Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207451.roa
File:                     AS207451.roa (raw, json)
Hash identifier:          InlxWqpR4fq+KxFfHLtqDeTv36dfEWOKryDB2Z+nq+g=
Subject key identifier:   C9:80:35:16:EE:95:0C:81:05:39:DE:F0:8E:58:34:F6:6F:A5:18:C1
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       4D060E1E0434E1DD600558C0D11C3387372B754C
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207451.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     207451
IP address blocks:        2a0f:85c1:213::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:06:0e:1e:04:34:e1:dd:60:05:58:c0:d1:1c:33:87:37:2b:75:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=C9803516EE950C810539DEF08E5834F66FA518C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0e:4c:60:49:c2:2f:fe:bb:bf:6f:4c:0b:5b:
                    4e:10:df:e1:22:ce:7c:35:d7:b5:a1:52:d8:01:5c:
                    bf:62:0b:f8:6a:c5:30:04:5f:9e:c4:22:62:b1:12:
                    76:78:bd:a1:96:f7:8d:17:77:72:48:64:a6:9c:6e:
                    40:ab:b2:78:93:39:f4:d0:a4:87:52:08:5a:24:b4:
                    a2:6c:a1:6a:ec:9b:08:8e:bc:59:db:d5:1b:5a:60:
                    22:16:cf:62:f9:84:bc:d1:3e:50:9d:b1:17:4f:50:
                    52:e3:af:c9:94:c8:67:1f:13:05:b1:b1:2b:b9:9c:
                    80:c9:3f:19:86:75:7a:39:59:6e:f6:1d:65:67:4b:
                    d6:d5:cb:54:b0:da:b5:68:1d:7b:d2:4a:fa:03:e2:
                    7c:e7:42:9a:f4:ad:cd:12:61:ae:18:3d:72:67:af:
                    90:57:c6:87:7a:b0:72:9f:1c:df:b2:81:79:7d:71:
                    79:38:42:a8:74:66:9e:a2:eb:80:f2:fd:4b:2e:1e:
                    27:8f:38:61:e4:ed:ab:be:1d:c6:ce:e3:d5:2a:d7:
                    90:7a:e9:ca:65:13:f7:0b:b6:ea:bc:70:92:98:0f:
                    e1:ce:61:ef:21:d0:2b:04:b3:06:86:af:a7:4e:c6:
                    f9:a3:3c:01:34:b0:15:8a:57:31:b3:9a:78:3b:bd:
                    37:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:80:35:16:EE:95:0C:81:05:39:DE:F0:8E:58:34:F6:6F:A5:18:C1
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:213::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:77:94:1b:e8:86:8e:dc:f8:72:21:bc:64:83:c7:52:ad:76:
         b2:7f:63:e9:c6:1f:a1:ad:81:2b:8d:13:d2:ad:cb:1a:1e:16:
         9e:f2:9b:af:de:9c:38:36:79:6c:89:fa:d6:5e:ac:6e:ff:7f:
         a3:8d:8d:7a:7c:1e:ef:a6:e1:3d:fe:90:c6:82:4f:ba:f0:cd:
         ce:95:59:07:2c:0e:6c:04:20:89:15:e6:cb:43:a1:84:a5:91:
         5e:74:e8:8e:59:1a:3d:ca:51:6b:fe:29:32:8b:77:f3:09:0c:
         45:62:b1:8d:a3:08:3f:7c:0b:12:60:6a:87:5f:19:c3:b1:c2:
         54:30:f6:d5:61:82:bc:91:40:fa:ac:38:8c:9a:47:f6:4d:eb:
         97:6c:ea:e8:38:ed:81:8d:29:fa:55:01:7e:c3:bb:41:67:83:
         1a:36:ca:47:55:65:d5:c5:8b:e8:7a:cb:61:a3:7f:82:a0:32:
         37:db:e2:d3:f2:fa:83:99:d8:01:4c:4c:af:68:1b:93:9f:bc:
         2f:12:f5:ec:f1:21:a0:1a:e4:03:a6:04:b5:cd:c5:77:9f:27:
         29:35:2c:80:98:3e:7d:d6:10:c7:9f:f3:66:53:c1:27:ab:ce:
         85:37:5d:d9:5e:e7:75:ef:ac:6a:74:63:00:17:d3:b8:49:b6:
         37:bc:f3:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTQYOHgQ04d1gBVjA0RwzhzcrdUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKEM5ODAzNTE2RUU5NTBDODEwNTM5REVGMDhFNTgzNEY2NkZBNTE4QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSDkxgScIv/ru/b0wLW04Q3+Ei
znw117WhUtgBXL9iC/hqxTAEX57EImKxEnZ4vaGW940Xd3JIZKacbkCrsniTOfTQ
pIdSCFoktKJsoWrsmwiOvFnb1RtaYCIWz2L5hLzRPlCdsRdPUFLjr8mUyGcfEwWx
sSu5nIDJPxmGdXo5WW72HWVnS9bVy1Sw2rVoHXvSSvoD4nznQpr0rc0SYa4YPXJn
r5BXxod6sHKfHN+ygXl9cXk4Qqh0Zp6i64Dy/UsuHiePOGHk7au+HcbO49Uq15B6
6cplE/cLtuq8cJKYD+HOYe8h0CsEswaGr6dOxvmjPAE0sBWKVzGzmng7vTe5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyYA1Fu6VDIEFOd7wjlg09m+lGMEwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA3NDUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQITMA0GCSqGSIb3DQEBCwUAA4IBAQBZd5Qb6IaO3PhyIbxkg8dSrXayf2Ppxh+h
rYErjRPSrcsaHhae8puv3pw4NnlsifrWXqxu/3+jjY16fB7vpuE9/pDGgk+68M3O
lVkHLA5sBCCJFebLQ6GEpZFedOiOWRo9ylFr/ikyi3fzCQxFYrGNowg/fAsSYGqH
XxnDscJUMPbVYYK8kUD6rDiMmkf2TeuXbOroOO2BjSn6VQF+w7tBZ4MaNspHVWXV
xYvoestho3+CoDI32+LT8vqDmdgBTEyvaBuTn7wvEvXs8SGgGuQDpgS1zcV3nycp
NSyAmD591hDHn/NmU8Enq86FN13ZXud176xqdGMAF9O4SbY3vPN2
-----END CERTIFICATE-----