Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207842.roa
File:                     AS207842.roa (raw, json)
Hash identifier:          jQzs4I6aerMrdQylWPhucTu89ZUbMlv76l37m6H1wso=
Subject key identifier:   3E:0A:77:6C:FA:E0:12:1B:78:80:40:7A:40:A7:53:91:BC:77:88:76
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7F05F087A1AD725D08FED36E43CA93610D104596
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207842.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     207842
IP address blocks:        2a0f:85c1:220::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:05:f0:87:a1:ad:72:5d:08:fe:d3:6e:43:ca:93:61:0d:10:45:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=3E0A776CFAE0121B7880407A40A75391BC778876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cf:1c:12:c4:8a:33:d2:5e:3e:d6:fb:93:b9:
                    78:dd:4f:c9:3f:1d:68:f5:86:8e:d5:6a:72:7a:02:
                    41:99:b9:ac:3f:a1:a6:03:1a:87:d2:9c:c8:b4:05:
                    de:ba:52:72:49:0d:c6:de:11:7c:e0:1a:38:bf:4a:
                    5e:26:66:94:92:7e:a5:86:25:0e:e6:e8:f7:13:2b:
                    e8:c0:3f:60:4d:92:d3:b6:30:2d:c6:62:f1:d6:10:
                    85:54:2c:65:fd:62:84:8a:9a:ce:3d:10:fc:ab:b2:
                    4a:e9:55:68:0e:b7:94:f5:a9:ba:c2:81:b9:7b:90:
                    01:bc:23:73:e2:7d:ef:0a:af:61:f3:c6:94:33:e6:
                    ba:25:89:0f:b9:f9:2a:b8:fd:09:1e:02:ab:75:0d:
                    23:ef:63:21:73:3c:ae:d0:89:35:12:ae:63:d1:2d:
                    e1:24:36:20:f1:55:9c:a5:f6:f8:f4:ec:91:89:0b:
                    df:25:bd:7e:a5:77:ca:f6:09:b1:22:07:00:a7:ae:
                    d8:4d:06:96:ef:13:e3:c7:fd:f2:9e:b5:49:9c:f8:
                    53:aa:5a:93:04:ff:a7:3f:87:f9:40:19:76:31:07:
                    a2:da:44:39:cb:e9:28:de:f1:34:2a:31:c0:d5:60:
                    03:c9:08:9f:e4:de:a3:39:94:c4:f6:72:e0:56:03:
                    e5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:0A:77:6C:FA:E0:12:1B:78:80:40:7A:40:A7:53:91:BC:77:88:76
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:220::/44

    Signature Algorithm: sha256WithRSAEncryption
         b7:c2:a0:70:54:35:aa:db:7f:c0:0e:a8:14:10:af:2b:d1:fe:
         5e:ee:0f:ec:8f:2e:bc:4a:65:70:3b:09:cd:1c:cb:73:31:4a:
         41:95:87:a5:15:a8:29:56:06:e1:3d:c1:72:a0:f0:83:17:91:
         f3:1c:e7:ee:6a:86:77:6e:99:80:f3:3a:60:5f:7c:49:af:72:
         98:1d:15:08:26:81:e7:c5:86:b4:fc:8b:c2:f0:4a:54:f7:db:
         07:b4:2b:0b:d8:71:e1:91:2a:11:bd:41:eb:81:df:a3:7c:f9:
         dd:fe:ff:2a:fc:87:fb:31:f5:d9:62:01:5a:ad:fc:db:02:4b:
         b7:a3:8f:2f:9a:86:ab:97:42:84:dd:e7:49:ed:16:7f:13:57:
         db:2c:e9:c3:89:50:07:79:b3:06:8f:a4:4e:d5:0f:f4:67:c8:
         ce:f6:eb:8f:77:e8:a0:ce:bc:ba:af:42:a0:a4:0d:65:89:9b:
         3f:6f:a9:13:23:ea:c8:e9:eb:7c:a4:ee:50:cb:66:54:96:90:
         aa:d8:23:30:aa:ed:b5:84:62:d7:9b:53:fc:da:dd:a4:cd:19:
         6f:a7:17:a3:c3:01:16:45:26:dc:4e:8b:80:7c:98:a5:6b:86:
         08:d2:4f:a3:4a:0c:3a:1d:de:45:27:f4:b2:cc:94:16:37:01:
         9b:f6:38:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfwXwh6Gtcl0I/tNuQ8qTYQ0QRZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKDNFMEE3NzZDRkFFMDEyMUI3ODgwNDA3QTQwQTc1MzkxQkM3Nzg4NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZzxwSxIoz0l4+1vuTuXjdT8k/
HWj1ho7VanJ6AkGZuaw/oaYDGofSnMi0Bd66UnJJDcbeEXzgGji/Sl4mZpSSfqWG
JQ7m6PcTK+jAP2BNktO2MC3GYvHWEIVULGX9YoSKms49EPyrskrpVWgOt5T1qbrC
gbl7kAG8I3Pife8Kr2HzxpQz5roliQ+5+Sq4/QkeAqt1DSPvYyFzPK7QiTUSrmPR
LeEkNiDxVZyl9vj07JGJC98lvX6ld8r2CbEiBwCnrthNBpbvE+PH/fKetUmc+FOq
WpME/6c/h/lAGXYxB6LaRDnL6Sje8TQqMcDVYAPJCJ/k3qM5lMT2cuBWA+WlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPgp3bPrgEht4gEB6QKdTkbx3iHYwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA3ODQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQIgMA0GCSqGSIb3DQEBCwUAA4IBAQC3wqBwVDWq23/ADqgUEK8r0f5e7g/sjy68
SmVwOwnNHMtzMUpBlYelFagpVgbhPcFyoPCDF5HzHOfuaoZ3bpmA8zpgX3xJr3KY
HRUIJoHnxYa0/IvC8EpU99sHtCsL2HHhkSoRvUHrgd+jfPnd/v8q/If7MfXZYgFa
rfzbAku3o48vmoarl0KE3edJ7RZ/E1fbLOnDiVAHebMGj6RO1Q/0Z8jO9uuPd+ig
zry6r0KgpA1liZs/b6kTI+rI6et8pO5Qy2ZUlpCq2CMwqu21hGLXm1P82t2kzRlv
pxejwwEWRSbcTouAfJila4YI0k+jSgw6Hd5FJ/SyzJQWNwGb9jiQ
-----END CERTIFICATE-----