Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207764.roa
File:                     AS207764.roa (raw, json)
Hash identifier:          dMWQaOI1/2SYep4ZzJ8MD19EbbB5EBAgnWn73AQ82Ek=
Subject key identifier:   3F:15:5A:5A:48:EA:7F:2B:5E:1F:6C:8C:31:E6:FC:B2:F8:FA:2F:FB
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       32E0244E4B961324F3ACE01E84BB83217BDC8A8E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207764.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     207764
IP address blocks:        2a0f:85c1:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e0:24:4e:4b:96:13:24:f3:ac:e0:1e:84:bb:83:21:7b:dc:8a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=3F155A5A48EA7F2B5E1F6C8C31E6FCB2F8FA2FFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:89:b0:29:1b:7e:de:86:c1:14:ae:6f:82:35:
                    d3:4d:c2:87:cc:1d:a9:96:c4:11:79:22:e4:03:a8:
                    df:4f:a0:ed:04:b2:45:6b:49:f7:4b:27:e0:77:df:
                    b7:a0:35:46:48:68:34:9d:1f:0f:18:62:96:97:2d:
                    51:8d:9b:f5:5d:b3:ec:1f:68:12:30:1a:b7:18:b1:
                    5b:0b:e7:c2:bc:07:d7:4b:bb:1d:9d:93:b4:3e:54:
                    fb:90:72:07:39:e6:a4:a9:dd:6f:54:60:d3:18:6d:
                    9f:80:bf:ab:4a:78:33:fb:7c:79:23:82:e9:c9:64:
                    66:27:11:b5:67:c2:df:22:db:5f:8b:66:6e:34:3e:
                    01:7c:cb:cc:8a:63:40:26:42:14:99:63:c4:1c:32:
                    fb:44:23:51:9d:d6:75:b8:40:43:1a:99:7a:ff:8e:
                    8e:78:64:eb:c3:82:c5:c6:d1:b7:08:3b:a5:70:8b:
                    1d:b3:98:99:5d:0b:cc:24:d1:dc:54:40:16:5d:a2:
                    ad:1c:80:a1:6b:b5:82:39:8f:43:8b:4c:ca:e7:0b:
                    03:8e:16:aa:24:ed:96:80:31:ec:a4:7f:66:be:db:
                    ab:a1:73:9e:65:60:fb:7a:b5:97:f8:e9:1b:34:93:
                    e6:7d:2a:22:e7:1d:91:a8:8d:ad:76:a8:7c:45:e3:
                    d7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:15:5A:5A:48:EA:7F:2B:5E:1F:6C:8C:31:E6:FC:B2:F8:FA:2F:FB
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207764.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:f7:ca:40:63:90:d4:1d:24:91:dd:81:94:13:ce:c2:af:4b:
         41:28:60:fc:1f:8b:c5:ab:05:75:3d:5e:23:0b:a3:05:5f:77:
         49:70:91:3f:fd:4e:96:92:5e:b1:40:15:64:96:ba:e5:89:f2:
         0d:87:96:ed:d2:43:b4:73:d7:93:a1:8d:8b:81:a0:a7:20:3a:
         63:5e:6f:5c:8b:2d:fd:e8:ee:6e:19:12:7c:9f:9d:68:f3:08:
         21:61:86:a3:ce:63:b9:53:e9:7a:b8:ee:61:e6:32:11:c8:a4:
         b9:9d:fd:8e:3e:dc:de:8a:d2:a6:ba:a6:a6:f2:a8:39:1c:f6:
         ff:8a:01:76:af:f7:5f:c8:10:fa:f8:10:50:2a:30:3f:48:31:
         37:f3:f0:e8:43:d5:49:1e:72:b7:fc:31:4f:37:4c:b9:41:16:
         43:75:5d:1f:e4:0d:db:d7:e1:e1:c9:4d:2f:f3:bc:38:a9:48:
         71:fc:24:fc:5a:02:e4:e0:e4:93:3c:12:82:bc:fe:68:c8:df:
         74:6c:bd:b4:d3:aa:31:14:a1:28:5e:55:df:f2:4a:fe:79:e6:
         71:e3:a2:6d:6f:9f:13:7d:eb:2b:a4:00:66:ba:28:a8:24:34:
         92:6a:95:1b:9c:56:6b:d3:36:07:9c:00:55:a5:ca:d7:ad:95:
         1f:90:24:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMuAkTkuWEyTzrOAehLuDIXvcio4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKDNGMTU1QTVBNDhFQTdGMkI1RTFGNkM4QzMxRTZGQ0IyRjhGQTJGRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcibApG37ehsEUrm+CNdNNwofM
HamWxBF5IuQDqN9PoO0EskVrSfdLJ+B337egNUZIaDSdHw8YYpaXLVGNm/Vds+wf
aBIwGrcYsVsL58K8B9dLux2dk7Q+VPuQcgc55qSp3W9UYNMYbZ+Av6tKeDP7fHkj
gunJZGYnEbVnwt8i21+LZm40PgF8y8yKY0AmQhSZY8QcMvtEI1Gd1nW4QEMamXr/
jo54ZOvDgsXG0bcIO6Vwix2zmJldC8wk0dxUQBZdoq0cgKFrtYI5j0OLTMrnCwOO
Fqok7ZaAMeykf2a+26uhc55lYPt6tZf46Rs0k+Z9KiLnHZGoja12qHxF49ebAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPxVaWkjqfyteH2yMMeb8svj6L/swHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA3NzY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAgMA0GCSqGSIb3DQEBCwUAA4IBAQA498pAY5DUHSSR3YGUE87Cr0tBKGD8H4vF
qwV1PV4jC6MFX3dJcJE//U6Wkl6xQBVklrrlifINh5bt0kO0c9eToY2LgaCnIDpj
Xm9ciy396O5uGRJ8n51o8wghYYajzmO5U+l6uO5h5jIRyKS5nf2OPtzeitKmuqam
8qg5HPb/igF2r/dfyBD6+BBQKjA/SDE38/DoQ9VJHnK3/DFPN0y5QRZDdV0f5A3b
1+HhyU0v87w4qUhx/CT8WgLk4OSTPBKCvP5oyN90bL2006oxFKEoXlXf8kr+eeZx
46Jtb58TfesrpABmuiioJDSSapUbnFZr0zYHnABVpcrXrZUfkCRg
-----END CERTIFICATE-----