Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209735.roa
File:                     AS209735.roa (raw, json)
Hash identifier:          61WAJhk5v+N6aR5lK+X7Cr3qwAkkPVDt3Ch1vrnvVb8=
Subject key identifier:   71:7D:9C:62:74:4D:D7:2B:41:7D:D5:78:E9:12:BB:37:8D:29:F1:CA
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       3EE607D5839023CFAA335C8B911B2E6BF7C3CC81
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209735.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     209735
IP address blocks:        2a0f:85c1:80::/44 maxlen: 44
                          2a0f:85c1:80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:e6:07:d5:83:90:23:cf:aa:33:5c:8b:91:1b:2e:6b:f7:c3:cc:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=717D9C62744DD72B417DD578E912BB378D29F1CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4f:7d:cf:23:13:72:0d:1e:ef:80:75:46:94:
                    9f:13:a6:90:af:3b:a9:04:25:a0:12:b2:5e:97:06:
                    76:ff:6a:04:1c:93:25:c9:c8:ab:5e:d3:b4:49:85:
                    32:1f:be:1f:11:3e:5e:79:c8:d5:60:77:0e:78:90:
                    36:35:ce:73:56:f5:b0:78:f2:d8:78:ba:a3:80:f3:
                    86:06:b1:84:25:5e:cc:5c:95:6c:95:e3:62:5a:80:
                    cb:49:7a:6b:ec:b1:58:0e:67:bc:4f:07:f3:27:27:
                    0f:c2:8a:3b:c4:d3:c7:2f:1d:c0:f8:7a:0b:92:ba:
                    f9:1d:93:6a:83:73:a7:ee:4e:3a:ac:d3:ab:73:be:
                    3f:22:44:6b:6a:8b:61:29:ff:d8:bd:f3:f6:94:97:
                    8c:b6:7e:78:51:1d:f7:e7:7b:fc:d5:d1:9c:83:fb:
                    73:9d:88:94:98:e6:bb:27:c8:80:c9:5a:f6:e7:c3:
                    f8:b9:65:ca:d0:c5:12:92:15:74:1c:2d:f8:d7:77:
                    45:ca:ea:ad:3b:a8:b7:76:d2:c5:32:99:f5:f7:c3:
                    b4:7a:26:2e:15:ce:6e:2b:b5:bc:c1:95:b3:ba:d4:
                    17:f2:ac:34:e5:40:10:7a:5d:54:d0:3a:af:15:bc:
                    5c:e7:18:20:f6:e4:72:e7:6b:5f:4e:41:5d:29:92:
                    17:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7D:9C:62:74:4D:D7:2B:41:7D:D5:78:E9:12:BB:37:8D:29:F1:CA
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:48:ca:c3:70:8f:f0:40:1c:92:d1:13:56:a2:d3:4c:a0:e9:
         12:11:e0:d4:a1:67:19:9d:6a:d8:19:93:45:08:1a:ed:3a:97:
         43:b7:e9:00:9c:f0:71:91:78:58:e5:e9:02:ff:04:a6:a5:1e:
         ae:43:f0:98:5b:24:12:2e:cc:a1:6e:45:62:12:4d:86:9f:ef:
         79:59:27:9e:48:63:b2:a9:d5:68:c0:d5:61:a6:ca:f7:02:e1:
         c7:78:23:ca:0a:53:d6:9d:b3:30:19:f7:05:15:13:dc:20:2b:
         16:87:67:b0:9a:08:dc:c2:12:80:85:69:66:0b:c7:84:87:8d:
         32:ef:3c:6b:e5:63:8b:99:8e:40:95:1e:f0:95:f3:30:c9:ca:
         48:7d:8e:11:7d:fc:7f:23:f9:a9:45:38:e7:ac:7b:7b:ed:4d:
         0a:71:8d:c9:73:47:af:6c:d3:a2:5c:2f:f3:94:c0:96:5c:06:
         84:d0:5d:f3:b9:74:f8:b8:92:52:19:e1:e1:f0:c7:02:bb:c5:
         64:9c:4b:48:e2:7f:e3:a0:14:ea:81:1a:3b:d8:28:86:15:ac:
         a5:2d:9f:11:9f:a8:f9:5e:fa:4d:91:c0:fe:fd:4a:10:e2:7b:
         08:8f:8b:08:eb:0e:19:4f:51:3f:ab:6f:c8:18:78:9d:85:88:
         81:20:7f:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPuYH1YOQI8+qM1yLkRsua/fDzIEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDcxN0Q5QzYyNzQ0REQ3MkI0MTdERDU3OEU5MTJCQjM3OEQyOUYxQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4T33PIxNyDR7vgHVGlJ8TppCv
O6kEJaASsl6XBnb/agQckyXJyKte07RJhTIfvh8RPl55yNVgdw54kDY1znNW9bB4
8th4uqOA84YGsYQlXsxclWyV42JagMtJemvssVgOZ7xPB/MnJw/CijvE08cvHcD4
eguSuvkdk2qDc6fuTjqs06tzvj8iRGtqi2Ep/9i98/aUl4y2fnhRHffne/zV0ZyD
+3OdiJSY5rsnyIDJWvbnw/i5ZcrQxRKSFXQcLfjXd0XK6q07qLd20sUymfX3w7R6
Ji4Vzm4rtbzBlbO61BfyrDTlQBB6XVTQOq8VvFznGCD25HLna19OQV0pkhdxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUcX2cYnRN1ytBfdV46RK7N40p8cowHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA5NzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQCAMA0GCSqGSIb3DQEBCwUAA4IBAQB6SMrDcI/wQByS0RNWotNMoOkSEeDUoWcZ
nWrYGZNFCBrtOpdDt+kAnPBxkXhY5ekC/wSmpR6uQ/CYWyQSLsyhbkViEk2Gn+95
WSeeSGOyqdVowNVhpsr3AuHHeCPKClPWnbMwGfcFFRPcICsWh2ewmgjcwhKAhWlm
C8eEh40y7zxr5WOLmY5AlR7wlfMwycpIfY4Rffx/I/mpRTjnrHt77U0KcY3Jc0ev
bNOiXC/zlMCWXAaE0F3zuXT4uJJSGeHh8McCu8VknEtI4n/joBTqgRo72CiGFayl
LZ8Rn6j5XvpNkcD+/UoQ4nsIj4sI6w4ZT1E/q2/IGHidhYiBIH/h
-----END CERTIFICATE-----