Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44876.roa
File:                     AS44876.roa (raw, json)
Hash identifier:          gqg57HWJkJ3yibK2tBniIe80vgFtdDz6MDvXramQ84g=
Subject key identifier:   72:6C:1D:6D:20:39:29:88:D3:0A:5A:16:68:BF:F6:38:89:79:AB:E2
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       0A77EA0DA6992F1C18D493D9FF1E57D543F4E765
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44876.roa
Signing time:             Thu 23 May 2024 16:49:08 +0000
ROA not before:           Thu 23 May 2024 16:44:08 +0000
ROA not after:            Thu 22 May 2025 16:49:08 +0000
asID:                     44876
IP address blocks:        2a0f:85c1:326::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:77:ea:0d:a6:99:2f:1c:18:d4:93:d9:ff:1e:57:d5:43:f4:e7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:08 2024 GMT
            Not After : May 22 16:49:08 2025 GMT
        Subject: CN=726C1D6D20392988D30A5A1668BFF6388979ABE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:77:f0:74:5b:93:b8:59:59:6e:83:02:7e:96:
                    5f:de:04:07:3e:bd:46:1d:6b:50:57:03:6b:09:03:
                    92:b9:d6:17:86:99:f2:a9:cf:bf:ee:3f:32:dc:89:
                    7e:1c:76:68:8d:dd:76:dd:05:7e:49:fb:19:b8:c3:
                    d8:e6:44:67:7e:fe:ca:ae:57:15:68:09:9c:8e:4a:
                    41:9a:42:c4:37:2d:28:10:1d:69:3c:ec:f7:e1:a0:
                    c7:dc:35:e2:89:b7:c6:86:6b:12:a9:3e:d4:5c:05:
                    10:e0:0f:2d:63:d8:3f:d2:8e:91:ec:ad:09:76:cf:
                    29:79:7b:69:a4:7f:7c:da:05:a7:9d:8b:ac:77:f0:
                    b8:5d:2c:8b:2a:f3:63:fe:57:f3:86:e7:6e:62:b0:
                    0e:14:37:fc:7a:89:14:00:7d:06:06:0b:42:97:9f:
                    b4:44:a4:ec:0a:32:86:73:f6:81:8c:ab:35:55:8a:
                    8f:08:fb:ce:de:13:25:74:17:09:cd:94:7b:52:ea:
                    53:29:fc:d1:cd:8f:ce:4b:c3:ee:b3:2b:d6:8b:c4:
                    15:2c:1d:f2:b2:73:09:e9:fe:25:da:f2:e5:c4:ba:
                    38:55:60:bf:bc:4e:2d:55:1d:be:48:0d:49:04:34:
                    71:a9:4d:bc:5a:66:e9:28:56:5b:2b:42:13:f8:c8:
                    58:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6C:1D:6D:20:39:29:88:D3:0A:5A:16:68:BF:F6:38:89:79:AB:E2
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44876.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:326::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:81:c3:37:4a:24:e9:18:14:fa:37:09:45:ab:e0:c8:1e:ca:
         7b:38:71:3c:34:58:27:0b:bc:43:d7:e3:b0:35:12:04:e4:7e:
         76:07:c1:b5:c9:d0:61:c8:59:92:18:90:b9:b2:54:1e:03:28:
         3c:74:48:a8:a8:30:85:e2:e0:e6:04:5d:b2:e3:9d:2d:73:23:
         d7:39:33:d8:e9:01:f7:dc:ff:ca:8b:3a:b6:00:47:94:9c:32:
         43:ca:61:26:22:f2:2c:25:0d:c9:cf:da:65:17:9a:60:34:7d:
         22:24:17:dd:c4:87:5a:83:de:da:83:31:64:dd:d8:15:ca:3e:
         5e:93:d2:20:25:f3:51:02:58:45:c9:56:74:49:d7:a5:63:44:
         42:22:ec:a0:54:69:9a:c2:56:f6:35:40:93:ea:5e:20:d1:49:
         3d:cf:7c:7b:69:67:0d:dc:8f:46:50:4f:0f:cb:c6:7a:55:ac:
         ea:80:aa:b3:89:fd:a1:c0:72:90:1c:e8:b7:3e:ff:92:bc:98:
         8a:7e:2d:67:7f:4c:da:1f:b9:21:02:11:8a:60:2a:1c:de:33:
         00:6c:1d:5e:12:db:0a:79:26:28:72:e8:da:f1:56:9b:60:0f:
         bc:0e:5e:42:ca:56:54:55:77:5c:97:63:41:46:d1:9b:0e:dc:
         98:97:c9:e1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUCnfqDaaZLxwY1JPZ/x5X1UP052UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDhaFw0yNTA1MjIxNjQ5MDhaMDMxMTAvBgNV
BAMTKDcyNkMxRDZEMjAzOTI5ODhEMzBBNUExNjY4QkZGNjM4ODk3OUFCRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyd/B0W5O4WVlugwJ+ll/eBAc+
vUYda1BXA2sJA5K51heGmfKpz7/uPzLciX4cdmiN3XbdBX5J+xm4w9jmRGd+/squ
VxVoCZyOSkGaQsQ3LSgQHWk87PfhoMfcNeKJt8aGaxKpPtRcBRDgDy1j2D/SjpHs
rQl2zyl5e2mkf3zaBaedi6x38LhdLIsq82P+V/OG525isA4UN/x6iRQAfQYGC0KX
n7REpOwKMoZz9oGMqzVVio8I+87eEyV0FwnNlHtS6lMp/NHNj85Lw+6zK9aLxBUs
HfKycwnp/iXa8uXEujhVYL+8Ti1VHb5IDUkENHGpTbxaZukoVlsrQhP4yFh5AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUcmwdbSA5KYjTCloWaL/2OIl5q+IwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTNDQ4NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
AyYwDQYJKoZIhvcNAQELBQADggEBAKqBwzdKJOkYFPo3CUWr4Mgeyns4cTw0WCcL
vEPX47A1EgTkfnYHwbXJ0GHIWZIYkLmyVB4DKDx0SKioMIXi4OYEXbLjnS1zI9c5
M9jpAffc/8qLOrYAR5ScMkPKYSYi8iwlDcnP2mUXmmA0fSIkF93Eh1qD3tqDMWTd
2BXKPl6T0iAl81ECWEXJVnRJ16VjREIi7KBUaZrCVvY1QJPqXiDRST3PfHtpZw3c
j0ZQTw/LxnpVrOqAqrOJ/aHAcpAc6Lc+/5K8mIp+LWd/TNofuSECEYpgKhzeMwBs
HV4S2wp5Jihy6NrxVptgD7wOXkLKVlRVd1yXY0FG0ZsO3JiXyeE=
-----END CERTIFICATE-----