Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS208751.roa
File:                     AS208751.roa (raw, json)
Hash identifier:          cThCubNA0hHYJ4UYWHlMCx/sRn/wd1Y5HeiUo9WbDY0=
Subject key identifier:   5F:02:46:E6:A8:FB:93:81:E2:28:6E:0F:0C:EF:05:04:2A:06:23:1B
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6A1FC92E2BF89DB5FCADDF342ECB9F4BBFA31914
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS208751.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     208751
IP address blocks:        2a0f:85c0:910::/44 maxlen: 44
                          2a0f:85c1:10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:1f:c9:2e:2b:f8:9d:b5:fc:ad:df:34:2e:cb:9f:4b:bf:a3:19:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=5F0246E6A8FB9381E2286E0F0CEF05042A06231B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b6:a3:8c:37:52:ec:b1:3f:85:01:bc:1a:ee:
                    18:45:b8:98:41:30:b5:3f:6f:70:97:05:89:62:59:
                    24:1f:92:44:c6:6b:ac:dd:65:28:fd:6f:ba:17:f8:
                    49:71:0e:03:53:32:4c:61:5a:5b:59:34:a9:be:ae:
                    f1:37:3c:04:9c:7e:d7:33:ba:90:80:03:42:a5:30:
                    96:91:ea:24:d7:70:c2:ae:90:4e:75:83:fe:e6:6b:
                    48:a4:64:88:32:5e:c7:82:7a:49:84:5b:f6:74:28:
                    65:69:3e:c8:4f:30:76:70:59:49:e0:ec:49:89:56:
                    ed:a8:fb:aa:2c:75:b3:0e:e2:29:28:57:02:d6:c8:
                    7f:fc:d6:80:94:04:4f:79:e4:b8:35:77:bd:44:cd:
                    db:4e:e7:3a:31:d1:e8:c9:ef:cc:1b:12:c6:9b:80:
                    2d:42:b4:b2:a2:77:13:d4:c6:ca:40:74:b0:04:ad:
                    61:db:61:68:ca:85:63:b3:f8:4e:96:60:0b:0e:92:
                    ba:80:76:59:d0:8f:ad:70:e8:00:ce:c5:3a:90:78:
                    b7:71:fd:f0:62:9c:f6:24:86:80:3e:6f:0a:a8:dd:
                    46:e2:86:77:ba:f3:29:41:fc:c0:99:eb:3e:b5:7f:
                    d0:df:63:48:7f:d6:75:0b:8e:0c:da:f9:b5:d9:5e:
                    a3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:02:46:E6:A8:FB:93:81:E2:28:6E:0F:0C:EF:05:04:2A:06:23:1B
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS208751.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c0:910::/44
                  2a0f:85c1:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:5d:e3:8d:0e:33:98:f4:db:87:78:1b:4c:38:46:50:74:0c:
         c7:3b:c0:07:96:43:16:c0:52:70:2b:48:a5:35:ff:15:cd:ac:
         5f:d4:65:bf:31:00:01:1c:8f:f3:26:7f:b3:f9:d9:6d:bf:be:
         91:b9:a9:69:74:85:f5:d5:30:09:6d:87:41:e5:7f:a3:5e:26:
         96:45:27:00:27:be:66:29:77:34:24:4c:38:f9:ef:fb:86:36:
         0f:c6:6b:c8:ce:c5:d7:27:27:51:29:7f:87:f1:35:fa:1b:93:
         8f:06:af:fa:b1:e6:72:47:f5:e9:91:9f:47:a2:63:f1:cc:10:
         c1:ff:a3:3c:cb:d2:5d:de:b7:52:88:52:d2:75:1d:3e:a5:4d:
         64:b1:68:7d:80:56:cd:11:ef:b5:ec:49:48:e9:02:11:d5:42:
         51:25:00:5c:b5:42:4e:d3:9d:ee:ab:64:a1:69:ee:91:ff:06:
         8e:16:fb:22:92:ca:1e:37:df:60:c1:a6:eb:a0:41:18:e7:7b:
         f6:8a:20:62:e2:26:ec:77:56:85:2e:52:82:26:8b:8a:41:f1:
         fe:10:a9:f6:78:0c:06:5f:89:f9:40:1e:d4:6f:bf:18:6b:f6:
         31:31:d1:b2:cf:d0:a5:37:97:10:5d:aa:9a:c4:6f:a4:fe:5d:
         e0:f5:8c:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUah/JLiv4nbX8rd80LsufS7+jGRQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDVGMDI0NkU2QThGQjkzODFFMjI4NkUwRjBDRUYwNTA0MkEwNjIzMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2tqOMN1LssT+FAbwa7hhFuJhB
MLU/b3CXBYliWSQfkkTGa6zdZSj9b7oX+ElxDgNTMkxhWltZNKm+rvE3PAScftcz
upCAA0KlMJaR6iTXcMKukE51g/7ma0ikZIgyXseCekmEW/Z0KGVpPshPMHZwWUng
7EmJVu2o+6osdbMO4ikoVwLWyH/81oCUBE955Lg1d71EzdtO5zox0ejJ78wbEsab
gC1CtLKidxPUxspAdLAErWHbYWjKhWOz+E6WYAsOkrqAdlnQj61w6ADOxTqQeLdx
/fBinPYkhoA+bwqo3Ubihne68ylB/MCZ6z61f9DfY0h/1nULjgza+bXZXqPVAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUXwJG5qj7k4HiKG4PDO8FBCoGIxswHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA4NzUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg+F
wAkQAwcEKg+FwQAQMA0GCSqGSIb3DQEBCwUAA4IBAQA5XeONDjOY9NuHeBtMOEZQ
dAzHO8AHlkMWwFJwK0ilNf8Vzaxf1GW/MQABHI/zJn+z+dltv76RualpdIX11TAJ
bYdB5X+jXiaWRScAJ75mKXc0JEw4+e/7hjYPxmvIzsXXJydRKX+H8TX6G5OPBq/6
seZyR/XpkZ9HomPxzBDB/6M8y9Jd3rdSiFLSdR0+pU1ksWh9gFbNEe+17ElI6QIR
1UJRJQBctUJO053uq2Shae6R/waOFvsiksoeN99gwabroEEY53v2iiBi4ibsd1aF
LlKCJouKQfH+EKn2eAwGX4n5QB7Ub78Ya/YxMdGyz9ClN5cQXaqaxG+k/l3g9Ywd
-----END CERTIFICATE-----