Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS50338.roa
File:                     AS50338.roa (raw, json)
Hash identifier:          upbWOnXE1w8nAVpXc8fCoRqkLiTL198FktCTF+Zdh94=
Subject key identifier:   4C:62:FE:BE:35:06:EA:37:C5:D9:53:3F:AF:1D:91:58:21:BA:47:99
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       07F26CE20D7AFCBAC1D76FF28726FF02326AF655
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS50338.roa
Signing time:             Fri 23 Aug 2024 08:01:25 +0000
ROA not before:           Fri 23 Aug 2024 07:56:25 +0000
ROA not after:            Fri 22 Aug 2025 08:01:25 +0000
asID:                     50338
IP address blocks:        2a0f:85c1:299::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f2:6c:e2:0d:7a:fc:ba:c1:d7:6f:f2:87:26:ff:02:32:6a:f6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:25 2024 GMT
            Not After : Aug 22 08:01:25 2025 GMT
        Subject: CN=4C62FEBE3506EA37C5D9533FAF1D915821BA4799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a4:0b:c1:c5:e4:86:61:1b:c6:bf:b3:dc:05:
                    04:1a:44:3c:da:87:7a:e7:f9:27:57:cc:8d:96:55:
                    b3:6a:97:f7:10:57:1c:32:b1:2e:a3:ea:bd:a9:12:
                    45:a0:02:32:56:ec:3a:2f:db:4a:3b:3d:18:17:9b:
                    7f:b1:11:35:0b:07:7c:ef:23:ea:5c:d0:2e:b5:c2:
                    f0:20:92:8f:ad:05:e7:29:de:a7:f1:b0:d9:be:89:
                    7c:cf:c8:33:e8:a0:d8:7c:74:e2:59:59:0e:cd:ef:
                    6a:74:ea:1a:f6:ff:2a:34:fa:ea:2a:09:98:96:bb:
                    83:73:e3:0a:0d:af:94:1b:87:11:d9:7f:3c:2f:87:
                    be:4a:89:f5:95:0a:84:d3:98:5b:e4:fe:03:74:f8:
                    c4:2d:92:3c:73:2d:f4:b6:65:11:be:28:08:6f:bf:
                    b3:ca:0b:ea:6d:ab:10:1a:34:94:15:f5:81:35:37:
                    d5:a0:d5:05:1a:62:67:45:2d:70:a6:46:19:74:80:
                    67:76:2c:67:ec:84:73:c4:b6:6c:32:00:2c:05:4f:
                    1a:97:b6:06:da:37:4b:e0:e6:db:ee:1d:44:8a:11:
                    f8:fc:f8:0e:a5:65:7d:9c:c5:eb:9d:dc:83:1e:d7:
                    a6:17:69:c8:db:14:39:46:28:6d:07:15:d5:50:d9:
                    90:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:62:FE:BE:35:06:EA:37:C5:D9:53:3F:AF:1D:91:58:21:BA:47:99
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS50338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:299::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:2c:c2:08:71:2c:11:41:86:79:e0:c4:cd:23:91:c7:f6:1d:
         3a:e1:d0:c2:2a:95:00:da:72:30:c3:3d:94:42:e5:3d:3a:8f:
         a8:cf:d1:0b:9f:09:54:ed:01:4c:0f:3a:a9:7b:30:68:55:65:
         ae:33:8f:82:aa:10:82:71:a8:f3:70:c7:d8:47:ea:2d:84:67:
         a1:e3:2e:7d:5e:ac:cd:aa:d8:36:92:5e:71:cc:a9:a1:e1:bc:
         1b:e2:aa:62:e8:c9:7d:61:a0:03:ad:b9:9f:b3:2c:46:d8:1d:
         7a:c4:29:96:10:ef:e6:60:76:ed:c2:26:4d:9f:88:92:84:eb:
         04:e1:04:b6:5a:fd:09:b7:5a:4b:02:87:40:34:f6:0e:db:9a:
         97:8f:19:67:32:ce:c2:d1:c2:6f:b2:15:4c:62:e1:de:f0:23:
         ff:89:79:15:4f:2b:9b:bf:9e:25:97:0c:73:e7:e7:c4:d7:d1:
         ad:51:7a:94:67:a7:5c:4f:80:e0:3e:71:90:b3:74:e8:cf:74:
         6b:09:14:18:3b:f2:95:84:4e:cd:60:4a:c2:57:6b:8a:0d:0a:
         8d:0f:f8:4a:e7:5d:0c:44:56:bf:95:4c:c9:97:68:3e:4f:5e:
         4b:30:0e:97:a3:ce:24:53:19:f8:2b:c4:e7:14:3a:91:36:71:
         c7:eb:e5:ec
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUB/Js4g16/LrB12/yhyb/AjJq9lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjVaFw0yNTA4MjIwODAxMjVaMDMxMTAvBgNV
BAMTKDRDNjJGRUJFMzUwNkVBMzdDNUQ5NTMzRkFGMUQ5MTU4MjFCQTQ3OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJpAvBxeSGYRvGv7PcBQQaRDza
h3rn+SdXzI2WVbNql/cQVxwysS6j6r2pEkWgAjJW7Dov20o7PRgXm3+xETULB3zv
I+pc0C61wvAgko+tBecp3qfxsNm+iXzPyDPooNh8dOJZWQ7N72p06hr2/yo0+uoq
CZiWu4Nz4woNr5QbhxHZfzwvh75KifWVCoTTmFvk/gN0+MQtkjxzLfS2ZRG+KAhv
v7PKC+ptqxAaNJQV9YE1N9Wg1QUaYmdFLXCmRhl0gGd2LGfshHPEtmwyACwFTxqX
tgbaN0vg5tvuHUSKEfj8+A6lZX2cxeud3IMe16YXacjbFDlGKG0HFdVQ2ZD/AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUTGL+vjUG6jfF2VM/rx2RWCG6R5kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNTAzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
ApkwDQYJKoZIhvcNAQELBQADggEBAGoswghxLBFBhnngxM0jkcf2HTrh0MIqlQDa
cjDDPZRC5T06j6jP0QufCVTtAUwPOql7MGhVZa4zj4KqEIJxqPNwx9hH6i2EZ6Hj
Ln1erM2q2DaSXnHMqaHhvBviqmLoyX1hoAOtuZ+zLEbYHXrEKZYQ7+Zgdu3CJk2f
iJKE6wThBLZa/Qm3WksCh0A09g7bmpePGWcyzsLRwm+yFUxi4d7wI/+JeRVPK5u/
niWXDHPn58TX0a1RepRnp1xPgOA+cZCzdOjPdGsJFBg78pWETs1gSsJXa4oNCo0P
+ErnXQxEVr+VTMmXaD5PXkswDpejziRTGfgrxOcUOpE2ccfr5ew=
-----END CERTIFICATE-----