Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          nILFySzm44eiik6cV3uiVnZSpKk3W8nnA9EAFylcVps=
Subject key identifier:   38:3F:32:86:87:87:8A:6F:48:EB:EE:02:D4:81:85:05:92:F2:7E:F3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       50EE4A5019A1E47D8B48F6A25E65D102F8B8AFF6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215287.roa
Signing time:             Thu 02 May 2024 11:11:19 +0000
ROA not before:           Thu 02 May 2024 11:06:19 +0000
ROA not after:            Thu 01 May 2025 11:11:19 +0000
asID:                     215287
IP address blocks:        152.89.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:ee:4a:50:19:a1:e4:7d:8b:48:f6:a2:5e:65:d1:02:f8:b8:af:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May  2 11:06:19 2024 GMT
            Not After : May  1 11:11:19 2025 GMT
        Subject: CN=383F328687878A6F48EBEE02D481850592F27EF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:62:bc:d7:28:42:32:ab:91:4b:ce:a3:53:e1:
                    c6:7b:2f:23:5f:15:f0:b8:18:63:b8:7a:6e:3b:8e:
                    7a:6a:69:f0:c8:84:f2:cc:c3:e6:d0:cd:8e:17:f0:
                    4f:cb:ed:b1:97:b3:87:a3:5a:83:ed:00:c9:ac:62:
                    ff:45:f1:9d:bf:c9:0f:eb:1c:75:b7:ff:42:0a:ab:
                    d3:03:50:45:f2:41:80:9f:60:28:73:56:b3:d6:6d:
                    0a:4d:b7:aa:f5:ad:9e:e4:91:5f:9c:f4:b1:70:31:
                    ae:ea:06:19:0c:a1:68:1c:1f:61:19:7e:29:19:8f:
                    4f:bb:54:41:31:f9:03:e9:ac:5d:bf:f8:fc:d0:fa:
                    e1:0f:93:53:9b:d8:0b:99:a2:30:1d:28:e2:e8:f7:
                    49:2b:ab:ef:2d:20:3f:b1:93:ee:0a:2b:08:67:78:
                    7b:b1:4a:91:a6:d5:7a:a0:be:2b:74:81:d6:09:be:
                    bf:71:ab:91:3b:e5:96:74:20:b4:cf:1d:83:3c:0a:
                    72:c6:f7:c3:cd:29:fb:2f:0c:89:a5:de:22:dd:d7:
                    3a:8b:07:43:a1:ba:05:45:a3:9c:95:de:81:73:16:
                    cd:fc:05:48:b2:ef:fa:d3:b9:29:43:93:e1:b2:84:
                    5c:c5:81:9f:3b:7b:3e:11:f7:c2:93:a0:f6:bc:fd:
                    bc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3F:32:86:87:87:8A:6F:48:EB:EE:02:D4:81:85:05:92:F2:7E:F3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9a:d8:05:48:ec:2b:5e:a4:b3:96:ee:6a:85:b1:b1:63:92:
         da:92:8a:2d:6c:96:4b:ea:49:bd:6f:99:6d:31:d4:b0:47:64:
         21:8d:3a:6d:b6:26:b6:36:50:2d:b9:a0:25:36:6e:60:fe:ec:
         02:4f:30:dd:99:ba:59:09:50:e7:fb:94:8c:6e:ef:be:ce:cc:
         df:81:68:54:df:a4:3f:24:06:da:a6:d6:f3:cf:97:c2:c3:02:
         e2:f3:41:99:33:f7:ac:a7:3c:3f:dd:5a:1c:3d:14:89:b3:c1:
         45:b5:6d:47:e5:9c:31:b0:d8:80:b3:38:25:80:d6:65:e7:55:
         0e:e3:ff:8b:94:b3:1c:b1:2f:c2:64:42:eb:55:71:e8:4d:f3:
         24:5a:de:ba:c0:c2:90:11:6e:3e:85:ba:cf:f0:8d:c5:eb:5a:
         e2:7d:86:62:92:a1:33:61:af:4f:1a:71:e4:40:56:ab:c2:61:
         94:1d:e1:9f:ed:8a:dd:50:df:9d:98:e5:50:02:9f:dd:ab:be:
         0c:cc:ff:fa:42:c1:6d:e3:d9:2a:fd:41:90:ae:9a:44:09:22:
         5a:52:b5:37:f5:dd:66:ba:ef:87:5e:f6:21:cf:c7:bf:6c:0a:
         a4:f7:0a:31:49:f4:c2:13:27:52:8b:3f:9c:f0:79:4c:e2:66:
         91:5e:2f:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUO5KUBmh5H2LSPaiXmXRAvi4r/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MDIxMTA2MTlaFw0yNTA1MDExMTExMTlaMDMxMTAvBgNV
BAMTKDM4M0YzMjg2ODc4NzhBNkY0OEVCRUUwMkQ0ODE4NTA1OTJGMjdFRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpYrzXKEIyq5FLzqNT4cZ7LyNf
FfC4GGO4em47jnpqafDIhPLMw+bQzY4X8E/L7bGXs4ejWoPtAMmsYv9F8Z2/yQ/r
HHW3/0IKq9MDUEXyQYCfYChzVrPWbQpNt6r1rZ7kkV+c9LFwMa7qBhkMoWgcH2EZ
fikZj0+7VEEx+QPprF2/+PzQ+uEPk1Ob2AuZojAdKOLo90krq+8tID+xk+4KKwhn
eHuxSpGm1Xqgvit0gdYJvr9xq5E75ZZ0ILTPHYM8CnLG98PNKfsvDIml3iLd1zqL
B0OhugVFo5yV3oFzFs38BUiy7/rTuSlDk+GyhFzFgZ87ez4R98KToPa8/bznAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOD8yhoeHim9I6+4C1IGFBZLyfvMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFn6
MA0GCSqGSIb3DQEBCwUAA4IBAQBrmtgFSOwrXqSzlu5qhbGxY5LakootbJZL6km9
b5ltMdSwR2QhjTpttia2NlAtuaAlNm5g/uwCTzDdmbpZCVDn+5SMbu++zszfgWhU
36Q/JAbaptbzz5fCwwLi80GZM/espzw/3VocPRSJs8FFtW1H5ZwxsNiAszglgNZl
51UO4/+LlLMcsS/CZELrVXHoTfMkWt66wMKQEW4+hbrP8I3F61rifYZikqEzYa9P
GnHkQFarwmGUHeGf7YrdUN+dmOVQAp/dq74MzP/6QsFt49kq/UGQrppECSJaUrU3
9d1muu+HXvYhz8e/bAqk9woxSfTCEydSiz+c8HlM4maRXi98
-----END CERTIFICATE-----