Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44822.roa
File:                     AS44822.roa (raw, json)
Hash identifier:          OFIS+Q/5RRT7PUlTHY4Q/sMmkeFJE5sYg6akF7Emd+k=
Subject key identifier:   A3:D0:43:B4:70:EB:B4:55:31:18:9A:33:77:8F:BB:D2:84:3E:65:FC
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       0768E78EE6BFC57D18001CBE66E76331626C24A1
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44822.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     44822
IP address blocks:        2a0f:85c1:327::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:68:e7:8e:e6:bf:c5:7d:18:00:1c:be:66:e7:63:31:62:6c:24:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=A3D043B470EBB45531189A33778FBBD2843E65FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c1:7b:ca:4d:84:9e:f6:1c:c7:1e:00:56:0f:
                    e9:4d:db:92:96:7e:a2:3c:86:7b:1b:61:29:1d:cc:
                    75:d6:8e:91:8c:b9:05:04:45:86:4a:94:cd:2e:b5:
                    6f:a1:5c:60:d2:e1:c0:5c:ac:a2:4e:37:e1:70:b5:
                    ce:cd:29:f6:b3:b7:25:79:2f:d4:df:20:fc:e6:bf:
                    87:ea:3a:13:00:1a:6e:64:c8:9a:69:35:31:b9:f3:
                    f2:50:1e:ed:35:a4:b1:3e:96:93:8a:0f:6e:b4:77:
                    c6:df:c2:87:a9:91:b1:dc:7f:b0:ef:02:2b:64:8a:
                    12:1c:70:cd:73:b2:cc:ba:65:8b:b3:d6:e0:fd:3b:
                    60:f9:18:1a:1a:7f:f2:c5:17:a1:a9:3c:8f:3f:0f:
                    66:9a:d5:19:58:23:8a:83:d3:87:51:44:b3:f8:68:
                    65:26:dd:89:83:5e:f7:2f:cb:79:55:0b:bc:84:39:
                    4d:cd:de:ea:68:c8:20:16:d4:18:0e:47:2a:42:a9:
                    fd:76:3d:e3:84:35:a7:e7:88:d4:25:c5:99:0f:b6:
                    dc:0a:f2:1f:50:2d:11:68:d5:29:4c:a8:ec:eb:eb:
                    f8:11:ed:8e:d7:28:28:38:b6:8d:5e:c1:da:f3:01:
                    d2:1c:f0:16:60:9d:3c:fe:5e:1d:c0:1c:fc:7d:e3:
                    86:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D0:43:B4:70:EB:B4:55:31:18:9A:33:77:8F:BB:D2:84:3E:65:FC
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44822.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:327::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:14:11:8c:53:ee:5f:7e:06:ec:05:90:af:ac:13:af:a6:0f:
         72:09:b8:ac:72:e5:d5:07:0d:21:fd:61:1e:ff:a5:96:63:7e:
         30:a5:71:c5:21:55:d2:89:b9:87:a2:b4:61:6e:38:f6:98:0a:
         b1:92:f8:e0:00:e4:09:59:20:29:e9:92:a1:26:07:96:df:4b:
         a3:55:46:71:2f:fb:2a:0d:70:97:17:fa:4b:fd:21:de:b1:21:
         a2:40:ad:20:5d:ca:af:4a:61:44:7e:22:19:9a:6a:f5:11:76:
         b9:99:91:c5:17:10:86:9c:1c:7a:71:38:bd:33:81:c4:d4:e9:
         61:be:2d:4b:c8:4e:32:67:91:ea:b4:1e:db:d3:3b:d2:e8:4d:
         83:df:25:c2:ff:0a:44:9e:b3:21:58:05:61:63:76:51:47:71:
         35:ac:ec:73:5c:c2:44:4c:95:27:f2:b4:4f:d9:51:4a:8f:d0:
         d0:f2:5d:83:98:31:ed:51:d1:15:ee:3d:28:c1:74:9c:c4:ff:
         a0:11:9e:5f:34:2f:7e:a8:25:26:11:80:8e:a9:9f:34:b9:63:
         8e:07:6f:28:69:0d:2f:d8:7d:0d:94:97:f6:48:fc:1b:81:87:
         2e:ea:ea:82:d0:35:a4:ee:a6:bf:ad:82:28:70:02:d3:ef:2b:
         65:40:93:08
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUB2jnjua/xX0YABy+ZudjMWJsJKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKEEzRDA0M0I0NzBFQkI0NTUzMTE4OUEzMzc3OEZCQkQyODQzRTY1RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCowXvKTYSe9hzHHgBWD+lN25KW
fqI8hnsbYSkdzHXWjpGMuQUERYZKlM0utW+hXGDS4cBcrKJON+Fwtc7NKfaztyV5
L9TfIPzmv4fqOhMAGm5kyJppNTG58/JQHu01pLE+lpOKD260d8bfwoepkbHcf7Dv
AitkihIccM1zssy6ZYuz1uD9O2D5GBoaf/LFF6GpPI8/D2aa1RlYI4qD04dRRLP4
aGUm3YmDXvcvy3lVC7yEOU3N3upoyCAW1BgORypCqf12PeOENafniNQlxZkPttwK
8h9QLRFo1SlMqOzr6/gR7Y7XKCg4to1ewdrzAdIc8BZgnTz+Xh3AHPx944bpAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUo9BDtHDrtFUxGJozd4+70oQ+ZfwwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTNDQ4MjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
AycwDQYJKoZIhvcNAQELBQADggEBABwUEYxT7l9+BuwFkK+sE6+mD3IJuKxy5dUH
DSH9YR7/pZZjfjClccUhVdKJuYeitGFuOPaYCrGS+OAA5AlZICnpkqEmB5bfS6NV
RnEv+yoNcJcX+kv9Id6xIaJArSBdyq9KYUR+IhmaavURdrmZkcUXEIacHHpxOL0z
gcTU6WG+LUvITjJnkeq0HtvTO9LoTYPfJcL/CkSesyFYBWFjdlFHcTWs7HNcwkRM
lSfytE/ZUUqP0NDyXYOYMe1R0RXuPSjBdJzE/6ARnl80L36oJSYRgI6pnzS5Y44H
byhpDS/YfQ2Ul/ZI/BuBhy7q6oLQNaTupr+tgihwAtPvK2VAkwg=
-----END CERTIFICATE-----