Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204902.roa
File:                     AS204902.roa (raw, json)
Hash identifier:          R2jpBN+NZ01jAoFvomIki+0p0fwoyGbB1nsqDk+6uaU=
Subject key identifier:   3A:AD:E2:75:DA:B3:20:83:7B:9F:C0:D7:12:E2:88:73:B0:E8:00:EC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       739774D60C57A26BF7B0407D27F7A2291611BC7B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204902.roa
Signing time:             Fri 23 Aug 2024 08:01:16 +0000
ROA not before:           Fri 23 Aug 2024 07:56:16 +0000
ROA not after:            Fri 22 Aug 2025 08:01:16 +0000
asID:                     204902
IP address blocks:        2a0f:85c1:900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:97:74:d6:0c:57:a2:6b:f7:b0:40:7d:27:f7:a2:29:16:11:bc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:16 2024 GMT
            Not After : Aug 22 08:01:16 2025 GMT
        Subject: CN=3AADE275DAB320837B9FC0D712E28873B0E800EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:68:64:0d:0e:7e:c5:8c:5d:72:e0:61:1e:7a:
                    b2:ce:32:d7:72:ab:60:c4:70:c8:26:08:5a:fa:c9:
                    b9:6d:56:e2:2f:d7:8a:30:6a:4b:50:94:64:80:3a:
                    fc:f7:c6:4a:29:42:4a:05:22:73:c7:3c:93:76:66:
                    75:68:1a:c3:7b:c9:53:3f:db:e6:b8:16:72:c5:6b:
                    3c:ec:a8:7e:9d:b6:5d:87:7c:78:e0:29:48:59:4e:
                    c0:1a:85:89:5b:10:f2:bb:d3:25:04:36:f5:7a:15:
                    c4:b7:92:95:e6:4c:ab:be:78:4e:15:48:fd:ca:13:
                    78:82:74:5a:51:6e:50:78:cb:a1:9c:93:f6:77:fc:
                    2b:e6:30:30:a1:7b:58:50:0b:90:93:51:40:af:68:
                    b9:6b:97:c9:6d:93:9c:5a:9f:a1:12:f6:e8:74:a6:
                    8a:df:c4:7f:9d:de:f3:a8:e9:ae:f7:85:90:09:77:
                    04:2f:8a:e7:86:91:37:8e:74:bd:c0:37:50:cd:e1:
                    82:3c:b1:8d:d4:87:47:29:98:d4:36:b2:2f:26:0c:
                    8c:e4:3e:09:fc:51:33:f8:a3:66:03:e3:e3:c3:58:
                    89:7f:f4:bc:d8:8e:d3:e7:cf:46:a8:a1:65:5d:4d:
                    3a:85:44:02:e0:7f:97:3c:15:60:11:ec:16:9d:3e:
                    23:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:AD:E2:75:DA:B3:20:83:7B:9F:C0:D7:12:E2:88:73:B0:E8:00:EC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204902.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:77:2b:36:65:0c:db:f5:0e:a2:ef:22:98:c3:0b:29:81:5f:
         a7:1f:cb:79:2a:69:13:47:d2:52:d3:49:9e:9a:46:df:80:89:
         62:ca:bf:cf:b5:d7:8f:d2:51:7e:d5:2b:d5:e9:40:1c:60:67:
         42:9f:70:4a:a7:96:17:ad:23:d8:e0:1f:44:e1:e8:db:eb:8c:
         14:87:09:80:1f:6f:86:5f:3d:39:2a:c1:60:ec:fb:6f:cb:a5:
         00:d0:aa:ca:09:c4:1c:87:d3:b1:2e:3d:20:d1:91:5e:71:0f:
         78:6d:18:b6:53:6b:39:d3:91:c9:d2:22:40:ca:e0:53:cd:77:
         66:19:66:dc:ca:e5:00:b9:34:29:a9:63:30:5b:9e:0c:ff:6c:
         3d:4f:ae:7e:44:ca:29:c9:e5:75:1e:8c:b3:90:87:9f:d5:3f:
         0e:3d:38:98:6e:99:15:35:98:98:17:a0:df:9c:e0:9d:0f:af:
         71:2e:24:e2:78:e0:61:c7:c9:20:e6:56:91:47:32:b7:e2:5e:
         b8:66:3e:d0:fa:66:76:2e:f2:77:71:cf:5c:cb:cc:b3:26:bd:
         16:76:69:25:8a:99:c0:39:05:d1:03:94:20:86:c1:52:dd:96:
         ec:f4:80:fd:4c:31:24:94:db:30:83:df:5c:64:64:0e:0f:ed:
         10:68:db:08
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUc5d01gxXomv3sEB9J/eiKRYRvHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTZaFw0yNTA4MjIwODAxMTZaMDMxMTAvBgNV
BAMTKDNBQURFMjc1REFCMzIwODM3QjlGQzBENzEyRTI4ODczQjBFODAwRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9aGQNDn7FjF1y4GEeerLOMtdy
q2DEcMgmCFr6ybltVuIv14owaktQlGSAOvz3xkopQkoFInPHPJN2ZnVoGsN7yVM/
2+a4FnLFazzsqH6dtl2HfHjgKUhZTsAahYlbEPK70yUENvV6FcS3kpXmTKu+eE4V
SP3KE3iCdFpRblB4y6Gck/Z3/CvmMDChe1hQC5CTUUCvaLlrl8ltk5xan6ES9uh0
porfxH+d3vOo6a73hZAJdwQviueGkTeOdL3AN1DN4YI8sY3Uh0cpmNQ2si8mDIzk
Pgn8UTP4o2YD4+PDWIl/9LzYjtPnz0aooWVdTTqFRALgf5c8FWAR7BadPiPfAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUOq3iddqzIIN7n8DXEuKIc7DoAOwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0OTAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+F
wQkwDQYJKoZIhvcNAQELBQADggEBAIt3KzZlDNv1DqLvIpjDCymBX6cfy3kqaRNH
0lLTSZ6aRt+AiWLKv8+114/SUX7VK9XpQBxgZ0KfcEqnlhetI9jgH0Th6NvrjBSH
CYAfb4ZfPTkqwWDs+2/LpQDQqsoJxByH07EuPSDRkV5xD3htGLZTaznTkcnSIkDK
4FPNd2YZZtzK5QC5NCmpYzBbngz/bD1Prn5EyinJ5XUejLOQh5/VPw49OJhumRU1
mJgXoN+c4J0Pr3EuJOJ44GHHySDmVpFHMrfiXrhmPtD6ZnYu8ndxz1zLzLMmvRZ2
aSWKmcA5BdEDlCCGwVLdluz0gP1MMSSU2zCD31xkZA4P7RBo2wg=
-----END CERTIFICATE-----