Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS50338.roa
File:                     AS50338.roa (raw, json)
Hash identifier:          Ac6F6TgUTFcgwS6p0IneeLDWk6hwwjv4763L8ESPvi0=
Subject key identifier:   CE:43:C6:63:C9:FE:1E:78:9F:A4:B0:50:DE:DF:91:37:60:79:CD:5D
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7B1B733FF796BB2A5714406A884C82D3FDB71532
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS50338.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     50338
IP address blocks:        2a0f:85c1:299::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1b:73:3f:f7:96:bb:2a:57:14:40:6a:88:4c:82:d3:fd:b7:15:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=CE43C663C9FE1E789FA4B050DEDF91376079CD5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:59:48:a0:34:7a:6a:d5:0e:31:b5:50:ce:a5:
                    44:17:82:56:74:ef:ab:47:f8:9e:43:e0:c0:e1:59:
                    94:db:a0:65:5f:53:c0:0e:f0:db:65:d7:b1:0f:4c:
                    7f:8f:56:ad:29:a1:98:64:75:4b:01:24:69:09:32:
                    cb:cf:f9:aa:85:ff:21:26:b3:d8:5f:3c:28:15:27:
                    8f:48:31:f3:6d:88:e3:59:e3:92:69:60:10:10:80:
                    3b:4b:79:66:eb:da:95:8e:f9:7b:0c:77:20:16:c5:
                    2c:db:37:99:ca:32:21:b6:fb:e2:f8:6c:a9:6d:9d:
                    4c:c1:08:7f:f9:b9:93:aa:eb:1e:6d:69:c4:e5:87:
                    fe:02:69:82:a2:57:10:67:6a:0c:ce:a0:7e:54:2e:
                    eb:2e:be:df:0e:3d:f8:55:7f:c9:66:46:7d:74:25:
                    45:79:4e:eb:4d:3d:d6:9f:93:35:cc:3c:59:48:c6:
                    bb:b8:c2:49:85:8e:d4:82:8f:4f:3d:de:72:fe:ba:
                    68:27:07:3d:71:e5:0f:1c:ee:89:2b:7e:17:5a:71:
                    7e:7c:36:24:a8:37:7b:f1:09:b9:29:d6:b1:52:24:
                    3d:71:6e:fc:07:a5:6c:01:82:bf:1c:49:92:ca:e3:
                    0c:ef:66:6f:d7:62:0a:79:68:fa:e4:21:6e:40:76:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:43:C6:63:C9:FE:1E:78:9F:A4:B0:50:DE:DF:91:37:60:79:CD:5D
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS50338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:299::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:5a:dc:22:e7:43:b2:bc:29:ce:6a:f5:04:5c:47:e8:b1:a6:
         be:c6:20:30:c0:de:13:51:1f:22:ea:5b:14:f0:b6:80:a6:dc:
         a8:50:e3:4a:0c:58:7b:d1:0a:84:f2:a6:65:46:1b:c0:3a:55:
         d2:d7:fd:4a:f8:12:93:66:c4:de:4e:a3:f6:75:75:25:b1:23:
         2a:93:31:aa:cc:e0:60:a1:43:80:05:f2:4e:4c:84:9e:9b:f2:
         fe:e0:b9:6e:54:18:2a:98:5d:09:86:64:1d:18:f6:9b:33:94:
         3e:e9:15:70:52:64:3f:39:5c:91:42:05:34:c4:13:f2:d4:76:
         89:e4:ae:a7:fd:5e:a4:ea:50:cc:4f:da:6a:3a:c4:45:1c:fb:
         c6:ba:ce:53:e9:e3:20:b3:53:d7:50:16:8d:be:29:77:81:26:
         90:27:a9:5b:1d:1b:6b:7d:7e:ae:4f:bc:24:54:8a:9c:e7:90:
         3a:08:50:38:59:c9:49:86:05:da:dc:e2:11:e6:4f:50:8a:8c:
         6b:01:4d:4c:97:4e:36:e1:ad:3a:f3:d4:dc:c8:75:da:1b:ec:
         09:69:5a:8f:bd:35:5e:3f:22:cd:2b:05:6c:a9:d4:3c:94:ff:
         e7:81:4e:93:ac:0a:88:46:bf:c3:93:7c:ac:72:28:06:17:fc:
         21:fc:52:dd
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUextzP/eWuypXFEBqiEyC0/23FTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKENFNDNDNjYzQzlGRTFFNzg5RkE0QjA1MERFREY5MTM3NjA3OUNENUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYWUigNHpq1Q4xtVDOpUQXglZ0
76tH+J5D4MDhWZTboGVfU8AO8Ntl17EPTH+PVq0poZhkdUsBJGkJMsvP+aqF/yEm
s9hfPCgVJ49IMfNtiONZ45JpYBAQgDtLeWbr2pWO+XsMdyAWxSzbN5nKMiG2++L4
bKltnUzBCH/5uZOq6x5tacTlh/4CaYKiVxBnagzOoH5ULusuvt8OPfhVf8lmRn10
JUV5TutNPdafkzXMPFlIxru4wkmFjtSCj0893nL+umgnBz1x5Q8c7okrfhdacX58
NiSoN3vxCbkp1rFSJD1xbvwHpWwBgr8cSZLK4wzvZm/XYgp5aPrkIW5AdgNZAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUzkPGY8n+HnifpLBQ3t+RN2B5zV0wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTNTAzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
ApkwDQYJKoZIhvcNAQELBQADggEBAK5a3CLnQ7K8Kc5q9QRcR+ixpr7GIDDA3hNR
HyLqWxTwtoCm3KhQ40oMWHvRCoTypmVGG8A6VdLX/Ur4EpNmxN5Oo/Z1dSWxIyqT
MarM4GChQ4AF8k5MhJ6b8v7guW5UGCqYXQmGZB0Y9pszlD7pFXBSZD85XJFCBTTE
E/LUdonkrqf9XqTqUMxP2mo6xEUc+8a6zlPp4yCzU9dQFo2+KXeBJpAnqVsdG2t9
fq5PvCRUipznkDoIUDhZyUmGBdrc4hHmT1CKjGsBTUyXTjbhrTrz1NzIddob7Alp
Wo+9NV4/Is0rBWyp1DyU/+eBTpOsCohGv8OTfKxyKAYX/CH8Ut0=
-----END CERTIFICATE-----