Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa
File:                     AS202239.roa (raw, json)
Hash identifier:          Awu8T/zsKtnnUwfs5PHDCHLPiZm1kyfWCAMiHQjsjYk=
Subject key identifier:   B8:90:94:EA:82:2A:36:94:55:90:D1:84:96:35:30:EC:AF:C0:09:99
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5A3CBDF9974C09BEEAB883A4C384D33C9348DAE3
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa
Signing time:             Fri 25 Jul 2025 08:07:36 +0000
ROA not before:           Fri 25 Jul 2025 08:02:36 +0000
ROA not after:            Fri 24 Jul 2026 08:07:36 +0000
asID:                     202239
IP address blocks:        2a0f:85c1:211::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:3c:bd:f9:97:4c:09:be:ea:b8:83:a4:c3:84:d3:3c:93:48:da:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:36 2025 GMT
            Not After : Jul 24 08:07:36 2026 GMT
        Subject: CN=B89094EA822A36945590D184963530ECAFC00999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:02:37:66:a3:3c:3d:60:78:c0:d3:49:c1:8b:
                    c2:f7:df:32:69:8a:a5:82:23:b2:49:a5:9e:5e:3c:
                    51:86:0c:ff:00:95:e0:f2:60:7b:e1:15:af:23:6f:
                    bf:d6:d8:94:ed:0b:4b:5b:62:aa:a2:dd:46:66:02:
                    5e:fb:6e:0e:8e:10:1b:bb:f5:3c:d7:d7:3c:37:f2:
                    18:20:30:bc:22:59:df:06:c6:53:14:bb:45:c1:3e:
                    ec:3a:fa:5a:7f:82:d6:87:61:a2:a2:fd:bb:75:63:
                    e5:aa:eb:4f:e2:f1:28:6e:e4:e7:dd:64:fb:6d:be:
                    98:c3:49:2f:5a:34:0f:2c:ae:76:04:45:d8:11:68:
                    ba:af:c6:17:36:e5:7a:d6:ce:0a:72:81:5f:98:6c:
                    cf:34:15:ef:cb:36:cf:d2:e6:bb:dd:ba:19:2e:fc:
                    04:d7:8e:23:55:7b:cc:9b:66:80:cf:29:20:94:42:
                    c8:31:b6:11:88:01:82:63:fc:ff:df:5c:88:5f:dd:
                    70:c8:3a:d3:22:89:0a:57:60:2a:48:e4:46:3a:75:
                    82:5c:94:86:57:f5:85:3d:81:31:9a:7d:ab:ef:d6:
                    ea:d0:ce:23:28:a1:d5:cd:8f:10:e5:0c:da:9e:1d:
                    01:0e:83:20:13:4d:ee:00:06:f6:d6:7d:a5:dd:8f:
                    b2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:90:94:EA:82:2A:36:94:55:90:D1:84:96:35:30:EC:AF:C0:09:99
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:211::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:f6:02:80:96:1a:5e:3f:68:40:72:6c:94:7a:6b:21:11:ef:
         59:bb:e9:a7:69:b1:d3:46:30:47:27:35:8c:31:2b:e4:20:95:
         57:94:81:49:f6:e4:81:52:be:a5:75:f8:dc:5e:fa:8a:a6:56:
         5c:3d:6c:cc:1c:00:4d:cf:cd:4a:08:f2:9d:55:7f:3e:b3:c8:
         36:6c:ae:7c:41:2d:34:e4:99:90:82:0c:db:b7:5f:0b:a3:b1:
         5d:17:27:a4:70:48:74:75:5b:78:fe:f6:a6:96:0c:a3:eb:37:
         14:5b:7a:7a:33:47:aa:38:8e:4a:26:fc:e0:80:a7:53:78:41:
         b9:81:d9:54:ef:f5:0f:59:a5:5d:84:3b:f1:12:7f:a8:50:9c:
         52:19:aa:f3:07:36:85:d2:66:5c:07:ff:7d:61:c1:f8:3a:52:
         83:f4:36:5a:73:32:b2:ed:e4:09:21:96:6f:20:62:f5:f8:1f:
         cc:83:d7:88:45:93:2a:36:22:8f:88:26:0b:c4:97:f1:f2:aa:
         ba:06:d5:34:9d:83:87:36:e3:4d:b4:c1:15:99:b4:92:24:ed:
         d7:bc:60:e5:79:3c:19:8f:d5:ad:07:11:6f:58:35:1d:4b:33:
         76:ea:80:a0:4a:a6:d7:ad:30:53:d3:65:64:15:5b:6b:ce:fd:
         e1:e6:66:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWjy9+ZdMCb7quIOkw4TTPJNI2uMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzZaFw0yNjA3MjQwODA3MzZaMDMxMTAvBgNV
BAMTKEI4OTA5NEVBODIyQTM2OTQ1NTkwRDE4NDk2MzUzMEVDQUZDMDA5OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhAjdmozw9YHjA00nBi8L33zJp
iqWCI7JJpZ5ePFGGDP8AleDyYHvhFa8jb7/W2JTtC0tbYqqi3UZmAl77bg6OEBu7
9TzX1zw38hggMLwiWd8GxlMUu0XBPuw6+lp/gtaHYaKi/bt1Y+Wq60/i8Shu5Ofd
ZPttvpjDSS9aNA8srnYERdgRaLqvxhc25XrWzgpygV+YbM80Fe/LNs/S5rvduhku
/ATXjiNVe8ybZoDPKSCUQsgxthGIAYJj/P/fXIhf3XDIOtMiiQpXYCpI5EY6dYJc
lIZX9YU9gTGafavv1urQziMoodXNjxDlDNqeHQEOgyATTe4ABvbWfaXdj7LXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUuJCU6oIqNpRVkNGEljUw7K/ACZkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQIRMA0GCSqGSIb3DQEBCwUAA4IBAQCH9gKAlhpeP2hAcmyUemshEe9Zu+mnabHT
RjBHJzWMMSvkIJVXlIFJ9uSBUr6ldfjcXvqKplZcPWzMHABNz81KCPKdVX8+s8g2
bK58QS005JmQggzbt18Lo7FdFyekcEh0dVt4/vamlgyj6zcUW3p6M0eqOI5KJvzg
gKdTeEG5gdlU7/UPWaVdhDvxEn+oUJxSGarzBzaF0mZcB/99YcH4OlKD9DZaczKy
7eQJIZZvIGL1+B/Mg9eIRZMqNiKPiCYLxJfx8qq6BtU0nYOHNuNNtMEVmbSSJO3X
vGDleTwZj9WtBxFvWDUdSzN26oCgSqbXrTBT02VkFVtrzv3h5mbj
-----END CERTIFICATE-----