Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396982.roa
File:                     AS396982.roa (raw, json)
Hash identifier:          NtpCkr6mAzLGLyBMM91t9svBRiOT9x7FgupN1y4GbJk=
Subject key identifier:   E6:80:D4:10:B4:83:58:19:92:B3:BB:9C:8E:10:8D:18:C0:F0:DB:0B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1FEAF9BAF52539CE4ECD2A7D150E6AB8188ABC4C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396982.roa
Signing time:             Fri 23 Aug 2024 08:01:14 +0000
ROA not before:           Fri 23 Aug 2024 07:56:14 +0000
ROA not after:            Fri 22 Aug 2025 08:01:14 +0000
asID:                     396982
IP address blocks:        2a0f:85c1:3c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:ea:f9:ba:f5:25:39:ce:4e:cd:2a:7d:15:0e:6a:b8:18:8a:bc:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:14 2024 GMT
            Not After : Aug 22 08:01:14 2025 GMT
        Subject: CN=E680D410B483581992B3BB9C8E108D18C0F0DB0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:5c:82:af:8b:a1:ff:fc:76:17:82:83:89:bc:
                    c0:24:32:75:f8:9b:ee:29:ef:97:5f:69:2d:c8:36:
                    b3:6a:a7:6e:a1:6c:84:39:52:36:23:9c:ca:c5:01:
                    d7:3b:47:51:bb:92:c6:7e:1a:b1:85:7d:39:26:f3:
                    8d:f7:f3:ab:90:57:e9:af:62:4a:27:91:cb:d2:50:
                    cc:05:67:f7:e4:3a:9a:e0:8f:32:cc:8c:ab:dd:73:
                    d0:48:f7:ac:92:40:fa:63:cd:47:ee:9e:ad:47:44:
                    67:28:b9:14:6e:14:1d:fa:43:21:27:cc:29:f7:90:
                    87:ad:2b:e1:dd:62:2f:fc:ce:92:bd:be:be:78:13:
                    04:16:b5:c0:f6:ec:f3:d1:cc:a2:09:d8:87:c4:68:
                    45:ec:02:36:73:33:0d:9a:17:de:61:28:57:d2:a3:
                    d8:3d:cc:60:5f:8d:b2:9a:26:7b:48:41:0b:e9:8f:
                    b5:25:c1:88:24:35:3a:8d:19:4f:f6:46:35:ec:4b:
                    c9:23:96:0c:d0:50:8b:e5:e2:76:06:8e:1a:78:5f:
                    b0:a8:d1:f4:c3:1e:e1:27:cb:d1:62:86:57:9f:96:
                    28:93:40:9d:f3:ea:63:13:60:9c:26:6e:3c:ac:7d:
                    b4:f8:cd:25:97:58:d9:bf:c0:20:31:cc:02:07:a5:
                    e7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:80:D4:10:B4:83:58:19:92:B3:BB:9C:8E:10:8D:18:C0:F0:DB:0B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         dc:79:6e:d0:ff:a1:d2:db:54:fd:de:59:05:73:1f:1b:85:2f:
         0d:90:41:3d:57:44:3c:c1:73:90:d6:69:8a:47:16:9f:20:13:
         33:69:e8:e5:b6:5d:f7:27:42:ab:05:9d:67:72:9e:6a:e4:3c:
         0e:0a:20:17:32:ee:3e:63:fd:44:39:dc:11:67:60:7b:56:ca:
         34:1d:d1:26:c5:d1:38:89:fb:33:f6:25:ec:83:8b:49:c7:60:
         9f:cd:13:ca:61:3e:9b:ab:8f:83:6f:f6:1b:10:c8:30:61:23:
         81:5f:61:83:65:e2:82:f2:bc:23:c8:a3:90:19:c8:01:4c:64:
         eb:94:32:48:36:56:a4:2a:88:f9:a6:7a:8c:e5:69:13:55:3f:
         94:d5:45:f9:72:0c:c9:f7:73:0f:37:65:20:b6:68:88:c7:43:
         97:08:0e:c3:42:b8:ea:4c:0b:15:93:81:2c:33:f9:bd:aa:4d:
         8d:5c:30:c8:39:71:fd:1f:9e:65:19:80:4b:f2:8b:cc:2c:23:
         31:67:ec:93:c2:14:be:dc:51:8f:5f:92:86:1d:63:18:4f:ad:
         62:7f:c5:7e:1e:93:99:17:c1:24:4b:eb:47:4b:21:35:05:52:
         b6:7f:0d:de:bd:47:19:8b:2c:67:42:7f:05:14:5c:89:fa:7b:
         cf:d3:e0:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH+r5uvUlOc5OzSp9FQ5quBiKvEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTRaFw0yNTA4MjIwODAxMTRaMDMxMTAvBgNV
BAMTKEU2ODBENDEwQjQ4MzU4MTk5MkIzQkI5QzhFMTA4RDE4QzBGMERCMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzXIKvi6H//HYXgoOJvMAkMnX4
m+4p75dfaS3INrNqp26hbIQ5UjYjnMrFAdc7R1G7ksZ+GrGFfTkm843386uQV+mv
YkonkcvSUMwFZ/fkOprgjzLMjKvdc9BI96ySQPpjzUfunq1HRGcouRRuFB36QyEn
zCn3kIetK+HdYi/8zpK9vr54EwQWtcD27PPRzKIJ2IfEaEXsAjZzMw2aF95hKFfS
o9g9zGBfjbKaJntIQQvpj7UlwYgkNTqNGU/2RjXsS8kjlgzQUIvl4nYGjhp4X7Co
0fTDHuEny9FihlefliiTQJ3z6mMTYJwmbjysfbT4zSWXWNm/wCAxzAIHpeeBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU5oDUELSDWBmSs7ucjhCNGMDw2wswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzk2OTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPIMA0GCSqGSIb3DQEBCwUAA4IBAQDceW7Q/6HS21T93lkFcx8bhS8NkEE9V0Q8
wXOQ1mmKRxafIBMzaejltl33J0KrBZ1ncp5q5DwOCiAXMu4+Y/1EOdwRZ2B7Vso0
HdEmxdE4ifsz9iXsg4tJx2CfzRPKYT6bq4+Db/YbEMgwYSOBX2GDZeKC8rwjyKOQ
GcgBTGTrlDJINlakKoj5pnqM5WkTVT+U1UX5cgzJ93MPN2UgtmiIx0OXCA7DQrjq
TAsVk4EsM/m9qk2NXDDIOXH9H55lGYBL8ovMLCMxZ+yTwhS+3FGPX5KGHWMYT61i
f8V+HpOZF8EkS+tHSyE1BVK2fw3evUcZiyxnQn8FFFyJ+nvP0+A2
-----END CERTIFICATE-----