Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216052.roa
File:                     AS216052.roa (raw, json)
Hash identifier:          Pt8BSmWJVJinplpq2HrFc/XNEeyKeuZ6eXlJeeZJ0mo=
Subject key identifier:   C4:3C:89:E2:9F:8A:9C:99:8B:A6:36:DA:4D:EF:DE:02:DE:6B:D2:1F
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       20A58B8492C1DF8FD20677044C7CC2A654AC0D65
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216052.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     216052
IP address blocks:        2a0f:85c1:324::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a5:8b:84:92:c1:df:8f:d2:06:77:04:4c:7c:c2:a6:54:ac:0d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=C43C89E29F8A9C998BA636DA4DEFDE02DE6BD21F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9a:f9:df:cb:15:70:f4:ae:85:f6:4c:b2:47:
                    34:28:15:14:ef:e2:99:32:eb:69:b6:b2:e9:58:f2:
                    4d:56:37:45:f2:6c:71:b1:dc:d6:76:10:01:df:53:
                    0d:8a:d6:9c:22:c5:cc:04:2d:ca:ff:82:53:50:ff:
                    ea:58:9d:c9:30:46:1b:9c:b9:eb:59:e4:60:39:b1:
                    40:4a:87:2b:c3:c0:7e:76:d1:19:0d:2f:f7:86:18:
                    4c:29:b3:b6:09:cd:02:35:85:58:c9:02:9f:00:eb:
                    23:63:a7:0b:53:6c:75:2d:2f:3c:1b:12:c8:36:58:
                    0d:9f:c8:73:22:f7:45:83:df:be:b7:20:c1:6a:2c:
                    f1:5e:c8:e4:d7:46:24:f3:9e:8c:e1:92:a5:48:fb:
                    bd:30:a2:5c:20:f7:e6:cf:be:5a:ab:59:83:f6:fd:
                    b5:40:77:89:9d:e5:62:0a:24:23:55:3b:c2:e6:8f:
                    6b:05:53:9d:18:bd:45:64:7a:8c:3a:ce:d0:c1:9b:
                    9e:ae:65:b0:d4:d8:a0:e0:0a:4f:4a:4a:54:7b:7f:
                    96:cc:ee:e7:ac:af:3e:9d:d9:c9:fc:ee:f8:13:67:
                    f1:6b:f6:b4:b3:75:60:f5:dc:d3:d4:cd:c4:60:8b:
                    f7:3b:b8:70:de:2c:8d:ca:59:76:00:75:7d:55:10:
                    c7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3C:89:E2:9F:8A:9C:99:8B:A6:36:DA:4D:EF:DE:02:DE:6B:D2:1F
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216052.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:324::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:4d:73:34:19:b8:cc:e2:8a:11:77:d7:68:cd:dd:e2:49:62:
         c6:91:a3:4f:41:f7:c0:78:b4:cd:a0:c2:1e:41:c8:55:0f:64:
         86:a6:78:84:8d:5d:79:f7:62:29:d6:16:71:53:ef:f2:42:cc:
         a6:42:60:bb:a3:0f:e5:cd:6c:cd:2e:32:85:af:fe:97:67:4f:
         45:df:d2:6b:21:bd:cf:25:93:a4:0b:89:79:1f:ea:52:54:72:
         34:0c:37:1e:30:c2:30:5b:52:0f:37:76:34:a2:a7:43:89:fe:
         e0:2c:ed:fa:37:12:75:6e:a0:b8:c3:e2:c1:67:c9:e1:dc:bd:
         c2:23:fd:c1:ec:e5:27:06:72:03:d6:ab:03:2f:c9:8d:bd:00:
         38:d0:51:f2:86:53:f5:93:29:02:d9:43:27:05:d2:08:49:aa:
         84:2b:d7:4b:4c:5b:c4:6e:f5:b2:48:15:dd:67:c6:e9:b7:3c:
         81:e9:90:99:70:8d:cc:1d:0e:19:76:1b:b9:c2:67:61:8c:70:
         84:7a:d7:25:26:3a:f3:ef:0d:e7:ea:1c:67:1a:e6:d5:72:96:
         c4:40:68:cf:07:c7:ed:d3:4e:79:31:9b:58:cf:d9:1a:44:69:
         cb:f6:33:0a:1d:aa:aa:83:8c:75:6e:ab:d3:a3:75:04:2a:7d:
         73:76:6f:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIKWLhJLB34/SBncETHzCplSsDWUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKEM0M0M4OUUyOUY4QTlDOTk4QkE2MzZEQTRERUZERTAyREU2QkQyMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCymvnfyxVw9K6F9kyyRzQoFRTv
4pky62m2sulY8k1WN0XybHGx3NZ2EAHfUw2K1pwixcwELcr/glNQ/+pYnckwRhuc
uetZ5GA5sUBKhyvDwH520RkNL/eGGEwps7YJzQI1hVjJAp8A6yNjpwtTbHUtLzwb
Esg2WA2fyHMi90WD3763IMFqLPFeyOTXRiTznozhkqVI+70wolwg9+bPvlqrWYP2
/bVAd4md5WIKJCNVO8Lmj2sFU50YvUVkeow6ztDBm56uZbDU2KDgCk9KSlR7f5bM
7uesrz6d2cn87vgTZ/Fr9rSzdWD13NPUzcRgi/c7uHDeLI3KWXYAdX1VEMctAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxDyJ4p+KnJmLpjbaTe/eAt5r0h8wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE2MDUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQMkMA0GCSqGSIb3DQEBCwUAA4IBAQAKTXM0GbjM4ooRd9dozd3iSWLGkaNPQffA
eLTNoMIeQchVD2SGpniEjV1592Ip1hZxU+/yQsymQmC7ow/lzWzNLjKFr/6XZ09F
39JrIb3PJZOkC4l5H+pSVHI0DDceMMIwW1IPN3Y0oqdDif7gLO36NxJ1bqC4w+LB
Z8nh3L3CI/3B7OUnBnID1qsDL8mNvQA40FHyhlP1kykC2UMnBdIISaqEK9dLTFvE
bvWySBXdZ8bptzyB6ZCZcI3MHQ4Zdhu5wmdhjHCEetclJjrz7w3n6hxnGubVcpbE
QGjPB8ft0055MZtYz9kaRGnL9jMKHaqqg4x1bqvTo3UEKn1zdm8P
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org