Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/AS203635.roa
File:                     AS203635.roa (raw, json)
Hash identifier:          tODPhvFYIT4JOTH1ETaceu99dEyik6itYNRIelW4zrI=
Subject key identifier:   AA:A8:59:DE:9A:06:8F:47:26:D9:CD:12:6C:3F:47:3F:AA:BF:5A:E9
Certificate issuer:       /CN=41F657CF3564F233B977F40ACA5E4BD10E1E2F8E
Certificate serial:       3914655B7D2CEDC3831EC8DA55F6E2BC997E975C
Authority key identifier: 41:F6:57:CF:35:64:F2:33:B9:77:F4:0A:CA:5E:4B:D1:0E:1E:2F:8E
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/AS203635.roa
Signing time:             Fri 15 Mar 2024 00:59:57 +0000
ROA not before:           Fri 15 Mar 2024 00:54:57 +0000
ROA not after:            Fri 14 Mar 2025 00:59:57 +0000
asID:                     203635
IP address blocks:        2a07:54c2:b00b::/48 maxlen: 48
                          2a07:54c4:3::/48 maxlen: 48
                          2a07:54c5:1300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:14:65:5b:7d:2c:ed:c3:83:1e:c8:da:55:f6:e2:bc:99:7e:97:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41F657CF3564F233B977F40ACA5E4BD10E1E2F8E
        Validity
            Not Before: Mar 15 00:54:57 2024 GMT
            Not After : Mar 14 00:59:57 2025 GMT
        Subject: CN=AAA859DE9A068F4726D9CD126C3F473FAABF5AE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c4:63:cf:75:e5:a6:1b:ed:13:70:04:f4:55:
                    c6:b5:2e:af:58:06:fc:50:32:f7:3c:ff:0f:6d:3b:
                    24:a0:b6:79:f8:ab:50:18:a6:53:5c:83:72:9a:24:
                    98:14:ca:a7:f5:a0:ef:26:d2:73:34:ae:49:63:5a:
                    c2:78:4c:fe:79:c3:42:05:83:3f:29:e2:17:39:bf:
                    7c:78:1d:e2:ad:46:1c:83:ad:51:b2:7f:08:6d:41:
                    4e:7d:74:ba:e8:3d:98:53:3a:46:f8:f3:f7:83:9a:
                    39:49:4d:e8:34:75:1d:90:81:e9:23:73:86:55:16:
                    e6:19:c0:cc:1c:d3:0d:f2:a0:0f:bd:5a:e9:bd:01:
                    f0:f9:96:ce:f3:22:3c:17:86:e4:2c:f2:d8:aa:b6:
                    a4:9b:b7:10:5b:dd:6f:e1:eb:0d:7a:c3:56:a4:07:
                    ac:5b:56:15:7d:67:37:cc:88:d0:67:75:9d:37:a0:
                    b2:1e:54:34:35:e3:4b:27:df:57:a7:4c:99:df:40:
                    36:9e:5f:4d:14:c2:61:97:ea:be:30:6e:09:43:3b:
                    f7:27:5d:83:ec:94:79:c5:9e:31:a4:4e:81:35:2a:
                    07:b1:31:7c:16:27:ec:09:a0:58:50:1e:c8:d5:bb:
                    62:5e:a6:57:68:c5:e2:35:ad:c8:d4:60:98:27:20:
                    cb:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A8:59:DE:9A:06:8F:47:26:D9:CD:12:6C:3F:47:3F:AA:BF:5A:E9
            X509v3 Authority Key Identifier:
                keyid:41:F6:57:CF:35:64:F2:33:B9:77:F4:0A:CA:5E:4B:D1:0E:1E:2F:8E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/41F657CF3564F233B977F40ACA5E4BD10E1E2F8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/AS203635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:54c2:b00b::/48
