Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210376.roa
File:                     AS210376.roa (raw, json)
Hash identifier:          WRYYXuFvw+8WHfh/RWD7up+kdvqVWlO4yHgCnwzpCmA=
Subject key identifier:   B3:23:79:19:F9:BD:98:59:2C:F6:39:27:8F:3A:0F:70:1F:21:97:78
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       74D364A38F55D1D6E5D4AE6452654DD92A75D23C
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210376.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     210376
IP address blocks:        2a0f:85c1:29::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d3:64:a3:8f:55:d1:d6:e5:d4:ae:64:52:65:4d:d9:2a:75:d2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=B3237919F9BD98592CF639278F3A0F701F219778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4d:a8:80:ff:60:be:c3:8a:e9:94:29:4f:de:
                    76:5d:d3:05:bc:a4:3b:b8:9f:95:a6:35:f3:80:3a:
                    c4:9e:df:0e:b2:d6:06:16:45:c6:e2:15:aa:b5:54:
                    41:91:b1:b0:01:7f:b4:0e:86:f2:05:e5:19:7c:4b:
                    ca:6b:fe:2f:e5:26:6e:74:05:1f:a1:f2:91:e1:3a:
                    a6:25:6b:d0:4d:8e:b5:52:e3:be:e8:c8:4c:58:25:
                    6e:72:07:a4:f6:7b:89:20:75:f8:87:1e:ab:bf:f7:
                    f6:9f:c0:32:ae:e1:88:7c:17:6c:fe:1d:ad:a9:0b:
                    e5:16:0b:31:5e:a9:d0:77:53:9d:9f:8f:99:6c:67:
                    83:a3:a9:73:2a:c0:af:91:99:ca:fc:b2:34:a9:33:
                    ed:89:3f:fe:43:60:4c:71:84:dd:8f:7b:1d:10:93:
                    15:44:6a:3a:cc:e5:d4:d7:9d:3b:e0:5a:4c:15:47:
                    77:47:34:ec:a7:48:ed:08:d3:0b:54:7c:92:ea:76:
                    61:4c:39:14:27:17:3d:5d:9f:35:ab:ad:90:0b:2e:
                    e8:b4:85:73:60:b0:14:82:c4:56:10:39:1a:c7:2d:
                    d1:e0:2c:ec:bc:b7:4f:3d:34:c2:dd:1e:73:e8:1c:
                    db:a7:4a:17:6e:13:9e:bf:4a:42:86:d6:8b:3a:ac:
                    14:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:23:79:19:F9:BD:98:59:2C:F6:39:27:8F:3A:0F:70:1F:21:97:78
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210376.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:29::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:21:0c:a9:3f:6c:9d:24:7b:c5:c4:2c:84:89:fd:29:70:7c:
         21:16:b1:64:a2:18:c0:c5:79:17:2b:b1:a1:58:3d:a8:b2:10:
         4c:ab:03:d8:3e:1c:80:6d:b4:0e:1d:97:0e:6d:e8:aa:fd:f2:
         ce:81:ed:6c:cb:b4:89:0b:c4:bc:2b:77:b6:be:94:a3:70:76:
         b8:b0:4b:c8:96:ab:9c:5c:96:b1:c5:34:56:74:46:b7:81:50:
         7c:63:6f:cc:0c:5e:fc:52:7d:6e:3c:cc:9f:e5:61:a7:cf:bc:
         fc:ae:94:79:62:ae:11:ac:bb:33:9a:4e:93:82:6c:72:9e:ff:
         f0:fb:5e:9f:95:0a:e1:b0:68:a6:9c:8e:38:b6:e0:2b:7b:bb:
         b2:c5:3d:61:83:78:a8:b1:0b:7a:3c:20:82:c8:24:e0:79:fb:
         5b:60:c2:f6:60:c8:aa:9c:30:36:c7:11:7b:aa:b0:36:17:ff:
         5f:e6:8a:4a:6b:c7:cf:82:30:cd:6c:db:64:59:22:70:83:3b:
         90:63:f1:2c:57:c8:d1:79:5e:45:06:48:e4:09:37:8e:dd:1c:
         1e:55:72:55:ba:ee:c1:fc:3f:5d:fc:48:fe:50:5b:0a:6c:63:
         93:6d:62:dc:39:14:77:40:ce:98:29:08:df:a8:81:51:69:66:
         ea:6a:4b:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdNNko49V0dbl1K5kUmVN2Sp10jwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKEIzMjM3OTE5RjlCRDk4NTkyQ0Y2MzkyNzhGM0EwRjcwMUYyMTk3NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBTaiA/2C+w4rplClP3nZd0wW8
pDu4n5WmNfOAOsSe3w6y1gYWRcbiFaq1VEGRsbABf7QOhvIF5Rl8S8pr/i/lJm50
BR+h8pHhOqYla9BNjrVS477oyExYJW5yB6T2e4kgdfiHHqu/9/afwDKu4Yh8F2z+
Ha2pC+UWCzFeqdB3U52fj5lsZ4OjqXMqwK+Rmcr8sjSpM+2JP/5DYExxhN2Pex0Q
kxVEajrM5dTXnTvgWkwVR3dHNOynSO0I0wtUfJLqdmFMORQnFz1dnzWrrZALLui0
hXNgsBSCxFYQORrHLdHgLOy8t089NMLdHnPoHNunShduE56/SkKG1os6rBTBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsyN5Gfm9mFks9jknjzoPcB8hl3gwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjEwMzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQApMA0GCSqGSIb3DQEBCwUAA4IBAQAoIQypP2ydJHvFxCyEif0pcHwhFrFkohjA
xXkXK7GhWD2oshBMqwPYPhyAbbQOHZcObeiq/fLOge1sy7SJC8S8K3e2vpSjcHa4
sEvIlqucXJaxxTRWdEa3gVB8Y2/MDF78Un1uPMyf5WGnz7z8rpR5Yq4RrLszmk6T
gmxynv/w+16flQrhsGimnI44tuAre7uyxT1hg3iosQt6PCCCyCTgeftbYML2YMiq
nDA2xxF7qrA2F/9f5opKa8fPgjDNbNtkWSJwgzuQY/EsV8jReV5FBkjkCTeO3Rwe
VXJVuu7B/D9d/Ej+UFsKbGOTbWLcORR3QM6YKQjfqIFRaWbqakto
-----END CERTIFICATE-----