Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS211224.roa
File:                     AS211224.roa (raw, json)
Hash identifier:          X3YElHZOMEhYYrTQDmIiMcwAoS0LC/8Ex0LbFGfvjNg=
Subject key identifier:   D0:D6:33:10:07:06:FD:4B:E1:93:F0:71:BE:66:EF:69:D6:D5:AA:8D
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       31322425C1D505E7B30B55593F4F4CFAB28ABAB9
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS211224.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     211224
IP address blocks:        2a0f:85c1:23::/48 maxlen: 48
                          2a0f:85c1:60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:32:24:25:c1:d5:05:e7:b3:0b:55:59:3f:4f:4c:fa:b2:8a:ba:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=D0D633100706FD4BE193F071BE66EF69D6D5AA8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b1:d7:69:41:28:42:ab:d9:b3:18:f1:2e:59:
                    ed:8d:af:43:74:32:46:bc:96:8d:c6:e6:e8:80:6e:
                    21:95:e6:6a:44:a5:8e:9e:99:70:3d:33:0f:1d:36:
                    94:5f:ad:8a:69:8e:c5:84:59:ec:03:c4:c2:b3:73:
                    28:0c:12:3c:a5:a5:f9:64:45:c0:3c:bf:6c:79:db:
                    5d:be:ad:fd:fa:93:38:c5:e2:d0:83:27:65:d2:95:
                    da:b4:e6:d4:ab:7c:a5:e2:b7:2e:ef:1c:34:e1:8e:
                    b9:83:07:4f:30:56:9c:9f:94:b4:c6:0e:ef:78:67:
                    61:4b:4c:a0:a0:66:1a:57:0d:c6:69:de:0a:b4:52:
                    9b:d9:d6:17:5d:f1:ac:21:32:2c:ba:4c:43:5c:07:
                    e6:79:2c:c3:17:bc:79:bd:e1:5b:a6:7b:48:67:5a:
                    91:81:1d:a7:a1:97:6b:50:8b:f2:0f:6b:19:2b:45:
                    41:53:36:eb:1c:58:44:38:1d:fc:d7:c9:2c:b1:17:
                    fe:fe:6e:0f:13:05:97:17:46:38:49:c9:f3:a9:ce:
                    09:5e:73:88:fa:f0:9e:6a:8a:c6:92:e4:07:32:74:
                    0e:34:a4:43:e2:66:41:ae:3f:81:70:46:f1:4d:e7:
                    f8:e0:4b:6a:91:8c:71:b0:8f:96:88:68:09:78:50:
                    ad:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D6:33:10:07:06:FD:4B:E1:93:F0:71:BE:66:EF:69:D6:D5:AA:8D
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS211224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:23::/48
                  2a0f:85c1:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:b3:01:d1:68:61:5d:b6:d4:9b:7d:fb:48:d4:af:20:22:68:
         65:f0:77:96:bd:9c:23:e4:76:55:b1:a4:e9:4e:02:4a:3a:34:
         1b:cf:ae:2d:43:72:dc:de:df:62:10:98:66:2d:7c:ae:d3:e6:
         ba:e9:e8:2b:c7:88:21:c1:0e:3c:52:bf:18:e0:1a:ac:86:c0:
         f3:1a:fe:2b:e8:3a:74:09:05:a0:ab:77:2f:67:85:74:6e:fd:
         35:3e:ce:f9:43:f4:e5:01:c8:98:e2:94:1e:7d:59:37:da:41:
         5c:23:3d:87:71:33:79:d6:c3:20:12:1c:35:cb:f9:74:fb:96:
         fe:1f:2c:7a:b2:ee:c5:82:a0:e3:cf:18:b3:75:d6:fd:c1:41:
         21:bf:ec:79:2a:64:40:e8:30:cc:fd:de:8f:25:4e:82:cf:a5:
         32:c1:3d:4a:5d:40:db:97:8d:d6:24:eb:85:9e:51:9b:e0:64:
         98:da:7f:bd:59:dd:7a:be:df:de:bb:d5:a2:4e:c0:f2:64:fc:
         29:d0:8c:09:3f:82:9f:57:87:2c:80:f0:94:36:68:d7:9f:2e:
         2e:de:af:c0:ea:32:b3:35:73:6b:0f:bb:9f:c1:24:7e:96:44:
         48:58:04:42:5d:c3:7b:8d:ec:e6:73:de:4e:d6:a3:78:dc:df:
         83:fc:ec:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUMTIkJcHVBeezC1VZP09M+rKKurkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKEQwRDYzMzEwMDcwNkZENEJFMTkzRjA3MUJFNjZFRjY5RDZENUFBOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClsddpQShCq9mzGPEuWe2Nr0N0
Mka8lo3G5uiAbiGV5mpEpY6emXA9Mw8dNpRfrYppjsWEWewDxMKzcygMEjylpflk
RcA8v2x5212+rf36kzjF4tCDJ2XSldq05tSrfKXity7vHDThjrmDB08wVpyflLTG
Du94Z2FLTKCgZhpXDcZp3gq0UpvZ1hdd8awhMiy6TENcB+Z5LMMXvHm94Vume0hn
WpGBHaehl2tQi/IPaxkrRUFTNuscWEQ4HfzXySyxF/7+bg8TBZcXRjhJyfOpzgle
c4j68J5qisaS5AcydA40pEPiZkGuP4FwRvFN5/jgS2qRjHGwj5aIaAl4UK0pAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU0NYzEAcG/Uvhk/BxvmbvadbVqo0wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjExMjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQAjAwcEKg+FwQBgMA0GCSqGSIb3DQEBCwUAA4IBAQB4swHRaGFdttSbfftI1K8g
Imhl8HeWvZwj5HZVsaTpTgJKOjQbz64tQ3Lc3t9iEJhmLXyu0+a66egrx4ghwQ48
Ur8Y4BqshsDzGv4r6Dp0CQWgq3cvZ4V0bv01Ps75Q/TlAciY4pQefVk32kFcIz2H
cTN51sMgEhw1y/l0+5b+Hyx6su7FgqDjzxizddb9wUEhv+x5KmRA6DDM/d6PJU6C
z6UywT1KXUDbl43WJOuFnlGb4GSY2n+9Wd16vt/eu9WiTsDyZPwp0IwJP4KfV4cs
gPCUNmjXny4u3q/A6jKzNXNrD7ufwSR+lkRIWARCXcN7jezmc95O1qN43N+D/Oy5
-----END CERTIFICATE-----