Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa
File:                     AS22439.roa (raw, json)
Hash identifier:          MaTS1/7u321AlQgphR21KZlapUFnfnLWvl1AmO9A4sg=
Subject key identifier:   57:14:C8:DE:56:A0:B5:3A:97:8D:47:57:15:C2:9B:B8:D9:41:99:2E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       42036C076D6A53467AEB05DD35F64C424ECB8EBB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa
Signing time:             Fri 23 Aug 2024 08:01:22 +0000
ROA not before:           Fri 23 Aug 2024 07:56:22 +0000
ROA not after:            Fri 22 Aug 2025 08:01:22 +0000
asID:                     22439
IP address blocks:        2a0f:85c1:270::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:03:6c:07:6d:6a:53:46:7a:eb:05:dd:35:f6:4c:42:4e:cb:8e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:22 2024 GMT
            Not After : Aug 22 08:01:22 2025 GMT
        Subject: CN=5714C8DE56A0B53A978D475715C29BB8D941992E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1c:30:df:88:d0:17:61:73:34:41:e2:ec:2c:
                    ab:68:68:6e:6f:74:a2:59:d5:ab:c6:c4:18:5e:47:
                    02:56:c6:d7:ab:54:76:09:e2:19:50:76:50:06:48:
                    db:1b:bd:4d:1e:8b:a3:4e:a2:53:61:00:14:00:85:
                    05:2e:35:b8:f7:5d:29:20:f0:d1:9a:17:9e:73:4e:
                    eb:28:84:37:55:6f:61:af:94:fa:2c:ae:52:0a:89:
                    b9:e0:7c:48:ac:28:c7:81:73:fd:b9:e2:4a:5c:40:
                    57:44:49:2d:7c:40:1b:44:77:18:67:26:ad:20:7a:
                    e7:48:e7:63:d7:ed:1c:02:01:80:66:e5:91:0b:5c:
                    75:16:1a:72:32:b2:65:8c:af:1e:b7:dc:3f:16:ea:
                    bc:b1:cb:1f:5a:9b:9f:08:e0:fb:9d:96:6f:37:08:
                    ef:7b:c2:b8:fa:ca:01:ba:bd:0f:7d:38:78:b7:22:
                    48:39:2b:d7:0b:f8:ab:51:dc:4c:4b:bd:1a:91:93:
                    41:cf:ed:f2:bb:84:6d:b2:5d:72:e2:f6:ff:f0:b1:
                    36:3e:a0:0e:0c:2a:e3:78:e5:cc:48:f5:d7:c1:f5:
                    8c:09:e2:8d:57:ea:c1:4c:f7:08:3f:46:29:4e:b7:
                    84:a0:78:7b:89:59:99:4e:9f:85:bd:24:d3:40:fb:
                    86:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:14:C8:DE:56:A0:B5:3A:97:8D:47:57:15:C2:9B:B8:D9:41:99:2E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         ee:82:eb:49:df:a0:e9:a8:39:09:2e:84:dd:36:1c:01:89:d1:
         84:07:98:ed:06:ba:d8:6d:e6:af:35:ff:2f:b0:9a:4c:9c:31:
         24:a3:7f:aa:7a:df:a0:62:dc:1b:47:a8:4c:f6:d1:77:a3:eb:
         9c:70:3b:1f:15:de:71:6f:4c:ee:68:07:2f:08:a3:3c:53:43:
         ec:a6:a2:50:03:2d:5b:25:aa:b2:6f:9b:a5:b9:c1:e3:bd:47:
         97:b5:81:a3:d1:5d:5c:03:2b:51:a4:ad:c2:83:5a:6c:1e:45:
         07:a6:02:26:e5:49:1e:46:de:79:a7:9a:60:f9:cf:c6:e6:c2:
         fe:5d:95:bf:fa:84:45:d2:8a:d6:b0:76:13:3e:e9:12:60:49:
         ff:01:50:4d:fd:df:98:d5:be:ca:f3:e4:96:7e:97:93:12:77:
         a6:da:65:8d:c9:8c:41:cd:25:bb:c0:df:67:46:b0:d7:3e:9b:
         11:ed:0b:cf:78:7a:b4:32:eb:3b:12:2c:51:2f:df:44:9a:ef:
         ba:20:14:b0:01:32:bc:92:d9:15:24:cf:48:b8:a2:cb:b6:37:
         d3:61:fe:cc:db:d8:e5:24:a5:34:c5:0f:a5:20:f5:4b:b5:5a:
         d0:0e:dd:c8:e6:e8:c9:3f:1e:8f:9d:04:52:bf:d9:1b:25:22:
         ff:57:01:af
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQgNsB21qU0Z66wXdNfZMQk7LjrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjJaFw0yNTA4MjIwODAxMjJaMDMxMTAvBgNV
BAMTKDU3MTRDOERFNTZBMEI1M0E5NzhENDc1NzE1QzI5QkI4RDk0MTk5MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmHDDfiNAXYXM0QeLsLKtoaG5v
dKJZ1avGxBheRwJWxterVHYJ4hlQdlAGSNsbvU0ei6NOolNhABQAhQUuNbj3XSkg
8NGaF55zTusohDdVb2GvlPosrlIKibngfEisKMeBc/254kpcQFdESS18QBtEdxhn
Jq0geudI52PX7RwCAYBm5ZELXHUWGnIysmWMrx633D8W6ryxyx9am58I4Pudlm83
CO97wrj6ygG6vQ99OHi3Ikg5K9cL+KtR3ExLvRqRk0HP7fK7hG2yXXLi9v/wsTY+
oA4MKuN45cxI9dfB9YwJ4o1X6sFM9wg/RilOt4SgeHuJWZlOn4W9JNNA+4aPAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUVxTI3lagtTqXjUdXFcKbuNlBmS4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjI0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
AnAwDQYJKoZIhvcNAQELBQADggEBAO6C60nfoOmoOQkuhN02HAGJ0YQHmO0Gutht
5q81/y+wmkycMSSjf6p636Bi3BtHqEz20Xej65xwOx8V3nFvTO5oBy8IozxTQ+ym
olADLVslqrJvm6W5weO9R5e1gaPRXVwDK1GkrcKDWmweRQemAiblSR5G3nmnmmD5
z8bmwv5dlb/6hEXSitawdhM+6RJgSf8BUE3935jVvsrz5JZ+l5MSd6baZY3JjEHN
JbvA32dGsNc+mxHtC894erQy6zsSLFEv30Sa77ogFLABMryS2RUkz0i4osu2N9Nh
/szb2OUkpTTFD6Ug9Uu1WtAO3cjm6Mk/Ho+dBFK/2RslIv9XAa8=
-----END CERTIFICATE-----