Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210152.roa
File:                     AS210152.roa (raw, json)
Hash identifier:          2SbVPBvJDkgNi7FHCFY4BnkgATfxmY/TyIf/6xA1cpo=
Subject key identifier:   57:97:BB:A7:B0:DF:18:4B:E3:D2:BC:4B:1A:54:82:F5:F7:0E:46:8D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       659FBE6FC034635D7CF7BF632DCDC98D02E40326
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210152.roa
Signing time:             Tue 17 Sep 2024 04:26:59 +0000
ROA not before:           Tue 17 Sep 2024 04:21:59 +0000
ROA not after:            Tue 16 Sep 2025 04:26:59 +0000
asID:                     210152
IP address blocks:        2a0f:85c1:8a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:9f:be:6f:c0:34:63:5d:7c:f7:bf:63:2d:cd:c9:8d:02:e4:03:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:21:59 2024 GMT
            Not After : Sep 16 04:26:59 2025 GMT
        Subject: CN=5797BBA7B0DF184BE3D2BC4B1A5482F5F70E468D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:aa:60:2b:f9:10:76:b7:2f:1c:7f:97:26:d3:
                    e7:44:c7:cf:4d:f4:c4:ed:7f:41:11:48:24:43:d6:
                    dd:14:fb:23:c3:a5:52:0a:d1:82:ba:d4:a8:99:f6:
                    f5:fe:bc:4d:33:3d:5a:4b:2f:a7:a3:6e:3c:70:99:
                    eb:e6:74:1d:fa:97:19:5c:da:84:1c:c1:b3:7f:ce:
                    58:ec:b6:d2:91:06:9c:37:73:3f:17:51:9b:86:2f:
                    66:7f:23:73:ab:de:42:36:ce:db:43:55:5b:b2:9d:
                    ac:99:80:ee:7d:b7:0b:d1:73:38:ff:e0:00:38:a0:
                    4e:d1:e3:0a:cf:35:00:83:7a:41:e6:a9:49:31:56:
                    92:64:b7:b4:4b:a7:65:cf:11:3b:87:de:12:c6:96:
                    93:71:84:4e:54:46:9d:38:51:fb:65:e1:00:db:f3:
                    6d:97:5c:fd:11:9e:2c:49:90:3c:1a:fc:7a:93:28:
                    c4:9b:14:63:12:b8:de:68:a2:cc:b0:bf:4d:2e:12:
                    77:75:24:7f:d4:ec:75:9e:36:4a:09:e9:9d:c2:22:
                    6d:a0:91:92:c4:2c:0f:95:01:89:6b:ff:ea:e8:17:
                    21:53:f1:7d:63:38:82:31:90:3e:32:46:79:08:c5:
                    c5:6f:c6:47:e9:72:c7:96:16:d7:52:03:06:5e:19:
                    8d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:97:BB:A7:B0:DF:18:4B:E3:D2:BC:4B:1A:54:82:F5:F7:0E:46:8D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         ae:b8:fa:ba:91:a5:7e:29:b1:bc:3e:58:7f:b3:db:fc:12:f0:
         ca:6a:ca:ed:e1:e0:b2:d1:2b:0b:f8:f3:a3:b6:63:aa:79:d7:
         1c:7a:d3:4d:7f:9f:15:49:0c:08:54:89:00:0f:cc:b6:3c:dd:
         06:35:5d:fa:20:7e:58:8d:ca:2c:77:25:8d:78:7d:82:e7:34:
         de:0f:d1:f0:00:d6:db:60:0d:c7:bf:28:06:7f:51:25:d6:ac:
         37:dc:ed:47:ff:9f:50:39:62:02:e7:fe:43:cb:11:38:fa:7e:
         7a:59:7f:ee:d6:37:80:4c:11:ec:c0:22:27:01:df:70:2b:b6:
         af:e1:f2:7e:62:e9:3c:9e:93:ed:e8:07:e2:88:60:24:a5:30:
         10:62:6e:a5:ef:82:50:2a:76:75:c4:c1:bd:a1:0b:cb:5c:27:
         ae:2c:67:a4:d7:4c:69:d6:31:a8:a5:49:ee:00:a0:1d:51:c6:
         d9:4f:19:e9:8a:c4:16:ee:a5:f2:8e:8b:7e:eb:12:66:61:fb:
         87:35:78:dd:aa:c0:c7:a3:d9:4b:33:62:28:4a:40:52:56:f3:
         6d:d7:89:22:a3:2a:b1:4d:40:93:66:ec:79:41:b1:d8:03:65:
         27:ee:ec:b6:e3:15:16:e5:f9:1f:1c:38:d5:9d:74:98:5a:7b:
         d7:e6:a2:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZZ++b8A0Y118979jLc3JjQLkAyYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIxNTlaFw0yNTA5MTYwNDI2NTlaMDMxMTAvBgNV
BAMTKDU3OTdCQkE3QjBERjE4NEJFM0QyQkM0QjFBNTQ4MkY1RjcwRTQ2OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeqmAr+RB2ty8cf5cm0+dEx89N
9MTtf0ERSCRD1t0U+yPDpVIK0YK61KiZ9vX+vE0zPVpLL6ejbjxwmevmdB36lxlc
2oQcwbN/zljsttKRBpw3cz8XUZuGL2Z/I3Or3kI2zttDVVuynayZgO59twvRczj/
4AA4oE7R4wrPNQCDekHmqUkxVpJkt7RLp2XPETuH3hLGlpNxhE5URp04Uftl4QDb
822XXP0RnixJkDwa/HqTKMSbFGMSuN5oosywv00uEnd1JH/U7HWeNkoJ6Z3CIm2g
kZLELA+VAYlr/+roFyFT8X1jOIIxkD4yRnkIxcVvxkfpcseWFtdSAwZeGY0TAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUV5e7p7DfGEvj0rxLGlSC9fcORo0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwMTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQigMA0GCSqGSIb3DQEBCwUAA4IBAQCuuPq6kaV+KbG8Plh/s9v8EvDKasrt4eCy
0SsL+POjtmOqedccetNNf58VSQwIVIkAD8y2PN0GNV36IH5YjcosdyWNeH2C5zTe
D9HwANbbYA3HvygGf1El1qw33O1H/59QOWIC5/5DyxE4+n56WX/u1jeATBHswCIn
Ad9wK7av4fJ+Yuk8npPt6AfiiGAkpTAQYm6l74JQKnZ1xMG9oQvLXCeuLGek10xp
1jGopUnuAKAdUcbZTxnpisQW7qXyjot+6xJmYfuHNXjdqsDHo9lLM2IoSkBSVvNt
14kioyqxTUCTZux5QbHYA2Un7uy24xUW5fkfHDjVnXSYWnvX5qLy
-----END CERTIFICATE-----