Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa
File:                     AS202239.roa (raw, json)
Hash identifier:          kwHJ7l71cs7bbjJJuK6ZlMqfQOw2hR4Ycga04LYra/A=
Subject key identifier:   A2:11:C2:2A:D6:AD:0B:11:7A:DF:2B:A1:8D:C1:C4:AB:AF:C8:BD:F1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       183AD18D5ECA5CE282C67E69E1AB98D1DF12392D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa
Signing time:             Fri 23 Aug 2024 08:01:17 +0000
ROA not before:           Fri 23 Aug 2024 07:56:17 +0000
ROA not after:            Fri 22 Aug 2025 08:01:17 +0000
asID:                     202239
IP address blocks:        2a0f:85c1:211::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:3a:d1:8d:5e:ca:5c:e2:82:c6:7e:69:e1:ab:98:d1:df:12:39:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:17 2024 GMT
            Not After : Aug 22 08:01:17 2025 GMT
        Subject: CN=A211C22AD6AD0B117ADF2BA18DC1C4ABAFC8BDF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:70:98:8f:1f:aa:10:bc:ce:86:25:29:23:66:
                    02:bd:d7:0a:3a:3b:b3:65:3e:0a:41:17:9b:f7:43:
                    f0:35:15:ad:f7:f8:44:fb:1e:37:25:ef:be:a0:fe:
                    2d:49:ff:27:ee:51:22:2e:f1:f2:a1:00:8f:cc:48:
                    b8:98:2a:ac:1c:02:36:9e:b8:ff:22:01:21:22:f2:
                    51:bf:29:c0:fe:be:08:80:f9:f3:dd:21:87:e5:22:
                    66:27:09:af:42:8f:83:09:f9:df:b7:c9:5f:3e:85:
                    9f:52:71:e0:4b:c1:c2:14:71:ac:72:70:e6:0a:91:
                    d3:c7:42:04:86:fa:1e:96:bf:21:a1:81:81:99:1b:
                    5b:f9:27:a0:75:6b:f1:1f:b7:f1:f6:30:25:41:ee:
                    e0:d3:44:31:f7:15:1c:00:ca:f3:20:c6:a3:cd:09:
                    a2:d9:f6:63:58:f0:bf:8f:03:a9:10:63:a0:2d:ff:
                    88:25:8a:80:66:02:88:43:d5:e5:3d:4c:4e:98:71:
                    3d:a1:df:f6:70:32:81:41:c0:f6:05:21:1b:31:a7:
                    7c:08:0f:28:1f:f9:1b:c8:be:f9:83:12:7c:8b:31:
                    4e:53:6a:12:fd:7e:63:e1:9b:c1:3a:fd:45:d1:64:
                    8a:31:a3:e3:2e:7c:79:c6:ba:a2:46:4e:fe:9c:33:
                    c8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:11:C2:2A:D6:AD:0B:11:7A:DF:2B:A1:8D:C1:C4:AB:AF:C8:BD:F1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:211::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:23:04:8e:5d:08:ee:80:60:e8:79:03:29:13:5f:42:9a:de:
         47:95:14:32:50:f6:56:cb:69:cc:24:6c:b7:b6:fd:41:42:57:
         23:09:72:21:1f:bd:75:0e:69:e1:18:ad:72:90:32:23:f7:88:
         a7:de:73:04:8d:07:ec:79:a3:8f:4a:a5:95:e1:e0:d0:a6:08:
         32:05:33:dc:9a:6a:47:6b:84:ea:43:de:12:0b:43:f4:8f:b0:
         e2:22:77:cb:2a:1e:ea:7d:63:6d:07:9c:0e:04:58:29:e9:f1:
         43:4e:eb:35:ba:a2:03:ff:27:78:27:be:dc:8c:ce:7f:5f:1f:
         cb:5e:6e:f1:c0:c6:60:85:4f:b9:72:04:2e:c1:9c:94:2f:b5:
         c6:a1:49:de:c1:98:ed:5a:a1:ff:26:dc:34:83:7d:ad:a1:b2:
         af:07:bf:2d:f5:5f:88:95:15:49:4a:1e:2c:cf:a4:a8:1e:f2:
         8e:10:47:26:22:a4:38:e5:06:ea:80:82:25:ea:54:23:df:51:
         81:4c:08:05:fd:7d:95:6a:e3:e6:06:3f:29:18:76:16:a9:72:
         11:81:e3:0e:7e:15:06:c1:95:10:38:35:58:21:fa:03:60:be:
         8f:f0:8a:c6:df:00:53:15:6f:de:63:e5:0b:42:10:0e:74:a5:
         5a:2f:1b:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGDrRjV7KXOKCxn5p4auY0d8SOS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTdaFw0yNTA4MjIwODAxMTdaMDMxMTAvBgNV
BAMTKEEyMTFDMjJBRDZBRDBCMTE3QURGMkJBMThEQzFDNEFCQUZDOEJERjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIcJiPH6oQvM6GJSkjZgK91wo6
O7NlPgpBF5v3Q/A1Fa33+ET7Hjcl776g/i1J/yfuUSIu8fKhAI/MSLiYKqwcAjae
uP8iASEi8lG/KcD+vgiA+fPdIYflImYnCa9Cj4MJ+d+3yV8+hZ9SceBLwcIUcaxy
cOYKkdPHQgSG+h6WvyGhgYGZG1v5J6B1a/Eft/H2MCVB7uDTRDH3FRwAyvMgxqPN
CaLZ9mNY8L+PA6kQY6At/4glioBmAohD1eU9TE6YcT2h3/ZwMoFBwPYFIRsxp3wI
Dygf+RvIvvmDEnyLMU5TahL9fmPhm8E6/UXRZIoxo+MufHnGuqJGTv6cM8iXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUohHCKtatCxF63yuhjcHEq6/IvfEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQIRMA0GCSqGSIb3DQEBCwUAA4IBAQCcIwSOXQjugGDoeQMpE19Cmt5HlRQyUPZW
y2nMJGy3tv1BQlcjCXIhH711DmnhGK1ykDIj94in3nMEjQfseaOPSqWV4eDQpggy
BTPcmmpHa4TqQ94SC0P0j7DiInfLKh7qfWNtB5wOBFgp6fFDTus1uqID/yd4J77c
jM5/Xx/LXm7xwMZghU+5cgQuwZyUL7XGoUnewZjtWqH/Jtw0g32tobKvB78t9V+I
lRVJSh4sz6SoHvKOEEcmIqQ45QbqgIIl6lQj31GBTAgF/X2VauPmBj8pGHYWqXIR
geMOfhUGwZUQODVYIfoDYL6P8IrG3wBTFW/eY+ULQhAOdKVaLxuw
-----END CERTIFICATE-----