Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216324.roa
File:                     AS216324.roa (raw, json)
Hash identifier:          W9umW3SwtOm+uv1mq0mI8C6ABVnq6VX3CrkA/wkRPF0=
Subject key identifier:   1A:2E:8E:F7:BF:C3:5B:7F:5D:A6:2D:3D:4B:FF:A2:90:51:6F:08:1A
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       32535CA6646591B92B3E7EFF0AE7622F56277D53
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216324.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     216324
IP address blocks:        2a0f:85c1:600::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:53:5c:a6:64:65:91:b9:2b:3e:7e:ff:0a:e7:62:2f:56:27:7d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=1A2E8EF7BFC35B7F5DA62D3D4BFFA290516F081A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:04:2e:2b:9e:71:0e:73:14:30:19:1f:6f:2b:
                    20:e2:4e:7c:51:7a:34:41:e6:15:4a:5e:22:3a:1a:
                    eb:5e:e1:af:c4:c8:00:32:33:ae:6c:fe:20:ab:f5:
                    50:f3:c3:f7:08:62:d6:5d:cf:32:6b:8d:fa:45:cc:
                    51:e0:44:3d:c5:fb:eb:ee:f4:8b:ca:73:eb:3c:fd:
                    18:75:33:1f:70:94:3b:51:b7:fd:87:c1:3c:80:96:
                    80:97:13:bc:2d:eb:0f:ff:fb:3e:c7:f4:36:82:e6:
                    52:b6:95:c7:b4:34:63:e8:06:60:8c:8d:a4:11:0d:
                    5f:79:3a:67:38:da:34:33:04:c3:2c:ca:e7:ec:26:
                    f7:95:b5:f9:35:03:52:04:0c:5c:f1:78:2a:ac:21:
                    13:73:01:be:4a:ed:b3:35:3f:45:a5:51:de:9e:2d:
                    81:12:32:a6:69:aa:25:57:8a:b7:45:b3:cb:85:7b:
                    84:12:39:42:fc:10:dc:f4:f1:90:46:6c:24:3b:a8:
                    b8:5e:0e:52:e9:cf:d7:a2:b5:ba:7b:88:c0:3c:6b:
                    0e:cb:61:c5:7c:fe:c9:32:2c:f3:46:53:c3:20:66:
                    04:a1:8d:4b:f0:b2:04:b0:f0:26:da:b8:b5:89:f6:
                    d2:c1:7f:e6:07:06:d2:96:30:d4:a6:b1:d1:7c:d4:
                    a4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2E:8E:F7:BF:C3:5B:7F:5D:A6:2D:3D:4B:FF:A2:90:51:6F:08:1A
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216324.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         9a:95:30:9f:29:d0:ba:e4:cc:85:7c:b8:f7:0b:b1:c2:54:c3:
         41:d4:14:3c:44:8a:3a:2e:0d:40:68:7f:6a:c1:db:ca:8e:77:
         6c:62:6f:24:87:6c:1e:06:f7:66:1f:2a:62:53:d0:41:ba:66:
         75:5e:20:60:c1:4d:ea:fb:20:1c:3a:ac:60:61:ed:df:80:43:
         f8:b6:06:36:e4:53:1c:0c:aa:3e:bd:ee:0d:b6:29:9a:6a:61:
         38:b6:5e:8b:d0:70:53:b0:94:f6:89:03:21:a0:76:61:48:91:
         55:46:d4:cc:6e:7c:3e:8a:4c:cd:20:c7:3a:01:0a:1b:89:3a:
         d0:a4:9b:a4:e7:15:71:52:f0:71:4c:69:4a:4c:1b:0a:49:b5:
         e7:cd:fa:85:a0:0f:18:9c:41:09:38:ea:5f:99:68:5e:d3:66:
         dc:57:1f:79:fa:f6:3f:29:83:99:96:0c:2a:b0:a6:d2:00:bc:
         18:4c:e3:84:75:5b:4f:92:b5:ec:4f:d3:a4:0c:5b:03:65:66:
         0c:a6:90:e0:7f:f4:48:59:c3:b1:2c:76:61:37:a7:58:0e:a5:
         0c:74:74:fb:08:7e:a8:cb:3d:cb:6d:2e:33:ce:fc:22:89:cf:
         51:f2:12:f7:9d:8d:42:8f:02:ce:e2:91:19:23:bc:6f:45:c9:
         6e:d1:70:fd
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUMlNcpmRlkbkrPn7/CudiL1YnfVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKDFBMkU4RUY3QkZDMzVCN0Y1REE2MkQzRDRCRkZBMjkwNTE2RjA4MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7BC4rnnEOcxQwGR9vKyDiTnxR
ejRB5hVKXiI6Gute4a/EyAAyM65s/iCr9VDzw/cIYtZdzzJrjfpFzFHgRD3F++vu
9IvKc+s8/Rh1Mx9wlDtRt/2HwTyAloCXE7wt6w//+z7H9DaC5lK2lce0NGPoBmCM
jaQRDV95Omc42jQzBMMsyufsJveVtfk1A1IEDFzxeCqsIRNzAb5K7bM1P0WlUd6e
LYESMqZpqiVXirdFs8uFe4QSOUL8ENz08ZBGbCQ7qLheDlLpz9eitbp7iMA8aw7L
YcV8/skyLPNGU8MgZgShjUvwsgSw8CbauLWJ9tLBf+YHBtKWMNSmsdF81KTBAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUGi6O97/DW39dpi09S/+ikFFvCBowHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE2MzI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+F
wQYwDQYJKoZIhvcNAQELBQADggEBAJqVMJ8p0LrkzIV8uPcLscJUw0HUFDxEijou
DUBof2rB28qOd2xibySHbB4G92YfKmJT0EG6ZnVeIGDBTer7IBw6rGBh7d+AQ/i2
BjbkUxwMqj697g22KZpqYTi2XovQcFOwlPaJAyGgdmFIkVVG1MxufD6KTM0gxzoB
ChuJOtCkm6TnFXFS8HFMaUpMGwpJtefN+oWgDxicQQk46l+ZaF7TZtxXH3n69j8p
g5mWDCqwptIAvBhM44R1W0+StexP06QMWwNlZgymkOB/9EhZw7EsdmE3p1gOpQx0
dPsIfqjLPcttLjPO/CKJz1HyEvedjUKPAs7ikRkjvG9FyW7RcP0=
-----END CERTIFICATE-----