Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa
File:                     AS210532.roa (raw, json)
Hash identifier:          SS8Qo9nx6w8IFZOf4RshDnDMfliXz9X2b6kjRhbKaJU=
Subject key identifier:   17:BD:E0:DF:5E:C1:98:13:E5:7B:5E:00:42:98:D1:BA:2E:A6:23:F7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39679B6234C7ED61B4AEC4E318E6FB8F0D4592CD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa
Signing time:             Fri 23 Aug 2024 08:01:19 +0000
ROA not before:           Fri 23 Aug 2024 07:56:19 +0000
ROA not after:            Fri 22 Aug 2025 08:01:19 +0000
asID:                     210532
IP address blocks:        2a0f:85c1:27::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:67:9b:62:34:c7:ed:61:b4:ae:c4:e3:18:e6:fb:8f:0d:45:92:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:19 2024 GMT
            Not After : Aug 22 08:01:19 2025 GMT
        Subject: CN=17BDE0DF5EC19813E57B5E004298D1BA2EA623F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:49:e3:ee:a9:a1:07:b5:74:39:a0:c2:65:
                    61:f7:b5:1c:55:02:92:ad:1c:c2:42:88:03:c1:7a:
                    a5:16:14:3a:c9:06:f2:d2:9f:c0:ea:33:c3:2b:d8:
                    66:ac:bf:f7:2c:98:8f:f9:89:f2:30:58:96:52:98:
                    c6:e0:6f:cc:d5:3d:f3:71:29:25:37:55:41:54:52:
                    94:1a:f1:7d:e0:47:ed:11:26:d3:61:1a:e3:85:95:
                    11:7d:c6:64:b6:31:b1:c9:80:00:6c:b1:a8:79:a7:
                    0e:9d:20:70:21:cb:26:51:8d:45:22:99:6a:fd:2d:
                    b1:91:e7:45:74:08:d0:fa:f5:06:27:f0:25:f6:a7:
                    47:4f:7f:2f:c0:11:a6:7f:1a:51:d3:72:06:52:d2:
                    fd:51:ad:65:c6:28:d8:e6:82:34:dd:c6:2f:a3:8c:
                    88:7e:c7:44:29:46:5f:aa:b4:43:a9:fe:f2:c7:75:
                    5d:c5:86:7b:af:ee:af:69:dd:00:6b:76:f4:a0:74:
                    a7:67:6a:3d:35:ae:03:57:66:a8:8a:3c:45:0e:1a:
                    8a:ec:48:38:9e:4a:75:7f:f1:58:e0:da:0a:c4:5d:
                    86:26:68:61:db:ff:12:cb:b4:68:9f:2e:b3:72:f8:
                    df:2b:d3:f4:7b:81:e6:24:f9:3d:9e:da:63:db:1b:
                    f8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BD:E0:DF:5E:C1:98:13:E5:7B:5E:00:42:98:D1:BA:2E:A6:23:F7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:ec:e0:76:b9:e7:c8:8e:d0:cd:10:bf:dd:58:b8:67:aa:70:
         68:82:e7:cc:27:48:61:5e:29:f3:3f:56:55:e3:22:98:9b:1c:
         03:b7:65:26:e4:70:62:ac:52:64:3a:2e:4c:cf:04:a5:74:b1:
         6f:cd:9f:97:d6:1d:1d:d8:8d:ee:00:c9:21:70:1d:d5:0e:b4:
         6a:ad:84:39:27:a3:d3:6d:56:e3:74:3a:94:fd:0c:93:8f:5a:
         ec:ed:66:18:be:90:75:ad:fa:54:25:da:cb:1a:62:21:fc:fe:
         76:6d:21:40:45:79:46:d3:b7:71:e0:02:b6:69:dd:db:b1:01:
         89:d6:ef:38:6c:2d:37:fa:04:ea:1d:54:ed:56:c2:1e:bd:07:
         3c:66:bf:9b:22:be:c1:61:c3:01:72:ca:14:28:2d:f8:d8:3b:
         7b:99:43:4d:e9:2f:cd:33:27:d6:e8:c3:50:97:78:9a:ef:05:
         3a:85:e5:b7:6e:a6:48:b9:58:59:4e:57:6f:8c:a4:8c:ad:a5:
         a3:d8:97:14:5f:70:05:50:ab:54:93:54:3f:b1:2e:3b:38:f8:
         bb:ed:8d:60:fd:7d:00:8e:09:01:e8:96:d5:b2:7e:7f:cf:aa:
         c6:20:c0:ba:9f:fa:3a:db:ec:43:f6:10:b8:80:48:20:49:16:
         84:76:79:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOWebYjTH7WG0rsTjGOb7jw1Fks0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTlaFw0yNTA4MjIwODAxMTlaMDMxMTAvBgNV
BAMTKDE3QkRFMERGNUVDMTk4MTNFNTdCNUUwMDQyOThEMUJBMkVBNjIzRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHbEnj7qmhB7V0OaDCZWH3tRxV
ApKtHMJCiAPBeqUWFDrJBvLSn8DqM8Mr2Gasv/csmI/5ifIwWJZSmMbgb8zVPfNx
KSU3VUFUUpQa8X3gR+0RJtNhGuOFlRF9xmS2MbHJgABssah5pw6dIHAhyyZRjUUi
mWr9LbGR50V0CND69QYn8CX2p0dPfy/AEaZ/GlHTcgZS0v1RrWXGKNjmgjTdxi+j
jIh+x0QpRl+qtEOp/vLHdV3Fhnuv7q9p3QBrdvSgdKdnaj01rgNXZqiKPEUOGors
SDieSnV/8Vjg2grEXYYmaGHb/xLLtGifLrNy+N8r0/R7geYk+T2e2mPbG/jtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUF73g317BmBPle14AQpjRui6mI/cwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwNTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAnMA0GCSqGSIb3DQEBCwUAA4IBAQAd7OB2uefIjtDNEL/dWLhnqnBogufMJ0hh
XinzP1ZV4yKYmxwDt2Um5HBirFJkOi5MzwSldLFvzZ+X1h0d2I3uAMkhcB3VDrRq
rYQ5J6PTbVbjdDqU/QyTj1rs7WYYvpB1rfpUJdrLGmIh/P52bSFARXlG07dx4AK2
ad3bsQGJ1u84bC03+gTqHVTtVsIevQc8Zr+bIr7BYcMBcsoUKC342Dt7mUNN6S/N
MyfW6MNQl3ia7wU6heW3bqZIuVhZTldvjKSMraWj2JcUX3AFUKtUk1Q/sS47OPi7
7Y1g/X0AjgkB6JbVsn5/z6rGIMC6n/o62+xD9hC4gEggSRaEdnmM
-----END CERTIFICATE-----