Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
File:                     AS21991.roa (raw, json)
Hash identifier:          b55iF3bEd7qTYkcpstFhsyM5zA2H02CtkdeP5k9yHZA=
Subject key identifier:   10:07:2C:E7:C7:47:D3:B8:0A:0A:A7:74:3B:9C:F1:74:15:BE:70:0A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       23ADA3055B753CED76A7C2DDCC9B70314B9C3F32
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
Signing time:             Fri 23 Aug 2024 08:01:20 +0000
ROA not before:           Fri 23 Aug 2024 07:56:20 +0000
ROA not after:            Fri 22 Aug 2025 08:01:20 +0000
asID:                     21991
IP address blocks:        2a0f:85c1::/48 maxlen: 48
                          2a0f:85c1:31::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ad:a3:05:5b:75:3c:ed:76:a7:c2:dd:cc:9b:70:31:4b:9c:3f:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:20 2024 GMT
            Not After : Aug 22 08:01:20 2025 GMT
        Subject: CN=10072CE7C747D3B80A0AA7743B9CF17415BE700A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d9:39:51:f1:90:39:8e:7c:a3:9b:b6:f6:54:
                    03:25:7e:bc:6b:a1:52:7f:bf:e1:ba:8d:76:88:01:
                    2b:d1:68:df:fd:8e:5e:6e:fc:b9:6f:ff:9f:36:61:
                    07:d0:83:cd:72:a2:6c:1d:95:02:11:1b:74:25:df:
                    2f:21:a0:1e:6b:10:e5:dd:4c:7d:db:c6:96:09:c2:
                    d9:21:c8:e7:d8:ef:7e:bd:f7:0f:87:5c:fd:46:e6:
                    5f:46:0b:a2:d5:ef:2f:45:87:86:03:9a:6e:0b:7a:
                    88:3f:12:07:b3:d7:df:9b:ea:a5:bc:da:67:c8:c3:
                    94:ad:cb:95:7f:1d:f3:ed:bb:ef:f8:99:c3:61:65:
                    a3:a9:e6:6b:ee:2d:12:18:10:3b:ce:d7:34:b8:67:
                    c2:ba:12:bf:3d:1a:c5:4b:1a:7c:54:fa:46:f2:48:
                    75:cf:b6:7a:a8:46:23:33:97:01:68:ae:75:dd:2d:
                    b1:5b:f2:51:b4:9e:2c:99:1a:15:80:03:7b:2f:73:
                    f6:18:54:ec:20:ee:8b:8e:48:15:5a:03:19:77:c5:
                    d4:77:e5:ec:d7:21:19:91:73:89:03:f0:46:67:38:
                    84:5b:29:7e:85:e9:17:31:48:a5:ea:69:6b:09:9a:
                    4f:31:53:6a:64:22:0c:12:3b:f5:57:b3:3d:fb:52:
                    ba:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:07:2C:E7:C7:47:D3:B8:0A:0A:A7:74:3B:9C:F1:74:15:BE:70:0A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1::/48
                  2a0f:85c1:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:d6:40:83:e0:40:41:4b:60:ea:95:95:33:36:39:02:90:d9:
         f0:70:93:0b:df:ec:da:c4:d6:ea:e3:06:b3:e5:9b:a9:b9:a8:
         6a:f3:c3:0a:21:b7:15:19:c2:a9:50:34:8a:90:c5:21:56:be:
         10:b9:9a:61:61:8b:e7:17:78:45:4c:58:e4:74:4b:46:78:0e:
         07:1f:95:ff:03:c3:74:6a:2a:06:90:b6:39:b0:e4:37:24:8e:
         27:ec:cc:0a:9f:d6:0a:95:d0:e2:66:16:16:ef:28:21:8f:2e:
         22:c8:9e:64:18:89:c9:6b:bc:20:f3:99:70:73:fd:36:e7:dd:
         4e:82:03:46:dc:21:4a:e8:de:b2:14:a5:6c:0e:48:08:f7:b6:
         c3:b6:f5:25:d7:ff:a0:2f:23:ee:b3:36:ba:f4:75:e2:78:7e:
         1f:38:76:c6:4a:f8:29:f0:a3:04:3c:3c:1e:10:33:e9:ba:1b:
         61:1d:3e:11:2f:aa:d0:b7:2e:98:8d:12:8f:dd:4d:8b:d4:ce:
         22:0c:ee:c3:5f:b3:e1:12:43:f1:e5:d4:ec:d5:5b:70:6c:95:
         08:88:d3:58:13:c4:78:67:9e:8a:8a:42:40:31:56:73:b9:e1:
         15:3b:fc:53:ae:62:13:58:a6:18:be:05:8a:ff:62:ae:7f:34:
         8b:c5:15:05
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUI62jBVt1PO12p8LdzJtwMUucPzIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjBaFw0yNTA4MjIwODAxMjBaMDMxMTAvBgNV
BAMTKDEwMDcyQ0U3Qzc0N0QzQjgwQTBBQTc3NDNCOUNGMTc0MTVCRTcwMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+2TlR8ZA5jnyjm7b2VAMlfrxr
oVJ/v+G6jXaIASvRaN/9jl5u/Llv/582YQfQg81yomwdlQIRG3Ql3y8hoB5rEOXd
TH3bxpYJwtkhyOfY73699w+HXP1G5l9GC6LV7y9Fh4YDmm4Leog/Egez19+b6qW8
2mfIw5Sty5V/HfPtu+/4mcNhZaOp5mvuLRIYEDvO1zS4Z8K6Er89GsVLGnxU+kby
SHXPtnqoRiMzlwFornXdLbFb8lG0niyZGhWAA3svc/YYVOwg7ouOSBVaAxl3xdR3
5ezXIRmRc4kD8EZnOIRbKX6F6RcxSKXqaWsJmk8xU2pkIgwSO/VXsz37UrqLAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUEAcs58dH07gKCqd0O5zxdBW+cAowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
AAADBwAqD4XBADEwDQYJKoZIhvcNAQELBQADggEBACnWQIPgQEFLYOqVlTM2OQKQ
2fBwkwvf7NrE1urjBrPlm6m5qGrzwwohtxUZwqlQNIqQxSFWvhC5mmFhi+cXeEVM
WOR0S0Z4Dgcflf8Dw3RqKgaQtjmw5DckjifszAqf1gqV0OJmFhbvKCGPLiLInmQY
iclrvCDzmXBz/Tbn3U6CA0bcIUro3rIUpWwOSAj3tsO29SXX/6AvI+6zNrr0deJ4
fh84dsZK+CnwowQ8PB4QM+m6G2EdPhEvqtC3LpiNEo/dTYvUziIM7sNfs+ESQ/Hl
1OzVW3BslQiI01gTxHhnnoqKQkAxVnO54RU7/FOuYhNYphi+BYr/Yq5/NIvFFQU=
-----END CERTIFICATE-----