Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209552.roa
File:                     AS209552.roa (raw, json)
Hash identifier:          emawabPp6DhyIg46i0sxzjmp1meenbNHbGGjJhBFjm4=
Subject key identifier:   4A:04:DE:F3:0C:71:FC:9A:D3:76:4D:6F:F2:51:F6:16:9D:EB:28:7C
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       75F88BB900F4CD39A19BEF0BEB0C24658BDED584
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209552.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     209552
IP address blocks:        2a0f:85c1:51::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:f8:8b:b9:00:f4:cd:39:a1:9b:ef:0b:eb:0c:24:65:8b:de:d5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=4A04DEF30C71FC9AD3764D6FF251F6169DEB287C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:78:18:5c:f6:15:52:e0:c7:af:1b:97:51:4b:
                    20:2e:0d:c9:33:6c:8e:46:58:cb:f5:16:26:79:fc:
                    3e:87:a2:26:9e:36:ed:90:22:07:77:73:05:fc:c7:
                    16:8c:63:3e:81:87:1f:cc:1e:92:93:16:9e:2d:bc:
                    19:63:92:51:24:11:0e:53:8a:dd:a4:85:2f:3f:9a:
                    b7:48:57:0c:4d:b8:bf:03:5b:65:7d:f2:ad:81:c8:
                    d7:ba:ac:d8:fd:90:6e:16:8e:c4:9b:ff:ef:09:7a:
                    1f:a4:d0:08:65:75:0d:3e:c6:b8:c6:dd:cf:2a:d4:
                    3b:f4:22:69:9a:3f:4b:2f:7d:37:c7:60:69:36:66:
                    68:50:12:6c:05:19:f8:da:c1:6d:91:29:ba:7e:35:
                    f9:08:2a:32:58:bf:62:e3:0b:04:27:32:81:f3:1d:
                    69:8c:aa:70:35:01:7e:6c:51:61:d5:7b:33:c4:8b:
                    cd:0b:15:42:05:2d:33:4a:d6:50:d9:5e:e8:e4:eb:
                    32:ce:7c:ac:87:ab:77:b0:f8:e9:0e:8f:40:2a:31:
                    d9:8a:d9:90:a1:aa:f0:4c:7b:7d:1a:3a:45:68:ce:
                    25:ff:ce:bf:72:bf:32:b7:6f:3d:b7:41:57:ae:68:
                    de:ca:d0:d2:5e:09:b5:78:f2:72:41:9c:bb:0f:d1:
                    ff:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:04:DE:F3:0C:71:FC:9A:D3:76:4D:6F:F2:51:F6:16:9D:EB:28:7C
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209552.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:51::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:2d:0b:56:0c:08:20:b4:ba:1e:b4:3e:37:9c:74:e8:69:66:
         99:ca:7f:f0:77:d4:96:aa:12:ce:80:af:f2:a7:89:6e:cf:b9:
         72:52:4d:6b:64:48:ec:e0:b5:3f:d8:e0:fa:c7:a3:6d:fb:9e:
         27:6b:95:13:0d:15:41:af:da:33:7f:33:df:59:78:80:2e:d2:
         10:15:2e:55:f1:9a:4e:95:e3:33:b2:ec:e2:a9:78:c9:f4:cf:
         5c:07:2c:f9:5c:00:3a:84:71:63:e7:08:c2:e4:20:46:4d:c5:
         26:15:83:dc:aa:78:1b:4b:62:93:28:e2:1a:74:83:a8:98:64:
         86:fe:1d:0c:6a:e2:d9:50:5c:e1:c5:60:4f:49:f3:b8:b9:09:
         85:df:33:b6:71:da:38:98:d0:3c:9f:c6:79:92:e7:ea:e8:48:
         65:e0:76:61:45:21:8b:1d:39:2b:61:36:56:74:8c:8f:f5:ff:
         ee:e3:55:8c:71:20:1a:c4:fb:db:7f:80:8f:ba:c4:f2:38:5b:
         b5:20:5f:13:65:72:00:0c:c0:f1:56:50:36:74:da:ec:b4:03:
         2e:e1:a3:8f:ef:5c:6f:89:e0:93:d7:2a:c3:a8:b1:10:36:b9:
         50:48:3b:25:9a:84:40:a4:79:86:46:46:7a:69:5a:e7:62:eb:
         62:a8:c8:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdfiLuQD0zTmhm+8L6wwkZYve1YQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDRBMDRERUYzMEM3MUZDOUFEMzc2NEQ2RkYyNTFGNjE2OURFQjI4N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCheBhc9hVS4MevG5dRSyAuDckz
bI5GWMv1FiZ5/D6HoiaeNu2QIgd3cwX8xxaMYz6Bhx/MHpKTFp4tvBljklEkEQ5T
it2khS8/mrdIVwxNuL8DW2V98q2ByNe6rNj9kG4WjsSb/+8Jeh+k0AhldQ0+xrjG
3c8q1Dv0ImmaP0svfTfHYGk2ZmhQEmwFGfjawW2RKbp+NfkIKjJYv2LjCwQnMoHz
HWmMqnA1AX5sUWHVezPEi80LFUIFLTNK1lDZXujk6zLOfKyHq3ew+OkOj0AqMdmK
2ZChqvBMe30aOkVoziX/zr9yvzK3bz23QVeuaN7K0NJeCbV48nJBnLsP0f9HAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUSgTe8wxx/JrTdk1v8lH2Fp3rKHwwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA5NTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQBRMA0GCSqGSIb3DQEBCwUAA4IBAQCELQtWDAggtLoetD43nHToaWaZyn/wd9SW
qhLOgK/yp4luz7lyUk1rZEjs4LU/2OD6x6Nt+54na5UTDRVBr9ozfzPfWXiALtIQ
FS5V8ZpOleMzsuziqXjJ9M9cByz5XAA6hHFj5wjC5CBGTcUmFYPcqngbS2KTKOIa
dIOomGSG/h0MauLZUFzhxWBPSfO4uQmF3zO2cdo4mNA8n8Z5kufq6Ehl4HZhRSGL
HTkrYTZWdIyP9f/u41WMcSAaxPvbf4CPusTyOFu1IF8TZXIADMDxVlA2dNrstAMu
4aOP71xvieCT1yrDqLEQNrlQSDslmoRApHmGRkZ6aVrnYutiqMhA
-----END CERTIFICATE-----