Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207609.roa
File:                     AS207609.roa (raw, json)
Hash identifier:          Kf4ro1SxpRSAb828mkS+GC766Iw6VwPhNOUSlIRk4uw=
Subject key identifier:   8A:F7:00:6E:19:7D:8C:EA:EC:38:8D:95:7B:15:81:9E:B5:0E:1E:87
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6199F05AC0C1A86E197D73FB200EB614E8508F98
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207609.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     207609
IP address blocks:        2a0f:85c1:c080::/41 maxlen: 48
                          2a0f:85c1:c0d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:99:f0:5a:c0:c1:a8:6e:19:7d:73:fb:20:0e:b6:14:e8:50:8f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=8AF7006E197D8CEAEC388D957B15819EB50E1E87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:2f:5a:ce:f6:df:93:7e:cf:99:e4:56:87:
                    27:03:25:05:ff:8a:91:d8:5d:e0:24:2c:a1:77:e1:
                    90:7f:13:b5:49:84:04:fd:ac:0f:30:a4:c6:0f:00:
                    97:b4:bb:d3:9a:2d:f0:f7:e5:21:99:50:42:23:e1:
                    1c:ba:6c:f0:b1:1b:0f:58:f7:65:be:ab:18:4c:23:
                    ca:16:6b:ed:b1:92:e7:c4:70:90:65:ac:ff:a1:4a:
                    78:26:86:62:ae:b4:d1:23:2c:d0:42:00:77:ad:7e:
                    94:be:5f:07:4c:53:27:df:01:ac:10:b8:f0:70:b6:
                    50:e3:27:e2:79:db:2f:27:47:ae:39:15:21:54:6b:
                    e7:9a:cc:a9:60:c8:5d:5b:3e:e6:c7:14:7b:b4:6e:
                    77:bb:b8:5f:b4:03:7b:7b:32:21:09:ad:48:cd:26:
                    0b:89:7c:d3:b6:37:14:7d:7c:10:51:70:74:4c:5f:
                    75:6d:79:71:69:c4:6a:93:8e:d8:d1:b5:f0:af:ca:
                    03:db:be:ac:ae:4b:57:e4:b9:63:8e:23:41:f8:dd:
                    aa:0a:8d:6e:d8:c2:c0:52:6d:f7:4e:2e:37:f6:2f:
                    18:c4:0e:67:f5:19:e9:e7:6a:d2:8b:92:64:79:44:
                    c1:cd:c4:78:db:6f:3b:74:22:f5:45:78:44:a1:ce:
                    85:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F7:00:6E:19:7D:8C:EA:EC:38:8D:95:7B:15:81:9E:B5:0E:1E:87
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c080::/41

    Signature Algorithm: sha256WithRSAEncryption
         30:0d:e0:bc:d6:9b:5c:b3:d8:38:b0:ee:36:69:57:66:62:d6:
         e6:3e:69:b9:7b:a7:bc:c4:67:f5:64:6a:82:e8:41:60:e5:81:
         ce:bb:a8:d5:3d:61:85:c8:7d:a1:d8:e0:4c:cc:62:10:b5:5c:
         fb:cb:ca:3d:29:3a:89:58:2c:6b:d1:69:8f:3f:e2:cf:fe:b7:
         4c:15:1f:fa:e3:18:b2:79:80:e0:1d:db:f1:c0:b8:01:58:56:
         f6:00:c6:c0:7c:27:09:f1:af:f3:3a:c1:0a:84:a0:0a:53:25:
         32:f4:77:6d:1c:00:e3:7f:6e:71:de:fd:cc:3a:fb:01:00:2c:
         d3:14:9c:44:5a:8b:2c:7b:bf:63:f2:91:e3:56:77:77:55:41:
         b5:e2:34:38:79:e3:2b:07:2f:27:be:c6:85:ea:cc:53:7c:51:
         f8:56:65:44:9a:07:85:05:9a:5f:1b:46:18:a0:3b:b3:16:02:
         7e:5c:f5:83:f0:ba:ac:f2:f5:19:ff:da:10:e4:80:9c:c9:c1:
         bf:e4:85:2a:69:2f:c7:5f:55:be:57:07:fe:85:00:28:96:da:
         42:3c:50:0e:2f:db:f1:b5:d7:5b:a0:1a:07:7a:55:f1:85:13:
         61:06:6c:9b:e8:5f:26:4f:68:89:61:5e:6d:cb:cf:34:9f:53:
         a8:99:cf:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYZnwWsDBqG4ZfXP7IA62FOhQj5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKDhBRjcwMDZFMTk3RDhDRUFFQzM4OEQ5NTdCMTU4MTlFQjUwRTFFODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT3C9azvbfk37PmeRWhycDJQX/
ipHYXeAkLKF34ZB/E7VJhAT9rA8wpMYPAJe0u9OaLfD35SGZUEIj4Ry6bPCxGw9Y
92W+qxhMI8oWa+2xkufEcJBlrP+hSngmhmKutNEjLNBCAHetfpS+XwdMUyffAawQ
uPBwtlDjJ+J52y8nR645FSFUa+eazKlgyF1bPubHFHu0bne7uF+0A3t7MiEJrUjN
JguJfNO2NxR9fBBRcHRMX3VteXFpxGqTjtjRtfCvygPbvqyuS1fkuWOOI0H43aoK
jW7YwsBSbfdOLjf2LxjEDmf1GennatKLkmR5RMHNxHjbbzt0IvVFeEShzoUpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUivcAbhl9jOrsOI2VexWBnrUOHocwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA3NjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcHKg+F
wcCAMA0GCSqGSIb3DQEBCwUAA4IBAQAwDeC81ptcs9g4sO42aVdmYtbmPmm5e6e8
xGf1ZGqC6EFg5YHOu6jVPWGFyH2h2OBMzGIQtVz7y8o9KTqJWCxr0WmPP+LP/rdM
FR/64xiyeYDgHdvxwLgBWFb2AMbAfCcJ8a/zOsEKhKAKUyUy9HdtHADjf25x3v3M
OvsBACzTFJxEWosse79j8pHjVnd3VUG14jQ4eeMrBy8nvsaF6sxTfFH4VmVEmgeF
BZpfG0YYoDuzFgJ+XPWD8Lqs8vUZ/9oQ5ICcycG/5IUqaS/HX1W+Vwf+hQAoltpC
PFAOL9vxtddboBoHelXxhRNhBmyb6F8mT2iJYV5ty880n1Oomc+c
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org