Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209267.roa
File:                     AS209267.roa (raw, json)
Hash identifier:          ZLz5MBEefYencV0Bwh2qbr/tD3DNW2wUqF1MJK6ITVc=
Subject key identifier:   A5:EA:F3:1C:48:5E:11:A7:13:16:39:0A:47:1A:F4:80:FD:DA:CD:AC
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       4840B97E47FF6A9778F071771560B25B1C857C74
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209267.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     209267
IP address blocks:        2a0f:85c1:70::/44 maxlen: 44
                          2a0f:85c1:70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:40:b9:7e:47:ff:6a:97:78:f0:71:77:15:60:b2:5b:1c:85:7c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=A5EAF31C485E11A71316390A471AF480FDDACDAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9d:cd:bf:ca:31:35:f9:70:3d:99:61:24:7f:
                    ba:f7:5d:f8:36:9b:9d:df:52:75:3c:95:be:6b:51:
                    e6:d6:a8:6b:da:e4:c7:91:88:5b:03:0a:74:db:d2:
                    a8:64:47:f9:cb:f5:b7:2d:c6:cc:b8:6d:00:74:69:
                    cc:d9:35:c0:72:d8:4e:5b:90:55:3f:5b:65:40:c7:
                    45:dc:9a:9a:f9:99:ae:03:f8:1d:ec:97:fa:4c:25:
                    72:14:e4:1d:b3:cb:34:7c:fc:33:06:06:b6:0f:86:
                    58:5a:64:4b:6d:2e:49:cd:aa:86:7a:42:1f:ef:e3:
                    ef:4f:9a:79:5f:d2:ed:d7:01:07:6e:7d:53:05:b5:
                    ad:54:18:84:79:dc:2e:91:dc:6b:e6:a5:95:5c:35:
                    dc:e8:69:06:1f:c8:83:5c:38:a0:43:12:c2:92:4c:
                    c1:08:88:19:93:74:41:00:90:3b:9c:2c:93:c2:66:
                    d5:06:a6:4f:aa:b8:3c:3d:6e:7a:7d:43:7b:2a:c3:
                    5f:46:d5:b1:a1:c9:94:8d:5d:b1:2c:19:27:3f:62:
                    ac:1f:45:26:fd:5a:0d:72:94:0b:11:ed:36:8d:8a:
                    31:3e:a9:a0:ca:9e:62:87:75:e0:ce:de:f2:c4:2a:
                    ba:fe:6d:6e:0a:80:bd:20:e7:df:e4:f5:7d:9a:81:
                    7d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:EA:F3:1C:48:5E:11:A7:13:16:39:0A:47:1A:F4:80:FD:DA:CD:AC
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS209267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:91:93:71:84:62:40:38:90:78:54:7f:9d:8f:ad:fb:9f:2a:
         b3:8a:7f:e3:df:d1:9a:bb:3f:2c:88:54:e7:5b:5a:ad:17:6d:
         0e:4e:f2:36:73:ee:f6:ed:c9:01:1a:99:69:5c:96:fd:0c:68:
         53:94:9f:61:c5:83:67:ec:b5:3d:2a:50:ca:59:a1:ea:64:80:
         a7:b9:ec:89:b8:12:4d:ee:8d:c8:06:ae:48:5d:5b:3a:fc:d7:
         36:23:31:70:16:28:99:f1:10:cb:2d:d6:bf:b9:82:1d:6e:a7:
         55:78:61:cf:98:e9:cb:74:33:6f:bd:ec:cd:82:42:5d:77:7c:
         11:61:15:45:67:d4:2a:e8:b0:c7:05:e7:bb:ec:84:0d:f2:f5:
         69:2d:98:63:e7:da:47:2e:89:7e:98:fe:d9:f6:d4:a1:5c:b2:
         ed:7e:35:0b:ed:7c:f6:cf:ef:a2:c5:26:8c:02:6e:b7:fd:d6:
         75:6c:ff:db:4a:b5:46:6e:d8:15:51:6e:84:c6:d8:52:06:00:
         e9:a8:de:7f:d7:78:8a:45:d8:fd:7a:e2:43:d4:ac:4d:5b:1b:
         d0:3a:48:a9:66:cb:9f:64:d1:e5:4d:98:8f:33:08:4a:c7:6f:
         7d:4f:a5:ee:11:0f:e4:ba:b4:f3:eb:e2:bf:34:0b:2d:0f:bd:
         86:38:8b:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSEC5fkf/apd48HF3FWCyWxyFfHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKEE1RUFGMzFDNDg1RTExQTcxMzE2MzkwQTQ3MUFGNDgwRkREQUNEQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwnc2/yjE1+XA9mWEkf7r3Xfg2
m53fUnU8lb5rUebWqGva5MeRiFsDCnTb0qhkR/nL9bctxsy4bQB0aczZNcBy2E5b
kFU/W2VAx0Xcmpr5ma4D+B3sl/pMJXIU5B2zyzR8/DMGBrYPhlhaZEttLknNqoZ6
Qh/v4+9Pmnlf0u3XAQdufVMFta1UGIR53C6R3GvmpZVcNdzoaQYfyINcOKBDEsKS
TMEIiBmTdEEAkDucLJPCZtUGpk+quDw9bnp9Q3sqw19G1bGhyZSNXbEsGSc/Yqwf
RSb9Wg1ylAsR7TaNijE+qaDKnmKHdeDO3vLEKrr+bW4KgL0g59/k9X2agX2DAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUperzHEheEacTFjkKRxr0gP3azawwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA5MjY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQBwMA0GCSqGSIb3DQEBCwUAA4IBAQCekZNxhGJAOJB4VH+dj637nyqzin/j39Ga
uz8siFTnW1qtF20OTvI2c+727ckBGplpXJb9DGhTlJ9hxYNn7LU9KlDKWaHqZICn
ueyJuBJN7o3IBq5IXVs6/Nc2IzFwFiiZ8RDLLda/uYIdbqdVeGHPmOnLdDNvvezN
gkJdd3wRYRVFZ9Qq6LDHBee77IQN8vVpLZhj59pHLol+mP7Z9tShXLLtfjUL7Xz2
z++ixSaMAm63/dZ1bP/bSrVGbtgVUW6ExthSBgDpqN5/13iKRdj9euJD1KxNWxvQ
OkipZsufZNHlTZiPMwhKx299T6XuEQ/kurTz6+K/NAstD72GOItO
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:35:22 2024 by rpki-client on console-ams.rpki-client.org