Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          Yo22tuPsYh8k6JR7sumgNYSA5rSNuhLStv7Ma4A5DAg=
Subject key identifier:   E8:93:33:06:99:25:8A:39:4C:C0:84:9E:01:5B:CF:AF:A6:F6:F4:08
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       493A0958BE8CDC32FEA97659B486E14EB7F2B75E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS56655.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     56655
IP address blocks:        2a0f:85c1:270::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:3a:09:58:be:8c:dc:32:fe:a9:76:59:b4:86:e1:4e:b7:f2:b7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=E893330699258A394CC0849E015BCFAFA6F6F408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1a:c0:95:44:c2:ea:40:05:96:6e:41:b1:54:
                    7f:b2:96:e3:c4:08:70:94:8b:44:15:7a:86:b3:f6:
                    a7:3b:7e:54:05:88:1f:93:8e:30:5c:d6:4e:4f:af:
                    b6:22:2a:93:28:06:45:45:2d:e4:f2:34:34:d6:a9:
                    5f:3d:e3:ca:89:c2:e9:f1:33:d7:22:60:15:43:94:
                    b3:90:71:67:46:c2:26:4a:0d:4b:08:ba:3d:16:0b:
                    a0:51:04:f3:b7:c9:9f:d1:f4:39:eb:41:04:64:a8:
                    6c:89:5c:a4:f8:e6:1f:3c:bd:81:22:e7:14:ad:09:
                    24:d8:d4:08:6f:84:e1:e6:f4:d6:62:1d:e4:dc:e4:
                    c0:66:50:42:da:c8:3c:56:27:c4:66:a1:1c:4e:90:
                    f9:61:1e:8d:ca:ec:34:ac:a7:5c:c2:71:a6:10:85:
                    a3:d5:f8:ea:9e:8e:f3:af:68:60:fd:b4:86:b7:a9:
                    9f:93:5e:54:37:11:77:c9:a5:4d:0d:c6:2c:88:7d:
                    a9:ce:59:09:cb:74:96:43:58:70:9c:61:76:47:78:
                    f6:27:a2:6f:44:bd:91:e3:7e:72:92:7e:e0:2d:95:
                    90:f1:49:20:fa:d6:ff:41:2d:a7:01:15:f3:3d:a5:
                    e3:de:4e:b8:ce:dd:6d:ff:90:60:db:cc:95:cf:64:
                    8b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:93:33:06:99:25:8A:39:4C:C0:84:9E:01:5B:CF:AF:A6:F6:F4:08
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         02:3d:2a:cb:81:42:1c:f9:a5:bf:d1:ba:16:dd:f3:42:52:ed:
         f0:c5:1e:02:10:fb:44:ad:22:dd:bf:de:0d:49:8d:18:34:22:
         47:52:d9:3c:e6:10:67:11:fe:29:9e:bf:6d:76:0f:06:60:ca:
         7a:e5:eb:22:84:a0:52:fc:00:a6:53:b4:fc:57:9a:e6:5f:7c:
         b0:14:4d:e4:bf:a8:b3:41:8f:40:f4:27:4c:70:5a:c9:c1:8c:
         14:fb:45:dd:5a:18:a4:69:a6:f8:2e:c8:df:fd:ff:8e:61:ad:
         3a:70:88:8e:14:60:fe:66:df:2e:0b:a9:69:d9:a4:03:81:6b:
         3a:2e:99:17:77:d9:b6:0c:6a:59:c4:fb:fe:7d:f8:9b:ea:c0:
         bd:d8:bc:c8:1a:7f:e2:c6:6c:46:41:66:0b:3d:c0:85:ba:9d:
         70:34:49:d6:df:ce:71:39:da:07:f4:b9:83:33:da:91:e2:7c:
         c2:1c:11:56:2d:6e:37:03:00:a3:b8:ea:fd:11:a2:15:52:8a:
         62:21:33:76:d0:09:8d:16:dc:cd:14:ed:1b:49:5f:33:b9:9e:
         c1:42:d2:ae:43:dd:68:fd:ef:06:a6:01:80:62:5d:46:87:22:
         1d:a2:55:d0:da:18:c2:86:ef:21:3a:55:0e:f1:c0:68:ed:99:
         f6:16:68:31
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUSToJWL6M3DL+qXZZtIbhTrfyt14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKEU4OTMzMzA2OTkyNThBMzk0Q0MwODQ5RTAxNUJDRkFGQTZGNkY0MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJGsCVRMLqQAWWbkGxVH+yluPE
CHCUi0QVeoaz9qc7flQFiB+TjjBc1k5Pr7YiKpMoBkVFLeTyNDTWqV8948qJwunx
M9ciYBVDlLOQcWdGwiZKDUsIuj0WC6BRBPO3yZ/R9DnrQQRkqGyJXKT45h88vYEi
5xStCSTY1AhvhOHm9NZiHeTc5MBmUELayDxWJ8RmoRxOkPlhHo3K7DSsp1zCcaYQ
haPV+OqejvOvaGD9tIa3qZ+TXlQ3EXfJpU0NxiyIfanOWQnLdJZDWHCcYXZHePYn
om9EvZHjfnKSfuAtlZDxSSD61v9BLacBFfM9pePeTrjO3W3/kGDbzJXPZItVAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU6JMzBpklijlMwISeAVvPr6b29AgwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
AnAwDQYJKoZIhvcNAQELBQADggEBAAI9KsuBQhz5pb/Ruhbd80JS7fDFHgIQ+0St
It2/3g1JjRg0IkdS2TzmEGcR/imev212DwZgynrl6yKEoFL8AKZTtPxXmuZffLAU
TeS/qLNBj0D0J0xwWsnBjBT7Rd1aGKRppvguyN/9/45hrTpwiI4UYP5m3y4LqWnZ
pAOBazoumRd32bYMalnE+/59+JvqwL3YvMgaf+LGbEZBZgs9wIW6nXA0SdbfznE5
2gf0uYMz2pHifMIcEVYtbjcDAKO46v0RohVSimIhM3bQCY0W3M0U7RtJXzO5nsFC
0q5D3Wj97wamAYBiXUaHIh2iVdDaGMKG7yE6VQ7xwGjtmfYWaDE=
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org