Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215181.roa
File:                     AS215181.roa (raw, json)
Hash identifier:          6wV7HJbOqwh9lIvPzwJBrhUElYyZjSPEkq/qxc1M3KQ=
Subject key identifier:   6D:43:AA:74:3A:CC:81:F3:EA:25:C9:F9:4F:7D:77:AC:7E:92:AA:81
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       25C297D4AE0AFC48FA8F2E4EAB2C016BD11BCF71
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215181.roa
Signing time:             Sat 01 Jun 2024 21:51:31 +0000
ROA not before:           Sat 01 Jun 2024 21:46:31 +0000
ROA not after:            Sat 31 May 2025 21:51:31 +0000
asID:                     215181
IP address blocks:        141.11.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:c2:97:d4:ae:0a:fc:48:fa:8f:2e:4e:ab:2c:01:6b:d1:1b:cf:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  1 21:46:31 2024 GMT
            Not After : May 31 21:51:31 2025 GMT
        Subject: CN=6D43AA743ACC81F3EA25C9F94F7D77AC7E92AA81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c3:4f:a0:cd:e4:5b:80:2e:de:84:8c:74:71:
                    3e:36:1e:ee:9b:3b:db:f4:20:ac:af:70:f3:70:07:
                    5d:ba:ff:c8:7e:72:34:99:ed:cf:b9:1b:49:1d:9a:
                    03:fc:d8:7a:11:38:9f:13:64:70:8e:de:21:5d:58:
                    7e:95:7d:32:dd:d8:db:93:99:0f:83:07:1e:6c:bb:
                    02:21:9e:9c:fe:b4:b5:12:14:e7:05:55:1e:71:58:
                    13:b3:35:d6:b0:dd:6f:2b:a0:99:8f:25:9f:b0:cf:
                    71:c0:a7:d6:bb:9c:41:f5:da:6d:34:87:02:7e:cc:
                    ab:59:ec:1b:d0:5f:79:b5:da:37:76:52:fb:2b:c9:
                    63:54:66:49:b6:71:75:93:cf:b8:2b:ca:16:64:42:
                    cf:74:ac:e9:5b:3a:2d:23:10:9e:da:c4:1b:e4:de:
                    72:36:51:ee:76:d1:ff:05:8f:47:19:dc:01:d5:09:
                    30:25:08:e2:82:80:0a:70:b6:60:0e:a9:a8:8d:c4:
                    ca:40:a9:64:b3:9b:04:83:1d:4e:13:7e:82:af:d0:
                    53:db:0a:fb:3b:d1:4d:1a:84:6c:59:bc:36:79:49:
                    3c:9a:af:ef:86:d4:49:d1:5d:60:4a:11:1c:46:0a:
                    b9:c3:e4:42:a8:ec:68:c9:da:65:fd:8b:be:ed:03:
                    91:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:43:AA:74:3A:CC:81:F3:EA:25:C9:F9:4F:7D:77:AC:7E:92:AA:81
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:cb:c4:55:5f:a7:2a:a8:de:7a:d5:27:ad:53:d5:fe:00:06:
         ef:97:01:a5:85:d1:25:9a:36:13:31:44:d5:15:85:b0:95:2e:
         78:e2:4f:ee:78:55:b2:d2:4c:84:82:e8:57:e6:f4:e0:ce:9b:
         ed:b6:ea:68:04:c0:f1:c1:33:81:3c:e7:f5:49:eb:7a:bc:a1:
         6b:b5:a2:62:46:d7:07:f7:d5:d0:90:5c:3e:d7:22:88:54:bd:
         8c:17:45:63:d0:1b:a7:5d:07:50:ac:0c:f5:df:0d:a5:62:d1:
         64:3d:6a:00:d5:74:c8:8d:04:54:db:92:14:7e:2c:ef:04:a8:
         fe:ad:7b:61:dd:b3:69:ee:5d:2b:39:c6:f4:05:f5:81:16:f4:
         9b:50:42:f4:48:c7:6d:2d:68:1e:4e:b6:b7:aa:92:4d:80:5f:
         c9:85:05:91:73:a2:53:4b:5e:7e:99:f6:93:57:8f:c3:ed:cc:
         15:a5:ed:8f:bb:bd:14:8e:b5:27:85:1b:9d:90:f3:a4:25:d7:
         c1:46:64:2d:f9:a4:8c:97:1f:40:6e:a4:62:ad:a1:22:74:07:
         45:e3:bc:84:ed:0d:58:a0:a5:44:26:f0:7e:b0:e1:25:db:bf:
         18:d9:0e:83:7f:7f:13:6c:c1:ee:1a:32:74:19:6a:3f:76:a7:
         0d:b3:db:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJcKX1K4K/Ej6jy5OqywBa9Ebz3EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MDEyMTQ2MzFaFw0yNTA1MzEyMTUxMzFaMDMxMTAvBgNV
BAMTKDZENDNBQTc0M0FDQzgxRjNFQTI1QzlGOTRGN0Q3N0FDN0U5MkFBODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuw0+gzeRbgC7ehIx0cT42Hu6b
O9v0IKyvcPNwB126/8h+cjSZ7c+5G0kdmgP82HoROJ8TZHCO3iFdWH6VfTLd2NuT
mQ+DBx5suwIhnpz+tLUSFOcFVR5xWBOzNdaw3W8roJmPJZ+wz3HAp9a7nEH12m00
hwJ+zKtZ7BvQX3m12jd2UvsryWNUZkm2cXWTz7gryhZkQs90rOlbOi0jEJ7axBvk
3nI2Ue520f8Fj0cZ3AHVCTAlCOKCgApwtmAOqaiNxMpAqWSzmwSDHU4TfoKv0FPb
Cvs70U0ahGxZvDZ5STyar++G1EnRXWBKERxGCrnD5EKo7GjJ2mX9i77tA5HRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbUOqdDrMgfPqJcn5T313rH6SqoEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsw
MA0GCSqGSIb3DQEBCwUAA4IBAQCTy8RVX6cqqN561SetU9X+AAbvlwGlhdElmjYT
MUTVFYWwlS544k/ueFWy0kyEguhX5vTgzpvttupoBMDxwTOBPOf1Set6vKFrtaJi
RtcH99XQkFw+1yKIVL2MF0Vj0BunXQdQrAz13w2lYtFkPWoA1XTIjQRU25IUfizv
BKj+rXth3bNp7l0rOcb0BfWBFvSbUEL0SMdtLWgeTra3qpJNgF/JhQWRc6JTS15+
mfaTV4/D7cwVpe2Pu70UjrUnhRudkPOkJdfBRmQt+aSMlx9AbqRiraEidAdF47yE
7Q1YoKVEJvB+sOEl278Y2Q6Df38TbMHuGjJ0GWo/dqcNs9uh
-----END CERTIFICATE-----