Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS21991.roa
File:                     AS21991.roa (raw, json)
Hash identifier:          sOu9JGawPSpXRG/VhgmKNHwvPVxIFlopTZMLcdDxgl0=
Subject key identifier:   23:88:77:76:67:10:4E:CC:BF:D5:6E:F3:A2:7F:B4:C6:40:C4:3C:C3
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       404E50A1A02FCD47886AF8B65E6473C13B569AAC
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS21991.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     21991
IP address blocks:        2a0f:85c1::/48 maxlen: 48
                          2a0f:85c1:31::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:4e:50:a1:a0:2f:cd:47:88:6a:f8:b6:5e:64:73:c1:3b:56:9a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=2388777667104ECCBFD56EF3A27FB4C640C43CC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:01:ea:73:91:a4:95:26:7b:50:bb:7b:0e:00:
                    de:e1:8e:bb:f5:f9:48:b9:a4:99:e9:c3:6b:51:b4:
                    bf:de:55:3a:09:2f:24:38:ab:ef:59:c8:91:62:22:
                    3f:ae:9c:ab:be:41:b1:e7:e3:b6:ff:d1:01:9a:07:
                    fb:4d:0e:e6:e9:b4:ec:76:84:ee:98:1a:32:ee:fd:
                    cb:f3:af:15:c8:f4:d8:55:84:a2:ea:7e:83:82:35:
                    81:1c:18:3c:11:c6:77:e0:c8:e2:6a:97:4d:17:e0:
                    50:a2:0c:ca:0d:96:2b:4b:1d:36:48:46:10:1e:14:
                    96:d6:5e:6d:c9:6d:21:87:49:fa:42:5f:8d:d1:e8:
                    02:64:74:a2:79:04:af:55:ac:3f:d5:12:f1:f4:ef:
                    84:f9:8a:5b:96:b1:09:22:2f:97:0a:2f:b2:d8:84:
                    b1:80:81:e5:0a:32:61:3c:f3:d2:6c:0a:26:55:5b:
                    a9:ae:03:31:15:ed:df:0a:7c:85:53:26:6a:1c:38:
                    1a:cc:3a:e5:dd:cc:8f:3b:32:91:11:2e:39:9c:ba:
                    3f:98:7e:d9:21:13:02:86:8a:c9:69:6a:ae:67:f7:
                    07:4f:58:31:4f:18:2b:ab:5a:24:9a:98:5e:d1:28:
                    cc:cd:cb:e3:6d:c9:a4:f6:83:71:fc:2b:4e:cd:68:
                    c7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:88:77:76:67:10:4E:CC:BF:D5:6E:F3:A2:7F:B4:C6:40:C4:3C:C3
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS21991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1::/48
                  2a0f:85c1:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:5c:3d:7d:d6:94:f8:ba:c3:14:92:e8:f8:bf:6b:73:49:6e:
         28:76:e5:d0:33:d4:10:6e:74:f6:ea:d8:1e:2a:22:60:cf:8c:
         0a:81:83:92:a5:72:5b:bd:32:12:e5:de:0c:4b:22:a5:33:e8:
         52:3f:ec:28:66:90:4a:25:6a:b9:36:18:6a:c4:d7:81:85:6b:
         85:6b:3d:8c:a8:6d:12:8f:ec:4d:45:fe:0c:3b:a2:5a:a9:20:
         9a:82:e8:c5:c5:21:0f:bd:7b:22:77:17:cd:da:42:6f:e4:95:
         f2:3e:81:07:63:6f:ea:88:69:71:f9:7c:ce:47:62:c8:8e:62:
         18:80:b6:89:cb:20:7d:68:07:dd:d9:6b:ff:24:a4:39:59:fb:
         f9:9c:33:5f:3e:03:3c:49:a6:73:a3:b5:28:bb:bc:d0:29:b5:
         08:00:36:fa:54:95:00:0d:a1:07:f0:93:24:53:36:a9:4f:2d:
         fb:d6:49:25:41:58:f0:17:b2:e5:26:f0:26:1d:c3:03:b7:d2:
         01:8f:33:df:98:7a:5a:00:16:1a:1e:90:e1:38:8c:23:74:d4:
         6e:4c:03:83:fa:71:63:52:17:bb:7f:5e:71:b3:4e:b1:61:62:
         9a:a0:ae:8f:58:58:43:36:fa:f0:85:ee:32:73:78:8f:d0:fa:
         93:9c:c4:4a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUQE5QoaAvzUeIavi2XmRzwTtWmqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDIzODg3Nzc2NjcxMDRFQ0NCRkQ1NkVGM0EyN0ZCNEM2NDBDNDNDQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnAepzkaSVJntQu3sOAN7hjrv1
+Ui5pJnpw2tRtL/eVToJLyQ4q+9ZyJFiIj+unKu+QbHn47b/0QGaB/tNDubptOx2
hO6YGjLu/cvzrxXI9NhVhKLqfoOCNYEcGDwRxnfgyOJql00X4FCiDMoNlitLHTZI
RhAeFJbWXm3JbSGHSfpCX43R6AJkdKJ5BK9VrD/VEvH074T5iluWsQkiL5cKL7LY
hLGAgeUKMmE889JsCiZVW6muAzEV7d8KfIVTJmocOBrMOuXdzI87MpERLjmcuj+Y
ftkhEwKGislpaq5n9wdPWDFPGCurWiSamF7RKMzNy+NtyaT2g3H8K07NaMdFAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUI4h3dmcQTsy/1W7zon+0xkDEPMMwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
AAADBwAqD4XBADEwDQYJKoZIhvcNAQELBQADggEBADtcPX3WlPi6wxSS6Pi/a3NJ
bih25dAz1BBudPbq2B4qImDPjAqBg5Klclu9MhLl3gxLIqUz6FI/7ChmkEolark2
GGrE14GFa4VrPYyobRKP7E1F/gw7olqpIJqC6MXFIQ+9eyJ3F83aQm/klfI+gQdj
b+qIaXH5fM5HYsiOYhiAtonLIH1oB93Za/8kpDlZ+/mcM18+AzxJpnOjtSi7vNAp
tQgANvpUlQANoQfwkyRTNqlPLfvWSSVBWPAXsuUm8CYdwwO30gGPM9+YeloAFhoe
kOE4jCN01G5MA4P6cWNSF7t/XnGzTrFhYpqgro9YWEM2+vCF7jJzeI/Q+pOcxEo=
-----END CERTIFICATE-----