Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216310.roa
File:                     AS216310.roa (raw, json)
Hash identifier:          j4E5vN6MT7EHqSUDD6wqLGFXcPPOF2q8nqhh5feobLE=
Subject key identifier:   52:67:3D:4F:4C:92:03:D9:32:FD:53:9E:FE:70:D6:18:5F:89:5B:E2
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       061D89DB4E9A3675F8A21F5D2D6663957359DE8D
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216310.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     216310
IP address blocks:        2a0f:85c1:39c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:1d:89:db:4e:9a:36:75:f8:a2:1f:5d:2d:66:63:95:73:59:de:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=52673D4F4C9203D932FD539EFE70D6185F895BE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b2:65:dc:37:bf:ec:99:47:c1:a0:77:a3:f2:
                    57:1a:a9:d4:9d:d9:0a:3b:1b:45:2c:5b:82:c6:4b:
                    b5:ea:f1:cd:87:fa:a5:f0:45:24:0c:70:51:21:e9:
                    99:34:dc:b4:06:eb:03:a2:8a:12:16:7a:e3:85:3d:
                    17:0a:de:e2:d5:ca:43:06:1b:2e:91:d1:ed:28:d4:
                    27:65:a8:8c:0d:7e:01:29:af:26:66:a2:52:3e:4a:
                    80:4b:84:9c:2a:7a:c2:f7:47:6b:48:d9:af:17:08:
                    ce:2c:99:60:56:33:d4:d6:53:f1:80:72:d9:be:0e:
                    db:a5:72:9a:0f:19:13:a4:73:4c:f6:b3:6e:6a:ca:
                    a1:c6:5c:99:03:ef:16:e2:56:c5:ef:0c:30:36:2d:
                    53:d5:6d:49:ae:db:5b:e5:41:49:64:6a:44:be:ae:
                    e6:e2:4f:5a:44:e5:0b:03:6c:11:06:f6:8d:1b:0d:
                    da:b2:8a:a8:97:2d:74:c2:b1:df:66:90:50:46:c3:
                    cf:1e:35:2c:b0:a1:f5:03:d0:04:e0:f0:c8:69:70:
                    ff:c6:84:5e:03:4b:7d:0d:a1:ad:ec:36:4a:c7:f1:
                    ff:d3:eb:c3:f1:e8:a3:b1:4f:df:49:79:93:ff:a9:
                    b3:89:70:f2:eb:07:94:2b:6f:91:4f:35:d7:e6:90:
                    3f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:67:3D:4F:4C:92:03:D9:32:FD:53:9E:FE:70:D6:18:5F:89:5B:E2
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS216310.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:89:eb:f2:56:51:5e:3f:b9:5d:ff:ea:c7:57:0b:25:fd:b1:
         8f:0a:67:cc:dc:61:75:14:8b:ae:14:4b:27:49:32:81:6f:80:
         61:a0:a9:eb:62:88:fe:5f:4f:51:1a:91:da:ae:16:98:d6:5e:
         80:c2:5d:25:a3:04:07:0e:fa:1e:94:e5:84:c5:fa:ae:15:42:
         fd:90:fb:eb:bc:c4:20:55:42:b0:cc:b3:ba:d5:73:b0:e0:68:
         ce:39:68:c4:cd:8a:9b:57:c5:ad:2a:94:72:36:1a:21:91:8f:
         ea:f8:b5:25:00:4e:0f:67:5f:4d:77:2d:f1:30:74:98:09:36:
         79:82:c9:39:91:a5:7f:b6:22:ee:61:4b:59:8f:e1:ae:0e:82:
         8c:9c:ff:50:8c:26:3a:27:59:0d:5f:67:01:a5:04:47:7a:1b:
         81:09:2c:92:8a:70:de:4c:a1:ed:a9:8d:ae:a4:3f:18:9a:e2:
         3c:a5:14:a7:05:c9:0a:d9:c1:ec:cb:b8:22:19:64:cd:3b:88:
         35:41:12:92:40:c2:f5:b8:fb:2b:7b:31:64:fc:85:9c:b4:dd:
         73:60:c0:94:10:fb:fc:36:bf:cb:6a:96:4a:92:3f:f0:39:d9:
         74:a4:05:b3:44:90:4b:30:21:51:ee:f8:db:3b:2d:e6:11:b0:
         12:44:bd:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBh2J206aNnX4oh9dLWZjlXNZ3o0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKDUyNjczRDRGNEM5MjAzRDkzMkZENTM5RUZFNzBENjE4NUY4OTVCRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAsmXcN7/smUfBoHej8lcaqdSd
2Qo7G0UsW4LGS7Xq8c2H+qXwRSQMcFEh6Zk03LQG6wOiihIWeuOFPRcK3uLVykMG
Gy6R0e0o1CdlqIwNfgEpryZmolI+SoBLhJwqesL3R2tI2a8XCM4smWBWM9TWU/GA
ctm+DtulcpoPGROkc0z2s25qyqHGXJkD7xbiVsXvDDA2LVPVbUmu21vlQUlkakS+
rubiT1pE5QsDbBEG9o0bDdqyiqiXLXTCsd9mkFBGw88eNSywofUD0ATg8MhpcP/G
hF4DS30Noa3sNkrH8f/T68Px6KOxT99JeZP/qbOJcPLrB5Qrb5FPNdfmkD+dAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUUmc9T0ySA9ky/VOe/nDWGF+JW+IwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE2MzEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOcMA0GCSqGSIb3DQEBCwUAA4IBAQB7ievyVlFeP7ld/+rHVwsl/bGPCmfM3GF1
FIuuFEsnSTKBb4BhoKnrYoj+X09RGpHarhaY1l6Awl0lowQHDvoelOWExfquFUL9
kPvrvMQgVUKwzLO61XOw4GjOOWjEzYqbV8WtKpRyNhohkY/q+LUlAE4PZ19Ndy3x
MHSYCTZ5gsk5kaV/tiLuYUtZj+GuDoKMnP9QjCY6J1kNX2cBpQRHehuBCSySinDe
TKHtqY2upD8YmuI8pRSnBckK2cHsy7giGWTNO4g1QRKSQML1uPsrezFk/IWctN1z
YMCUEPv8Nr/LapZKkj/wOdl0pAWzRJBLMCFR7vjbOy3mEbASRL3Q
-----END CERTIFICATE-----
Generated at Wed Jul 17 22:48:20 2024 by rpki-client on console-ams.rpki-client.org