Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210532.roa
File:                     AS210532.roa (raw, json)
Hash identifier:          6jnZmQbmQQwk9NnVB98t4heuVKNBbiUfBUKvC4f8N6A=
Subject key identifier:   3A:E1:FB:34:BB:11:BD:69:D7:FD:F5:C0:F8:99:0F:D8:2F:E7:1E:D4
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       34E862FC39BDEAEBE01C6C87577A4C023C4F8828
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210532.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     210532
IP address blocks:        2a0f:85c1:27::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e8:62:fc:39:bd:ea:eb:e0:1c:6c:87:57:7a:4c:02:3c:4f:88:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=3AE1FB34BB11BD69D7FDF5C0F8990FD82FE71ED4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d0:27:8b:a7:f0:5f:12:84:ad:d2:d0:ee:5f:
                    4b:f6:0b:a7:32:b2:43:65:65:82:8c:20:c6:99:57:
                    dd:85:a5:ff:99:85:ec:21:3d:34:9a:d3:a1:18:6e:
                    13:63:9b:a6:f5:09:d0:a1:43:45:a9:de:1d:13:c3:
                    dc:b1:1f:ab:91:8c:95:fe:62:1c:58:ad:33:c4:86:
                    50:9f:43:e0:ab:2c:9f:d3:23:a4:5d:7d:a0:8b:e1:
                    23:77:14:12:a0:3d:27:2a:92:96:d1:48:a1:2a:4b:
                    52:e3:44:8c:50:29:5e:58:a1:93:1d:d5:00:b5:78:
                    87:58:d6:62:ea:68:7a:b2:68:6c:64:52:45:de:c0:
                    17:ce:6e:f3:30:4b:a1:70:d4:94:c1:f5:39:af:e7:
                    72:7c:33:d3:6e:14:ff:62:cc:dc:c4:63:46:5e:4e:
                    8c:1d:37:d2:5e:52:bc:bf:76:08:28:6f:b7:29:ba:
                    a0:e7:28:cc:1b:26:df:f4:8f:e2:65:f4:2e:04:71:
                    18:0c:25:f3:da:f6:28:29:4e:39:56:3e:d1:b6:8a:
                    40:de:ff:da:20:de:a3:b3:46:7b:78:f6:58:0b:a9:
                    ed:4d:08:c8:00:34:2e:2c:da:56:d4:2b:96:ca:8a:
                    d9:93:65:c1:e5:10:77:06:fb:74:aa:64:57:7f:65:
                    c4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E1:FB:34:BB:11:BD:69:D7:FD:F5:C0:F8:99:0F:D8:2F:E7:1E:D4
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS210532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:59:5b:c6:e6:c8:81:52:99:37:df:c5:7a:68:d4:4f:ad:53:
         06:97:89:95:e8:d1:7f:68:b4:bf:16:1e:d8:c6:94:f1:1b:4a:
         28:ec:21:d2:86:41:96:04:a8:9c:1f:07:47:25:03:e4:7a:2d:
         84:4d:ed:d6:8c:9d:d4:46:26:64:2e:4a:c3:1f:78:2f:c0:c6:
         0e:22:40:92:9f:ca:ac:38:7d:12:e4:25:8f:b0:ba:05:24:e4:
         05:4f:b3:b2:75:20:b5:d4:28:ab:11:d9:bb:cf:0e:dd:00:c4:
         7e:76:36:3a:46:ba:b2:12:95:25:df:0f:a7:2d:80:b1:3b:43:
         ae:51:5e:c2:20:b0:76:62:e6:59:12:4e:b6:c6:98:2d:8c:09:
         f7:f9:ae:1a:c2:25:36:ac:2b:89:e2:1f:d8:86:3e:01:f9:c7:
         23:cf:34:4f:ae:d3:7a:0e:d1:03:99:17:f2:e6:a4:a1:ae:6e:
         54:67:4b:0f:9f:4e:8d:a4:1d:86:b7:6d:29:13:2b:5c:7b:34:
         23:2f:83:69:5e:82:a7:e5:66:02:d3:64:91:74:b8:aa:36:62:
         73:6e:d2:3c:58:12:62:61:32:8e:8b:0a:2a:af:54:68:ee:0b:
         08:85:64:df:ef:d4:a7:bf:91:2f:88:dd:89:c4:00:df:ff:de:
         4a:cd:9b:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNOhi/Dm96uvgHGyHV3pMAjxPiCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDNBRTFGQjM0QkIxMUJENjlEN0ZERjVDMEY4OTkwRkQ4MkZFNzFFRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ0CeLp/BfEoSt0tDuX0v2C6cy
skNlZYKMIMaZV92Fpf+ZhewhPTSa06EYbhNjm6b1CdChQ0Wp3h0Tw9yxH6uRjJX+
YhxYrTPEhlCfQ+CrLJ/TI6RdfaCL4SN3FBKgPScqkpbRSKEqS1LjRIxQKV5YoZMd
1QC1eIdY1mLqaHqyaGxkUkXewBfObvMwS6Fw1JTB9Tmv53J8M9NuFP9izNzEY0Ze
TowdN9JeUry/dggob7cpuqDnKMwbJt/0j+Jl9C4EcRgMJfPa9igpTjlWPtG2ikDe
/9og3qOzRnt49lgLqe1NCMgANC4s2lbUK5bKitmTZcHlEHcG+3SqZFd/ZcQ9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOuH7NLsRvWnX/fXA+JkP2C/nHtQwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjEwNTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAnMA0GCSqGSIb3DQEBCwUAA4IBAQC4WVvG5siBUpk338V6aNRPrVMGl4mV6NF/
aLS/Fh7YxpTxG0oo7CHShkGWBKicHwdHJQPkei2ETe3WjJ3URiZkLkrDH3gvwMYO
IkCSn8qsOH0S5CWPsLoFJOQFT7OydSC11CirEdm7zw7dAMR+djY6RrqyEpUl3w+n
LYCxO0OuUV7CILB2YuZZEk62xpgtjAn3+a4awiU2rCuJ4h/Yhj4B+ccjzzRPrtN6
DtEDmRfy5qShrm5UZ0sPn06NpB2Gt20pEytcezQjL4NpXoKn5WYC02SRdLiqNmJz
btI8WBJiYTKOiwoqr1Ro7gsIhWTf79Snv5EviN2JxADf/95KzZvG
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org