Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa
File:                     AS215311.roa (raw, json)
Hash identifier:          Hkzuykj+tisA0Tx7eUktPcP0DYTI4omZRhZ9///+SpQ=
Subject key identifier:   E1:3A:CC:C5:4F:89:B4:BA:D4:3C:B5:AE:0B:BB:F4:AF:1D:C6:FD:D8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7DFB679259FA0189A45AE7BE6BC36A5598BA05EC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa
Signing time:             Sat 06 Apr 2024 11:09:32 +0000
ROA not before:           Sat 06 Apr 2024 11:04:32 +0000
ROA not after:            Sat 05 Apr 2025 11:09:32 +0000
asID:                     215311
IP address blocks:        146.103.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:fb:67:92:59:fa:01:89:a4:5a:e7:be:6b:c3:6a:55:98:ba:05:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:32 2024 GMT
            Not After : Apr  5 11:09:32 2025 GMT
        Subject: CN=E13ACCC54F89B4BAD43CB5AE0BBBF4AF1DC6FDD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:61:d5:46:08:67:fc:52:f3:39:49:30:bc:95:
                    0c:d3:87:f0:ce:77:85:41:99:f4:13:cc:cc:38:28:
                    dc:7f:ed:6a:0c:68:6f:7b:2d:1c:2d:3e:5f:4d:83:
                    47:61:db:9f:b1:a3:35:aa:92:f1:7e:c9:ba:cf:57:
                    2a:17:b1:f4:ec:d7:2d:33:e8:37:cf:ce:ab:f0:92:
                    87:54:7d:fb:63:a0:91:ce:f3:e5:2f:4b:54:77:9e:
                    e4:c0:eb:49:2a:73:f9:80:4d:78:38:66:82:4e:ad:
                    62:0c:3d:52:a0:0f:e0:1a:c5:7d:30:e8:55:f7:18:
                    51:78:0d:d5:b1:e7:0e:92:00:92:35:e6:24:6b:0d:
                    0f:c2:2d:34:d2:e3:d3:79:0b:e3:4e:db:4b:14:fa:
                    f7:39:81:c9:fb:eb:09:ab:c8:15:d8:fb:68:df:f7:
                    40:db:54:0c:03:cc:22:24:46:ab:46:26:54:0c:f3:
                    5d:63:e3:3a:f3:38:5a:25:84:74:a5:0b:0a:d5:f1:
                    07:1e:a1:be:f6:c3:4b:ba:b7:fd:0c:4b:47:ae:bc:
                    2d:2d:77:e1:9a:cd:54:0e:e4:d6:d6:1f:8b:b6:6f:
                    f4:d9:8c:8f:08:3c:c2:79:bf:ec:aa:38:d5:cd:a2:
                    85:bf:63:a3:4a:9a:00:eb:62:33:47:92:09:7a:b9:
                    cc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:3A:CC:C5:4F:89:B4:BA:D4:3C:B5:AE:0B:BB:F4:AF:1D:C6:FD:D8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:ae:d3:a2:6b:c6:66:43:b8:d0:41:be:4f:55:54:77:ad:64:
         74:f5:e2:0b:48:41:ff:ff:43:c0:98:da:d4:01:37:9a:b6:59:
         2d:f1:0d:8e:34:28:d4:44:de:0d:5d:b4:c1:49:27:da:a8:f0:
         1f:ae:98:48:76:3c:06:fd:f6:9f:fc:9c:af:d9:17:b9:fc:5c:
         26:c2:d0:cf:3e:30:d8:1a:9e:3f:35:4d:db:c3:fc:01:cf:69:
         7e:ce:3a:36:ec:3f:c2:da:a9:4b:19:a5:07:ca:49:06:e6:9b:
         5b:6f:d6:49:cf:57:ab:a2:ce:8b:40:3f:11:eb:cc:44:90:d7:
         86:17:b0:f3:a5:10:33:7d:7b:b8:1f:16:50:40:59:95:ba:88:
         e0:ba:b6:db:a0:27:cf:07:1f:fc:7c:bf:c3:a8:d9:71:8d:4b:
         29:0c:b4:18:1b:d8:d2:a2:22:19:4e:37:0e:9f:6d:d1:be:5d:
         c9:99:8a:66:c7:a8:61:23:9e:28:ff:b1:4b:64:ed:4c:44:a9:
         1f:79:d0:71:b1:d2:bc:fa:ac:64:e2:f1:71:22:41:98:a1:ef:
         57:32:2f:6f:e4:38:65:c5:70:a9:db:f0:a8:07:34:b1:94:16:
         47:bf:f1:bc:ea:5e:1c:0c:98:19:e9:f8:1d:84:4a:6a:0f:be:
         f3:d0:28:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfftnkln6AYmkWue+a8NqVZi6BewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzJaFw0yNTA0MDUxMTA5MzJaMDMxMTAvBgNV
BAMTKEUxM0FDQ0M1NEY4OUI0QkFENDNDQjVBRTBCQkJGNEFGMURDNkZERDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtYdVGCGf8UvM5STC8lQzTh/DO
d4VBmfQTzMw4KNx/7WoMaG97LRwtPl9Ng0dh25+xozWqkvF+ybrPVyoXsfTs1y0z
6DfPzqvwkodUfftjoJHO8+UvS1R3nuTA60kqc/mATXg4ZoJOrWIMPVKgD+AaxX0w
6FX3GFF4DdWx5w6SAJI15iRrDQ/CLTTS49N5C+NO20sU+vc5gcn76wmryBXY+2jf
90DbVAwDzCIkRqtGJlQM811j4zrzOFolhHSlCwrV8Qceob72w0u6t/0MS0euvC0t
d+GazVQO5NbWH4u2b/TZjI8IPMJ5v+yqONXNooW/Y6NKmgDrYjNHkgl6ucwbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4TrMxU+JtLrUPLWuC7v0rx3G/dgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkmco
MA0GCSqGSIb3DQEBCwUAA4IBAQCertOia8ZmQ7jQQb5PVVR3rWR09eILSEH//0PA
mNrUATeatlkt8Q2ONCjURN4NXbTBSSfaqPAfrphIdjwG/faf/Jyv2Re5/FwmwtDP
PjDYGp4/NU3bw/wBz2l+zjo27D/C2qlLGaUHykkG5ptbb9ZJz1eros6LQD8R68xE
kNeGF7DzpRAzfXu4HxZQQFmVuojgurbboCfPBx/8fL/DqNlxjUspDLQYG9jSoiIZ
TjcOn23Rvl3JmYpmx6hhI54o/7FLZO1MRKkfedBxsdK8+qxk4vFxIkGYoe9XMi9v
5DhlxXCp2/CoBzSxlBZHv/G86l4cDJgZ6fgdhEpqD77z0CjL
-----END CERTIFICATE-----