Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa
File:                     AS210202.roa (raw, json)
Hash identifier:          zhzoIkQjdW9MIrZDOkRJ+au5UYOPIXgzTgvIRO0GfbA=
Subject key identifier:   85:A7:2E:C9:A5:75:DA:23:EA:D5:60:4F:C7:8A:39:12:E8:88:7B:C4
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       60083F9125B4A8B2D2B998664D28709665A64618
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa
Signing time:             Fri 23 Aug 2024 08:01:19 +0000
ROA not before:           Fri 23 Aug 2024 07:56:19 +0000
ROA not after:            Fri 22 Aug 2025 08:01:19 +0000
asID:                     210202
IP address blocks:        2a0f:85c1:50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:08:3f:91:25:b4:a8:b2:d2:b9:98:66:4d:28:70:96:65:a6:46:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:19 2024 GMT
            Not After : Aug 22 08:01:19 2025 GMT
        Subject: CN=85A72EC9A575DA23EAD5604FC78A3912E8887BC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:11:46:7d:06:cb:e1:82:cc:15:53:f1:3d:9c:
                    72:0b:2b:f8:39:1d:83:44:85:89:e2:79:c5:8c:1a:
                    74:3f:b6:43:eb:46:5d:7d:af:ee:af:49:91:b3:4a:
                    42:e9:d6:61:9d:25:de:92:36:6c:c7:ef:8e:8e:61:
                    9c:fe:7f:42:ff:7a:7c:1e:5f:d7:56:ab:8a:73:b9:
                    3f:a9:69:1c:e2:c2:f4:63:c6:b2:9d:a8:29:db:81:
                    bb:47:70:9b:e4:c1:04:b7:d9:98:19:fe:ec:8a:ed:
                    36:ec:67:c4:3f:14:af:a5:b1:ee:bb:45:97:7b:ea:
                    43:42:6c:a4:eb:ae:3a:98:5b:7a:10:f4:db:f1:f6:
                    ee:a0:a7:14:48:73:ff:b3:18:86:d1:36:7d:72:bc:
                    1c:bb:46:7b:ee:55:f6:48:15:60:fe:ae:fb:c4:a4:
                    e0:c3:73:89:cf:d0:3c:45:b8:39:16:ef:39:74:d3:
                    95:3f:81:84:64:29:09:86:3a:71:2d:9b:3c:70:6d:
                    43:2a:9a:55:26:a5:82:f5:46:2a:ef:9b:dd:7a:2d:
                    6d:dc:28:61:51:e2:cf:e4:8a:b2:e2:fe:df:57:e3:
                    84:9d:ec:90:1c:d2:b7:91:8b:0e:c6:b8:5d:76:9c:
                    ec:35:b8:00:3b:3a:9e:53:ca:9e:84:ed:22:ff:a9:
                    33:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A7:2E:C9:A5:75:DA:23:EA:D5:60:4F:C7:8A:39:12:E8:88:7B:C4
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:50::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:0f:b9:3d:52:03:1a:a7:fb:c8:85:0b:59:66:60:6a:1f:19:
         57:63:e1:8a:7d:39:72:41:d1:73:5d:f2:bf:a8:ae:ce:fa:63:
         f1:3a:53:2c:43:df:08:54:2f:be:79:83:97:28:0d:61:b1:e7:
         23:c3:26:f7:60:87:e9:2e:e2:47:8d:6f:8d:f9:46:bc:ab:72:
         32:84:de:9d:ce:8b:7a:6c:99:f7:ee:e6:3d:39:1e:cc:37:18:
         03:3f:12:1b:48:01:4f:97:e9:aa:bc:0a:0e:26:b7:56:b1:c7:
         06:2a:bc:75:77:0c:95:ad:57:04:60:24:b3:d9:1a:68:a5:e4:
         57:31:fe:94:a0:e7:f2:59:f2:ab:22:6e:9d:2b:bc:ad:65:b3:
         6e:10:48:5a:47:1e:ed:18:69:0d:e9:4f:26:c8:b9:bb:3f:92:
         56:dd:9d:7f:7a:40:66:f6:3f:3c:29:9c:7f:9e:b9:a0:b3:0d:
         d0:df:1b:40:97:e1:3e:7d:fc:92:fb:0f:ee:ed:2a:ef:10:7e:
         91:52:ca:d3:19:22:59:83:b5:34:65:75:47:6f:ed:91:a4:64:
         54:08:10:7b:07:2f:87:b6:88:e4:4d:02:7a:a9:10:3f:4c:ca:
         09:72:a0:ad:85:5e:f1:e8:a5:37:c9:01:5f:f2:08:3a:b2:63:
         af:a8:39:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYAg/kSW0qLLSuZhmTShwlmWmRhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTlaFw0yNTA4MjIwODAxMTlaMDMxMTAvBgNV
BAMTKDg1QTcyRUM5QTU3NURBMjNFQUQ1NjA0RkM3OEEzOTEyRTg4ODdCQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKEUZ9BsvhgswVU/E9nHILK/g5
HYNEhYniecWMGnQ/tkPrRl19r+6vSZGzSkLp1mGdJd6SNmzH746OYZz+f0L/enwe
X9dWq4pzuT+paRziwvRjxrKdqCnbgbtHcJvkwQS32ZgZ/uyK7TbsZ8Q/FK+lse67
RZd76kNCbKTrrjqYW3oQ9Nvx9u6gpxRIc/+zGIbRNn1yvBy7RnvuVfZIFWD+rvvE
pODDc4nP0DxFuDkW7zl005U/gYRkKQmGOnEtmzxwbUMqmlUmpYL1Rirvm916LW3c
KGFR4s/kirLi/t9X44Sd7JAc0reRiw7GuF12nOw1uAA7Op5Typ6E7SL/qTODAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhacuyaV12iPq1WBPx4o5EuiIe8QwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwMjAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQBQMA0GCSqGSIb3DQEBCwUAA4IBAQCGD7k9UgMap/vIhQtZZmBqHxlXY+GKfTly
QdFzXfK/qK7O+mPxOlMsQ98IVC++eYOXKA1hsecjwyb3YIfpLuJHjW+N+Ua8q3Iy
hN6dzot6bJn37uY9OR7MNxgDPxIbSAFPl+mqvAoOJrdWsccGKrx1dwyVrVcEYCSz
2RpopeRXMf6UoOfyWfKrIm6dK7ytZbNuEEhaRx7tGGkN6U8myLm7P5JW3Z1/ekBm
9j88KZx/nrmgsw3Q3xtAl+E+ffyS+w/u7SrvEH6RUsrTGSJZg7U0ZXVHb+2RpGRU
CBB7By+HtojkTQJ6qRA/TMoJcqCthV7x6KU3yQFf8gg6smOvqDlM
-----END CERTIFICATE-----