b5:a5:79:3a:5d:61:e5:c7:83:0e:00:8c:
         a0:4c:a8:64:4e:66:66:2d:90:a6:c1:80:6d:70:07:20:af:25:
         71:6b:9d:c3:af:2f:87:0d:a7:10:f6:f2:1b:1e:b0:9b:d0:fc:
         90:4a:ac:96:92:a7:83:1a:5e:2f:7e:c1:b6:74:e6:5b:11:65:
         e6:fe:f8:bb:f8:4d:5e:35:0f:41:38:7c:af:15:96:8b:29:28:
         0f:2e:73:b2:da:fc:e8:d9:49:f8:dd:09:7c:15:46:0f:05:c3:
         30:32:cc:3f:58:b5:f5:c1:ae:02:6b:7c:ca:52:6a:24:d6:24:
         0f:78:81:9f:15:a3:df:d6:6e:e9:ca:f9:d1:59:fc:33:94:b4:
         be:46:bb:23:60:39:b3:fc:e7:77:bd:9d:11:e3:45:f8:71:0b:
         64:53:d2:1c:2b:16:01:d8:7c:31:a5:83:2a:03:34:85:2d:6c:
         68:04:50:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURmysM1Y+cSTMQLTw5zsEkQNzbAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDYzQzQ3QTk4QTI5MDEzQzNEREM1OEU4RTBGN0Q1QTgyRUIyOUIzRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPMlGJrC3BKQ+1u1vsqZ6iAHnH
l7vZWGO5VF9zbhv1ZCF+4rjqSK7U1Gk/uA8kBY1wJhfvpv/fFU85uPgu4TPSTC/D
vZdYspRPONgtqu5MAjdHIrUcYrMboDJJ+LvcFK97N7TrN0lSyP/fqdbL82/DmMFw
mrUKZD6PnoPap2+DPWC7DhuQWrzQzay5UKwiSb/rAipbQM9k9L+rlKV84uy+raEi
tToYSAlcwGESTMxoquBkn4rFsBL1oq/1Zam1ZDgj8TKkXbHRi60ylN8uDXDTr6dx
Kyya5aILXf2CaQmThK1i3hq6fIHqND1XKoldx3WY5/nCN6H7SNhV+3sKNkN1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUY8R6mKKQE8PdxY6OD31agusps+8wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA1Mzk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQJgMA0GCSqGSIb3DQEBCwUAA4IBAQBMfM6CyBgEBuZnjYkri0I7dJ7APRj+MDqp
k6KdybFtkhL3fbRoVf7DWFDeMDeNq1HMlcLeYQLuO5DBri/wJA5/kZyNHFOPAw3c
HJbkZca1pXk6XWHlx4MOAIygTKhkTmZmLZCmwYBtcAcgryVxa53Dry+HDacQ9vIb
HrCb0PyQSqyWkqeDGl4vfsG2dOZbEWXm/vi7+E1eNQ9BOHyvFZaLKSgPLnOy2vzo
2Un43Ql8FUYPBcMwMsw/WLX1wa4Ca3zKUmok1iQPeIGfFaPf1m7pyvnRWfwzlLS+
RrsjYDmz/Od3vZ0R40X4cQtkU9IcKxYB2HwxpYMqAzSFLWxoBFA4
-----END CERTIFICATE-----