Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216336.roa
File:                     AS216336.roa (raw, json)
Hash identifier:          DWTAwn4Ch0jZIZfXfij36FlVhiviCs7kU6kYP5ys3hw=
Subject key identifier:   5C:DE:0A:A5:2C:F5:FF:C0:1C:49:72:FF:A5:C3:05:1B:34:5E:57:F8
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       3A41F10002BEAB3D15B990EE168C718CC4F80EC0
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216336.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     216336
IP address blocks:        2a0f:85c1:400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:41:f1:00:02:be:ab:3d:15:b9:90:ee:16:8c:71:8c:c4:f8:0e:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=5CDE0AA52CF5FFC01C4972FFA5C3051B345E57F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:2d:bd:21:d9:72:57:42:27:f9:9b:3f:6c:0b:
                    d1:3d:c8:0b:02:ce:d8:cb:99:8f:23:e9:b6:c5:cd:
                    77:17:c7:33:56:a4:58:fc:0f:e6:01:1e:83:96:ce:
                    57:9c:47:7d:87:69:63:4b:cf:a6:cc:fc:c8:df:63:
                    c5:2b:33:21:70:df:5b:de:65:ee:c0:3e:88:32:8a:
                    ac:df:17:e3:1c:d2:6f:a7:bf:e9:4a:af:b2:9a:c7:
                    a3:5d:11:0c:04:5b:f3:69:c2:f5:3c:5b:e3:81:88:
                    ba:db:f1:e9:f9:dd:63:31:70:59:23:34:3f:c3:03:
                    c5:de:18:67:ce:19:2f:41:7a:58:e0:6b:5d:b3:e8:
                    12:dc:be:68:c7:4a:0c:4d:eb:6e:ea:95:10:9c:45:
                    6e:1c:93:b7:88:af:57:60:e0:86:f2:55:27:9a:a6:
                    8a:4f:71:1a:26:de:32:e8:70:be:ed:6f:8e:7f:65:
                    39:62:7d:30:bb:e0:c5:6e:97:bd:1f:36:6f:af:59:
                    cf:1e:b9:94:f1:4e:9e:91:3a:80:74:a8:15:5d:ef:
                    e1:58:9a:86:2d:11:48:b2:58:3b:8c:f4:d3:2a:4b:
                    85:d3:f2:0c:5c:25:34:eb:1c:d1:05:49:c7:b1:79:
                    b3:74:37:53:bf:e2:dd:10:cc:ee:6a:82:26:26:2b:
                    aa:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:DE:0A:A5:2C:F5:FF:C0:1C:49:72:FF:A5:C3:05:1B:34:5E:57:F8
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:34:ec:63:80:88:bd:12:f1:6f:9e:d5:f3:d6:e0:d0:10:1b:
         5b:61:7d:72:18:45:cd:a9:4e:65:d6:15:25:3f:0f:da:b3:ac:
         23:3a:13:13:ab:c6:13:bc:20:1e:d7:6f:95:56:2d:b5:9c:d2:
         b5:5f:06:03:76:c0:60:d1:49:4f:c8:33:7c:92:d6:40:a1:23:
         a6:95:32:56:e1:78:62:37:0e:61:0c:c7:81:dc:08:bb:fb:34:
         53:a2:f0:70:e1:14:c9:bd:70:f9:e8:f5:de:fb:f2:12:aa:47:
         5b:f7:96:0d:10:6f:85:4d:ec:c2:c6:74:8a:f5:9d:47:fc:5f:
         b3:f2:fb:8a:9b:3e:f0:44:9c:b5:19:3d:2b:56:13:cf:11:1a:
         b1:60:6f:19:7f:89:7e:09:8d:de:01:30:98:f0:24:e4:45:cb:
         f3:a4:5d:fd:0d:82:e9:66:02:d6:7b:cc:a8:f1:87:3e:cb:34:
         29:8b:58:c8:f2:e4:76:da:ac:b7:19:73:8b:6f:6e:15:06:a6:
         bb:1a:41:0a:69:dd:9b:83:96:bd:c4:93:95:d1:c4:89:0c:5f:
         70:32:6e:e8:23:78:f8:68:bd:df:40:22:4c:39:fc:3f:6d:58:
         02:e7:d7:66:36:14:56:6d:d2:e7:9e:a3:17:89:ad:88:85:44:
         11:bf:9a:8d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUOkHxAAK+qz0VuZDuFoxxjMT4DsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDVDREUwQUE1MkNGNUZGQzAxQzQ5NzJGRkE1QzMwNTFCMzQ1RTU3RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3Lb0h2XJXQif5mz9sC9E9yAsC
ztjLmY8j6bbFzXcXxzNWpFj8D+YBHoOWzlecR32HaWNLz6bM/MjfY8UrMyFw31ve
Ze7APogyiqzfF+Mc0m+nv+lKr7Kax6NdEQwEW/NpwvU8W+OBiLrb8en53WMxcFkj
ND/DA8XeGGfOGS9Beljga12z6BLcvmjHSgxN627qlRCcRW4ck7eIr1dg4IbyVSea
popPcRom3jLocL7tb45/ZTlifTC74MVul70fNm+vWc8euZTxTp6ROoB0qBVd7+FY
moYtEUiyWDuM9NMqS4XT8gxcJTTrHNEFScexebN0N1O/4t0QzO5qgiYmK6oHAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUXN4KpSz1/8AcSXL/pcMFGzReV/gwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE2MzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+F
wQQwDQYJKoZIhvcNAQELBQADggEBAHY07GOAiL0S8W+e1fPW4NAQG1thfXIYRc2p
TmXWFSU/D9qzrCM6ExOrxhO8IB7Xb5VWLbWc0rVfBgN2wGDRSU/IM3yS1kChI6aV
MlbheGI3DmEMx4HcCLv7NFOi8HDhFMm9cPno9d778hKqR1v3lg0Qb4VN7MLGdIr1
nUf8X7Py+4qbPvBEnLUZPStWE88RGrFgbxl/iX4Jjd4BMJjwJORFy/OkXf0Ngulm
AtZ7zKjxhz7LNCmLWMjy5HbarLcZc4tvbhUGprsaQQpp3ZuDlr3Ek5XRxIkMX3Ay
bugjePhovd9AIkw5/D9tWALn12Y2FFZt0ueeoxeJrYiFRBG/mo0=
-----END CERTIFICATE-----