Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215580.roa
File:                     AS215580.roa (raw, json)
Hash identifier:          n+0PTO3VfjIyaGP73PtAcbAcmQye6pCEmuoHzlyP9xc=
Subject key identifier:   45:7C:71:1D:96:EB:1E:5D:8E:E9:7D:C8:3C:8F:2B:84:F5:D0:6A:69
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       65F7AEEF40DACD80601DD5A18A92DDD4B1176CFE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215580.roa
Signing time:             Tue 11 Jun 2024 10:17:32 +0000
ROA not before:           Tue 11 Jun 2024 10:12:32 +0000
ROA not after:            Tue 10 Jun 2025 10:17:32 +0000
asID:                     215580
IP address blocks:        45.157.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f7:ae:ef:40:da:cd:80:60:1d:d5:a1:8a:92:dd:d4:b1:17:6c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 11 10:12:32 2024 GMT
            Not After : Jun 10 10:17:32 2025 GMT
        Subject: CN=457C711D96EB1E5D8EE97DC83C8F2B84F5D06A69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a9:10:14:41:6c:98:1f:84:92:6d:87:cd:89:
                    fc:f8:39:aa:dd:cd:d8:18:81:94:a2:72:9b:f7:a3:
                    ee:04:76:c0:77:be:35:43:85:05:9f:ca:27:bb:91:
                    65:4c:9a:ba:d4:bf:db:18:d0:b6:09:f0:64:ce:12:
                    ee:51:ac:ac:ba:8e:b6:12:de:b9:9f:98:34:c9:77:
                    69:37:0b:56:35:12:12:36:c0:7b:f8:c2:1d:47:13:
                    52:35:f6:00:fb:29:51:f5:25:e0:6e:a8:45:6a:e6:
                    74:0a:ac:51:c8:2f:c4:fb:eb:04:bd:0c:a1:e0:fa:
                    77:1c:81:53:cf:65:43:f5:bd:46:15:d7:97:59:00:
                    f4:64:9d:c5:da:90:d6:a1:f7:8f:70:b8:44:42:5e:
                    c2:5b:2e:07:3e:54:94:4c:3d:41:67:f3:82:58:90:
                    4a:eb:8a:7f:b4:35:52:e8:41:f3:22:f8:c5:e7:68:
                    ce:bd:5d:f7:75:23:44:83:b7:9c:2a:50:16:52:4f:
                    b3:5d:1f:46:8a:5c:84:63:e8:ac:6f:21:16:50:d7:
                    c3:b1:78:25:b0:17:04:3f:e4:02:4c:99:f4:cb:6c:
                    22:44:e3:b1:37:0f:87:fa:d0:35:d9:16:94:59:d1:
                    f2:51:58:50:8e:7f:00:8b:03:73:df:de:c2:bb:ac:
                    85:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7C:71:1D:96:EB:1E:5D:8E:E9:7D:C8:3C:8F:2B:84:F5:D0:6A:69
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215580.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ea:79:d2:59:d2:7d:6b:c3:e5:a6:23:75:54:48:f6:b8:8e:
         26:a3:77:71:95:4f:8c:89:b1:77:6b:c3:64:af:61:32:8b:d9:
         bb:52:0c:47:65:61:df:a5:20:90:5b:24:1c:fd:13:e6:f5:5a:
         da:6e:72:3b:9a:c9:f2:b3:31:a3:54:c5:25:98:0f:38:83:2e:
         79:34:3a:95:5b:a7:78:57:60:6c:e7:47:11:c8:b0:4c:65:ab:
         25:b5:c2:c6:d2:55:46:34:49:98:e9:19:01:87:b6:22:72:17:
         94:ba:7a:48:21:65:57:2e:3b:ea:4c:8a:e3:28:d0:78:12:0b:
         ba:13:75:5a:2d:de:5f:f5:98:7c:2a:98:3e:e1:43:42:cb:dd:
         f6:8b:e5:e9:27:c3:17:77:ea:3b:e2:ac:55:40:5c:0a:a4:5e:
         9d:db:bc:60:47:ae:71:80:fa:81:bd:12:99:6d:e9:1a:cb:44:
         cc:57:f1:be:13:1b:4e:70:54:e5:75:60:3a:8f:d0:87:ed:79:
         9c:70:f4:20:6a:fb:39:0a:6d:ef:0c:01:50:14:ed:40:e8:7a:
         b4:04:36:72:1e:fd:4b:8b:73:3f:c8:b7:47:da:47:e7:7b:42:
         72:b9:64:0e:76:51:8a:55:0e:a0:82:5d:fa:87:75:75:b7:df:
         2d:98:af:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZfeu70DazYBgHdWhipLd1LEXbP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MTExMDEyMzJaFw0yNTA2MTAxMDE3MzJaMDMxMTAvBgNV
BAMTKDQ1N0M3MTFEOTZFQjFFNUQ4RUU5N0RDODNDOEYyQjg0RjVEMDZBNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiqRAUQWyYH4SSbYfNifz4Oard
zdgYgZSicpv3o+4EdsB3vjVDhQWfyie7kWVMmrrUv9sY0LYJ8GTOEu5RrKy6jrYS
3rmfmDTJd2k3C1Y1EhI2wHv4wh1HE1I19gD7KVH1JeBuqEVq5nQKrFHIL8T76wS9
DKHg+nccgVPPZUP1vUYV15dZAPRkncXakNah949wuERCXsJbLgc+VJRMPUFn84JY
kErrin+0NVLoQfMi+MXnaM69Xfd1I0SDt5wqUBZST7NdH0aKXIRj6KxvIRZQ18Ox
eCWwFwQ/5AJMmfTLbCJE47E3D4f60DXZFpRZ0fJRWFCOfwCLA3Pf3sK7rIWlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURXxxHZbrHl2O6X3IPI8rhPXQamkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE1NTgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0R
MA0GCSqGSIb3DQEBCwUAA4IBAQBo6nnSWdJ9a8PlpiN1VEj2uI4mo3dxlU+MibF3
a8Nkr2Eyi9m7UgxHZWHfpSCQWyQc/RPm9VrabnI7msnyszGjVMUlmA84gy55NDqV
W6d4V2Bs50cRyLBMZasltcLG0lVGNEmY6RkBh7YicheUunpIIWVXLjvqTIrjKNB4
Egu6E3VaLd5f9Zh8Kpg+4UNCy932i+XpJ8MXd+o74qxVQFwKpF6d27xgR65xgPqB
vRKZbekay0TMV/G+ExtOcFTldWA6j9CH7XmccPQgavs5Cm3vDAFQFO1A6Hq0BDZy
Hv1Li3M/yLdH2kfne0JyuWQOdlGKVQ6ggl36h3V1t98tmK8t
-----END CERTIFICATE-----