Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS212844.roa
File:                     AS212844.roa (raw, json)
Hash identifier:          vbl+v6lgRgmVDOFRZnXxhIaGBp9Qn3npY8UlvJYZBr0=
Subject key identifier:   E5:BE:99:DF:75:CF:51:E4:9B:94:48:7A:55:D5:5F:BB:F1:4E:87:E3
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       3B3FAFBE6A41B24A824581F9673D357466F3EEC9
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS212844.roa
Signing time:             Thu 06 Jun 2024 03:39:08 +0000
ROA not before:           Thu 06 Jun 2024 03:34:08 +0000
ROA not after:            Thu 05 Jun 2025 03:39:08 +0000
asID:                     212844
IP address blocks:        2a0f:85c1:810::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:3f:af:be:6a:41:b2:4a:82:45:81:f9:67:3d:35:74:66:f3:ee:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun  6 03:34:08 2024 GMT
            Not After : Jun  5 03:39:08 2025 GMT
        Subject: CN=E5BE99DF75CF51E49B94487A55D55FBBF14E87E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3e:06:26:63:4b:b9:01:8c:fa:f0:0d:6a:1d:
                    e5:f1:d7:68:4d:83:99:a1:41:0a:6e:88:4b:94:2b:
                    c4:e8:5a:4d:76:36:e7:33:fc:b7:1e:30:c7:72:28:
                    3c:62:bb:7f:f7:de:83:24:42:65:17:34:15:08:ab:
                    d0:8d:0e:df:58:0a:65:d6:7b:38:67:78:1f:07:e3:
                    8f:40:2b:05:3f:94:fa:a6:74:f8:24:d9:51:86:55:
                    8c:40:ca:ea:f3:08:0e:b2:c5:19:e1:03:11:36:19:
                    7b:01:c6:92:6b:ab:ed:0a:13:d3:59:9f:a8:b1:a5:
                    c9:3e:f1:80:13:3c:cc:58:bf:47:11:e0:a8:f0:66:
                    70:07:bb:b0:17:16:2e:b3:18:b4:a7:b2:21:ae:42:
                    b7:57:dc:f3:eb:b6:10:29:3b:bf:78:9c:f9:b4:bc:
                    df:7b:1b:a8:8a:69:56:38:a5:14:a1:06:2a:7b:7f:
                    21:16:26:14:df:f9:b7:32:aa:02:3a:e7:c3:d1:4c:
                    87:bb:66:19:c0:45:22:8b:44:de:cd:b3:6b:6c:80:
                    63:04:07:06:47:13:2b:c2:b4:1e:15:bf:61:ef:3d:
                    56:26:87:68:f5:31:5c:b3:cd:83:a4:13:13:bc:6c:
                    08:76:9c:aa:54:45:f6:a1:5e:57:8e:0f:0b:78:f5:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:BE:99:DF:75:CF:51:E4:9B:94:48:7A:55:D5:5F:BB:F1:4E:87:E3
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS212844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:810::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:cd:a5:d6:89:e0:69:ba:f7:86:de:20:4b:a5:72:35:15:98:
         60:67:79:96:7f:a9:83:52:ec:22:4e:2f:a9:55:2e:60:4d:c4:
         42:d8:d7:22:5f:d7:77:8d:0d:70:54:99:5c:df:99:11:0d:99:
         53:7d:68:01:4e:00:d2:34:06:28:8e:76:30:d5:79:35:fe:32:
         23:26:43:a8:a3:c2:b3:80:8a:dd:d5:53:24:08:2f:30:10:86:
         dc:53:59:a3:ca:f1:82:bb:25:59:54:d3:cd:46:bd:f4:08:c9:
         9c:64:ac:e4:66:be:c0:84:3b:44:d7:3c:db:bd:65:b9:de:91:
         08:8b:17:4f:e1:11:d3:8b:26:aa:75:b3:d6:d2:ec:c6:97:f0:
         a3:29:da:26:fc:51:4c:59:51:bb:fc:b7:46:34:96:e4:44:24:
         a3:7f:37:8d:3e:c0:64:34:b9:7c:b7:e9:44:69:96:79:d5:d7:
         33:30:39:a8:df:7c:e7:44:07:5e:f4:e4:b1:8f:34:90:4c:f1:
         39:17:8b:40:bd:8b:c9:ee:2b:c0:5a:98:0f:3c:35:50:63:4a:
         0f:b3:75:29:e2:67:38:af:91:bd:55:88:52:4e:3f:3b:be:6e:
         0a:e6:8b:01:56:03:14:b2:cf:c5:63:42:a9:fc:af:3c:2c:a9:
         a2:6e:65:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOz+vvmpBskqCRYH5Zz01dGbz7skwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MDYwMzM0MDhaFw0yNTA2MDUwMzM5MDhaMDMxMTAvBgNV
BAMTKEU1QkU5OURGNzVDRjUxRTQ5Qjk0NDg3QTU1RDU1RkJCRjE0RTg3RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZPgYmY0u5AYz68A1qHeXx12hN
g5mhQQpuiEuUK8ToWk12Nucz/LceMMdyKDxiu3/33oMkQmUXNBUIq9CNDt9YCmXW
ezhneB8H449AKwU/lPqmdPgk2VGGVYxAyurzCA6yxRnhAxE2GXsBxpJrq+0KE9NZ
n6ixpck+8YATPMxYv0cR4KjwZnAHu7AXFi6zGLSnsiGuQrdX3PPrthApO794nPm0
vN97G6iKaVY4pRShBip7fyEWJhTf+bcyqgI658PRTIe7ZhnARSKLRN7Ns2tsgGME
BwZHEyvCtB4Vv2HvPVYmh2j1MVyzzYOkExO8bAh2nKpURfahXleODwt49fxJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU5b6Z33XPUeSblEh6VdVfu/FOh+MwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjEyODQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgQMA0GCSqGSIb3DQEBCwUAA4IBAQBYzaXWieBpuveG3iBLpXI1FZhgZ3mWf6mD
UuwiTi+pVS5gTcRC2NciX9d3jQ1wVJlc35kRDZlTfWgBTgDSNAYojnYw1Xk1/jIj
JkOoo8KzgIrd1VMkCC8wEIbcU1mjyvGCuyVZVNPNRr30CMmcZKzkZr7AhDtE1zzb
vWW53pEIixdP4RHTiyaqdbPW0uzGl/CjKdom/FFMWVG7/LdGNJbkRCSjfzeNPsBk
NLl8t+lEaZZ51dczMDmo33znRAde9OSxjzSQTPE5F4tAvYvJ7ivAWpgPPDVQY0oP
s3Up4mc4r5G9VYhSTj87vm4K5osBVgMUss/FY0Kp/K88LKmibmWH
-----END CERTIFICATE-----