                  2a07:54c4:3::/48
                  2a07:54c5:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         b5:8d:2a:93:fb:31:37:8c:5b:71:21:b5:55:24:15:bb:ae:82:
         20:84:37:05:46:e4:3c:0e:ba:5d:eb:91:0e:d9:35:26:da:a5:
         a2:81:3f:ed:96:fb:bd:f3:7d:80:83:fe:8f:a3:b7:60:d6:2e:
         8d:89:83:40:db:1b:26:1c:10:9f:1c:fe:7b:91:0b:c7:40:1f:
         58:4e:4f:01:70:36:a8:29:e3:f8:7a:d1:03:fa:c9:06:3a:a2:
         61:5a:b5:c2:57:ec:e0:c2:c5:e8:1f:61:b8:08:b9:aa:c3:00:
         6d:0b:3e:cb:36:04:53:fa:13:dc:b8:7a:ff:f5:ab:bb:91:9f:
         c3:f9:05:ad:da:80:31:51:d9:56:36:fe:d3:3e:a1:6f:62:36:
         5e:bd:0f:7f:78:a9:0c:ff:8a:bf:08:a6:11:b0:74:08:05:29:
         dd:f0:f5:06:bc:26:95:cb:3a:a0:d0:d6:6b:b6:74:0b:05:f9:
         31:02:d2:38:c1:fa:5c:6c:c9:82:1b:fd:92:d2:20:92:6e:bb:
         f2:61:ee:09:fc:92:40:f9:20:5f:43:33:4f:13:a0:35:31:cd:
         c3:6e:60:a2:52:c6:f0:98:3c:c5:3c:87:79:95:68:87:6b:aa:
         ad:50:a9:0b:53:cf:42:22:a5:00:d2:2f:50:d8:b8:3b:2a:c8:
         a1:b5:05:d1
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgIUORRlW30s7cODHsjaVfbivJl+l1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFGNjU3Q0YzNTY0RjIzM0I5NzdGNDBBQ0E1RTRCRDEw
RTFFMkY4RTAeFw0yNDAzMTUwMDU0NTdaFw0yNTAzMTQwMDU5NTdaMDMxMTAvBgNV
BAMTKEFBQTg1OURFOUEwNjhGNDcyNkQ5Q0QxMjZDM0Y0NzNGQUFCRjVBRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHxGPPdeWmG+0TcAT0Vca1Lq9Y
BvxQMvc8/w9tOySgtnn4q1AYplNcg3KaJJgUyqf1oO8m0nM0rkljWsJ4TP55w0IF
gz8p4hc5v3x4HeKtRhyDrVGyfwhtQU59dLroPZhTOkb48/eDmjlJTeg0dR2Qgekj
c4ZVFuYZwMwc0w3yoA+9Wum9AfD5ls7zIjwXhuQs8tiqtqSbtxBb3W/h6w16w1ak
B6xbVhV9ZzfMiNBndZ03oLIeVDQ140sn31enTJnfQDaeX00UwmGX6r4wbglDO/cn
XYPslHnFnjGkToE1KgexMXwWJ+wJoFhQHsjVu2JepldoxeI1rcjUYJgnIMuXAgMB
AAGjggJOMIICSjAdBgNVHQ4EFgQUqqhZ3poGj0cm2c0SbD9HP6q/WukwHwYDVR0j
BBgwFoAUQfZXzzVk8jO5d/QKyl5L0Q4eL44wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWEwMDRiYTEtNDE5Yi00ZGI1LWJiZDMtNWNjYTYzM2Nh
ZTNmLzAvNDFGNjU3Q0YzNTY0RjIzM0I5NzdGNDBBQ0E1RTRCRDEwRTFFMkY4RS5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvNDFGNjU3Q0YzNTY0RjIzM0I5NzdGNDBBQ0E1RTRCRDEwRTFF
MkY4RS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FhMDA0YmExLTQxOWIt
NGRiNS1iYmQzLTVjY2E2MzNjYWUzZi8wL0FTMjAzNjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwcAKgdU
wrALAwcAKgdUxAADAwYAKgdUxRMwDQYJKoZIhvcNAQELBQADggEBALWNKpP7MTeM
W3EhtVUkFbuugiCENwVG5DwOul3rkQ7ZNSbapaKBP+2W+73zfYCD/o+jt2DWLo2J
g0DbGyYcEJ8c/nuRC8dAH1hOTwFwNqgp4/h60QP6yQY6omFatcJX7ODCxegfYbgI
uarDAG0LPss2BFP6E9y4ev/1q7uRn8P5Ba3agDFR2VY2/tM+oW9iNl69D394qQz/
ir8IphGwdAgFKd3w9Qa8JpXLOqDQ1mu2dAsF+TEC0jjB+lxsyYIb/ZLSIJJuu/Jh
7gn8kkD5IF9DM08ToDUxzcNuYKJSxvCYPMU8h3mVaIdrqq1QqQtTz0IipQDSL1DY
uDsqyKG1BdE=
-----END CERTIFICATE-----
Generated at Mon May 27 07:11:11 2024 by rpki-client on console-ams.rpki-client.org