Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215015.roa
File:                     AS215015.roa (raw, json)
Hash identifier:          ThPsDoY97b3PQGPZhDzAtfxQI/VLS7nDm8reZmXStK4=
Subject key identifier:   72:60:23:E9:1F:A8:8F:45:4C:7E:EF:8A:03:CB:68:E5:58:0B:76:6A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4330D63844A96E6C9668E6A38ADEDDDA9BBEE80C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215015.roa
Signing time:             Sun 05 May 2024 00:48:12 +0000
ROA not before:           Sun 05 May 2024 00:43:12 +0000
ROA not after:            Sun 04 May 2025 00:48:12 +0000
asID:                     215015
IP address blocks:        147.79.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:30:d6:38:44:a9:6e:6c:96:68:e6:a3:8a:de:dd:da:9b:be:e8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 00:43:12 2024 GMT
            Not After : May  4 00:48:12 2025 GMT
        Subject: CN=726023E91FA88F454C7EEF8A03CB68E5580B766A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:23:75:91:4b:60:76:85:7c:23:40:06:26:47:
                    4e:ce:3d:fa:b6:17:19:6a:69:a0:cf:65:30:92:36:
                    c1:1e:96:2f:b0:e4:2f:d0:b8:d2:c4:43:91:53:11:
                    ec:8c:4e:c3:ec:fa:a1:4d:5f:4c:36:ba:28:af:8f:
                    2c:10:35:7e:d7:69:94:80:76:f5:b8:d2:b6:ed:55:
                    36:59:16:f0:1f:07:ad:f5:d9:13:28:95:ee:ed:5b:
                    7a:a9:d6:2a:26:92:c0:27:97:d0:07:a1:e7:f8:8d:
                    57:3b:6f:04:c7:c1:ed:23:73:bf:26:83:95:14:d8:
                    a7:bc:3c:43:5a:73:3a:7d:14:22:c9:45:e9:41:ee:
                    bd:7c:3e:6b:c2:18:db:ac:bb:75:24:7e:62:06:44:
                    20:c7:8a:b7:6f:67:ee:c4:54:cc:03:8e:19:29:d9:
                    d2:69:2a:89:fd:d2:17:62:5d:36:a5:1d:74:bb:8c:
                    7d:29:6e:9c:5c:54:06:c8:a7:47:83:c9:ac:9a:d9:
                    62:1f:c0:19:b5:f8:bb:ea:20:12:74:76:94:4d:35:
                    de:a5:35:85:ce:16:db:97:38:1f:1f:2a:1f:0e:d3:
                    29:0f:8c:75:b2:97:e7:82:94:0c:f2:a2:5f:01:35:
                    e4:8b:bb:49:96:9c:80:54:f2:5f:74:39:1f:a6:be:
                    6e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:60:23:E9:1F:A8:8F:45:4C:7E:EF:8A:03:CB:68:E5:58:0B:76:6A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215015.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:78:4a:c8:b1:14:f2:ff:7c:31:3b:c9:9f:8d:49:01:8a:ab:
         c8:11:5b:80:b0:64:16:c8:bf:98:c2:d4:65:56:6e:76:36:93:
         93:8f:09:4f:e6:3b:57:90:d8:31:e4:bd:64:ed:16:3f:47:6f:
         9c:91:b0:68:31:f8:2c:84:21:6d:15:54:73:fe:d4:a8:a8:30:
         0b:97:d1:b7:60:ff:d3:3d:96:d2:37:ac:e8:bc:fe:32:19:b7:
         c4:c1:5a:0f:dc:8b:03:d1:9b:56:c7:6e:91:58:d7:cb:c6:56:
         95:6d:c3:71:9b:ae:13:bc:2a:cb:f9:d2:82:3a:f7:ce:cf:ce:
         12:12:72:8e:70:aa:d5:3b:9e:07:45:df:bd:3f:9f:19:d8:5a:
         f8:ab:ed:08:bf:8a:a8:d8:de:c6:66:a0:49:22:ae:d4:56:fe:
         b6:ec:19:36:36:73:dc:dd:9c:f6:98:07:0f:61:6e:56:f4:fd:
         62:1e:0d:77:54:0a:ac:28:0b:79:1e:09:05:20:3b:ac:46:91:
         9a:d8:28:c7:cd:8c:e2:b8:40:77:9f:0e:2b:40:22:f6:15:01:
         d7:71:00:1d:f2:cc:59:1d:12:d3:c4:ca:e9:b7:3b:db:b6:74:
         41:22:7d:96:5f:da:1e:95:02:cc:d1:ca:e4:45:e9:4d:c6:cc:
         9f:3a:ce:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQzDWOESpbmyWaOajit7d2pu+6AwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MDUwMDQzMTJaFw0yNTA1MDQwMDQ4MTJaMDMxMTAvBgNV
BAMTKDcyNjAyM0U5MUZBODhGNDU0QzdFRUY4QTAzQ0I2OEU1NTgwQjc2NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZI3WRS2B2hXwjQAYmR07OPfq2
FxlqaaDPZTCSNsEeli+w5C/QuNLEQ5FTEeyMTsPs+qFNX0w2uiivjywQNX7XaZSA
dvW40rbtVTZZFvAfB6312RMole7tW3qp1iomksAnl9AHoef4jVc7bwTHwe0jc78m
g5UU2Ke8PENaczp9FCLJRelB7r18PmvCGNusu3UkfmIGRCDHirdvZ+7EVMwDjhkp
2dJpKon90hdiXTalHXS7jH0pbpxcVAbIp0eDyaya2WIfwBm1+LvqIBJ0dpRNNd6l
NYXOFtuXOB8fKh8O0ykPjHWyl+eClAzyol8BNeSLu0mWnIBU8l90OR+mvm5jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcmAj6R+oj0VMfu+KA8to5VgLdmowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08e
MA0GCSqGSIb3DQEBCwUAA4IBAQCGeErIsRTy/3wxO8mfjUkBiqvIEVuAsGQWyL+Y
wtRlVm52NpOTjwlP5jtXkNgx5L1k7RY/R2+ckbBoMfgshCFtFVRz/tSoqDALl9G3
YP/TPZbSN6zovP4yGbfEwVoP3IsD0ZtWx26RWNfLxlaVbcNxm64TvCrL+dKCOvfO
z84SEnKOcKrVO54HRd+9P58Z2Fr4q+0Iv4qo2N7GZqBJIq7UVv627Bk2NnPc3Zz2
mAcPYW5W9P1iHg13VAqsKAt5HgkFIDusRpGa2CjHzYziuEB3nw4rQCL2FQHXcQAd
8sxZHRLTxMrptzvbtnRBIn2WX9oelQLM0crkRelNxsyfOs5u
-----END CERTIFICATE-----