Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215567.roa
File:                     AS215567.roa (raw, json)
Hash identifier:          fRjdmHa56bQV65m1hee/dy861suvLScN9QJ3AGLr1is=
Subject key identifier:   F9:81:CA:98:06:86:BE:91:04:D0:D9:65:C0:1D:73:A2:89:87:A4:89
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3DFC025037DB45CCFFAFD31C1309739BFBF72F63
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215567.roa
Signing time:             Wed 14 Feb 2024 17:11:01 +0000
ROA not before:           Wed 14 Feb 2024 17:06:01 +0000
ROA not after:            Wed 12 Feb 2025 17:11:01 +0000
asID:                     215567
IP address blocks:        45.152.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:fc:02:50:37:db:45:cc:ff:af:d3:1c:13:09:73:9b:fb:f7:2f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 14 17:06:01 2024 GMT
            Not After : Feb 12 17:11:01 2025 GMT
        Subject: CN=F981CA980686BE9104D0D965C01D73A28987A489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:be:77:a6:32:b8:09:d1:e1:68:af:7d:42:f3:
                    9f:87:b5:07:a7:ba:28:bd:d1:f4:62:5f:58:00:0b:
                    5f:82:10:cd:e8:ce:8d:a9:c7:59:32:05:4f:76:d9:
                    5f:cb:f3:55:22:14:98:a9:22:67:9f:96:ee:0e:22:
                    8e:17:37:8c:50:66:31:25:5f:08:75:b7:1f:2f:a2:
                    f4:7b:db:0e:96:72:79:21:59:85:3e:e3:35:a1:41:
                    83:dd:78:df:52:bf:b2:78:10:c4:07:f9:c8:92:48:
                    9b:92:16:98:7f:b8:c0:83:62:1b:f2:ce:ea:69:d8:
                    65:e8:f1:58:d9:8b:68:30:ec:ee:52:56:5f:1e:f4:
                    28:6a:78:2a:18:49:cd:03:64:c3:58:06:7e:aa:67:
                    df:09:16:81:9c:db:12:e7:1e:79:96:f0:e0:87:94:
                    0f:5d:d2:63:7e:2d:7c:4d:dc:29:6c:5c:98:d7:27:
                    d9:d9:00:1f:0e:5d:14:de:c1:d5:2e:f6:d1:b0:7c:
                    f6:d3:f4:3c:25:b5:81:0b:8a:19:20:4d:23:ac:2b:
                    27:1b:8d:3d:c9:8e:3a:f6:e4:e9:0f:54:8e:d7:f2:
                    d6:77:52:d1:55:1d:e4:d8:ca:39:66:be:46:e0:ce:
                    b3:5e:8f:69:ee:51:ad:13:45:c4:98:fa:49:b2:30:
                    fd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:81:CA:98:06:86:BE:91:04:D0:D9:65:C0:1D:73:A2:89:87:A4:89
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215567.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:33:81:b5:ca:1b:f0:c8:b3:cf:fa:45:e1:c3:ff:37:24:a3:
         7e:27:73:52:d7:c7:93:b8:da:c6:d3:bb:67:4f:13:a8:30:69:
         f4:6f:cd:0e:48:2f:5f:80:56:1a:81:bb:c1:38:af:0c:8d:6c:
         49:93:7f:05:2a:4e:d3:da:58:28:12:6c:53:9d:26:02:94:c2:
         33:fd:05:c2:13:06:55:a8:80:c5:35:21:b0:db:e7:a5:63:81:
         2a:cc:8e:37:c9:8e:f3:99:dd:8a:37:74:61:05:a1:aa:be:f8:
         77:ff:72:e7:f8:30:24:23:1a:d2:97:2e:d8:55:a8:c3:b5:51:
         3c:42:99:d9:03:2b:30:2b:9f:b8:b1:a6:a7:03:72:32:8f:40:
         d9:fd:b0:e7:bc:97:0a:53:17:7d:47:a4:be:95:5c:23:5f:84:
         2c:f4:12:6c:c9:e1:5b:e1:6c:1d:c5:46:00:d5:4d:3e:ff:cf:
         4a:75:06:a6:0c:a6:85:8f:48:eb:65:5e:bd:bd:4e:06:12:90:
         dc:60:ab:c2:f2:09:f6:45:60:62:7f:b4:09:2d:36:34:83:b8:
         93:7a:43:16:02:1b:44:f4:df:2f:85:96:2e:31:4b:03:85:27:
         ec:d9:8a:13:28:7d:0a:16:14:84:fe:86:c7:f5:11:f7:9f:ee:
         e4:87:a9:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPfwCUDfbRcz/r9McEwlzm/v3L2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMTQxNzA2MDFaFw0yNTAyMTIxNzExMDFaMDMxMTAvBgNV
BAMTKEY5ODFDQTk4MDY4NkJFOTEwNEQwRDk2NUMwMUQ3M0EyODk4N0E0ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBvnemMrgJ0eFor31C85+HtQen
uii90fRiX1gAC1+CEM3ozo2px1kyBU922V/L81UiFJipImeflu4OIo4XN4xQZjEl
Xwh1tx8vovR72w6WcnkhWYU+4zWhQYPdeN9Sv7J4EMQH+ciSSJuSFph/uMCDYhvy
zupp2GXo8VjZi2gw7O5SVl8e9ChqeCoYSc0DZMNYBn6qZ98JFoGc2xLnHnmW8OCH
lA9d0mN+LXxN3ClsXJjXJ9nZAB8OXRTewdUu9tGwfPbT9DwltYELihkgTSOsKycb
jT3Jjjr25OkPVI7X8tZ3UtFVHeTYyjlmvkbgzrNej2nuUa0TRcSY+kmyMP0FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+YHKmAaGvpEE0NllwB1zoomHpIkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE1NTY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZjz
MA0GCSqGSIb3DQEBCwUAA4IBAQC/M4G1yhvwyLPP+kXhw/83JKN+J3NS18eTuNrG
07tnTxOoMGn0b80OSC9fgFYagbvBOK8MjWxJk38FKk7T2lgoEmxTnSYClMIz/QXC
EwZVqIDFNSGw2+elY4EqzI43yY7zmd2KN3RhBaGqvvh3/3Ln+DAkIxrSly7YVajD
tVE8QpnZAyswK5+4saanA3Iyj0DZ/bDnvJcKUxd9R6S+lVwjX4Qs9BJsyeFb4Wwd
xUYA1U0+/89KdQamDKaFj0jrZV69vU4GEpDcYKvC8gn2RWBif7QJLTY0g7iTekMW
AhtE9N8vhZYuMUsDhSfs2YoTKH0KFhSE/obH9RH3n+7kh6mr
-----END CERTIFICATE-----