Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215028.roa
File:                     AS215028.roa (raw, json)
Hash identifier:          o0QcQfYg3QAdZ6c1Hgi+wt/3J+tLabHMN55zzO6QeWA=
Subject key identifier:   96:85:04:1B:B8:4D:18:48:C3:97:A8:09:3C:D7:DE:52:F4:AA:91:A3
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       0B6D56689C795F9427E24183733473BF3017E0FA
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215028.roa
Signing time:             Fri 24 May 2024 01:35:47 +0000
ROA not before:           Fri 24 May 2024 01:30:47 +0000
ROA not after:            Fri 23 May 2025 01:35:47 +0000
asID:                     215028
IP address blocks:        2a0f:85c1:3b3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:6d:56:68:9c:79:5f:94:27:e2:41:83:73:34:73:bf:30:17:e0:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 24 01:30:47 2024 GMT
            Not After : May 23 01:35:47 2025 GMT
        Subject: CN=9685041BB84D1848C397A8093CD7DE52F4AA91A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:97:6e:6c:71:5b:0a:c8:93:a7:bb:f0:6e:90:
                    dc:95:da:5b:98:cf:ad:21:71:d5:32:70:4d:4b:e1:
                    68:5a:17:bf:a7:eb:76:1d:8a:9c:e5:e9:5f:f1:83:
                    11:6b:57:57:9e:eb:93:5a:89:38:50:76:fb:cb:7f:
                    0a:bc:dd:85:b8:a9:67:c4:a1:9b:61:90:c4:33:05:
                    06:18:a2:71:90:45:a4:88:6c:a8:38:34:c4:cd:2c:
                    8b:7b:68:e7:4a:7f:e1:ea:74:6a:28:df:92:03:be:
                    7d:af:51:46:03:d1:87:5e:71:be:44:27:31:6b:ad:
                    99:ad:fe:fe:e0:fb:d1:81:fe:8c:e6:8c:65:10:6b:
                    f7:d8:ef:91:21:0a:8f:bc:39:b5:71:22:eb:8f:21:
                    ff:e5:8b:7e:b9:10:2e:8b:21:42:ca:e9:f0:27:df:
                    29:6c:cc:d8:9d:13:19:b2:d2:bf:20:80:24:07:55:
                    7b:8c:d7:90:68:57:32:2e:56:55:8c:61:3c:41:2a:
                    ed:68:85:77:34:ee:b0:18:11:47:69:ad:80:4f:80:
                    eb:d6:b4:55:9e:b1:79:e2:53:52:ed:fa:2a:21:b4:
                    ea:26:c7:53:8f:c1:2d:45:79:04:ee:6c:64:14:fa:
                    80:6a:2f:8b:61:e3:cf:ac:17:a8:50:f1:a9:69:07:
                    e3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:85:04:1B:B8:4D:18:48:C3:97:A8:09:3C:D7:DE:52:F4:AA:91:A3
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b3::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:94:41:e6:d1:21:93:5a:f6:8e:14:6a:a6:bd:b1:4d:48:ff:
         44:34:e8:52:a4:b1:1d:3c:9e:69:db:64:7e:4b:06:04:d9:14:
         3a:7f:7f:39:ab:f9:60:dc:04:d7:6a:06:d4:f1:d5:07:ee:86:
         58:03:83:c6:ad:8e:bc:ee:17:f2:67:9a:0d:0f:e8:f6:a0:1e:
         be:11:79:46:b6:d7:56:2c:7a:d3:df:34:37:79:4b:93:34:08:
         df:9e:0e:2b:27:11:b9:65:c6:53:08:c2:88:ad:99:54:95:06:
         21:7c:76:75:52:a0:5d:a4:67:59:78:2c:0e:c7:c3:d6:da:46:
         b6:33:48:67:76:b0:55:15:08:4f:33:eb:61:8b:8f:96:7c:d5:
         67:9f:5f:a3:80:f8:32:5a:ce:46:6e:72:c7:0e:99:13:85:b1:
         fb:8f:c3:71:f5:de:03:9c:ae:d4:43:1d:af:c1:9a:fc:80:56:
         13:51:fd:4c:66:9e:1c:67:55:b0:51:93:14:c3:dd:66:71:0e:
         d4:1b:24:97:f6:b4:58:18:91:5d:84:8b:bb:cb:3a:8e:fe:2b:
         86:da:f5:d9:1d:2d:f6:f1:79:d4:bd:8f:64:fe:c5:ff:26:8d:
         9b:bb:ab:20:19:cc:90:73:5e:44:1c:8f:91:16:b0:9c:2d:36:
         3f:a0:c4:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUC21WaJx5X5Qn4kGDczRzvzAX4PowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjQwMTMwNDdaFw0yNTA1MjMwMTM1NDdaMDMxMTAvBgNV
BAMTKDk2ODUwNDFCQjg0RDE4NDhDMzk3QTgwOTNDRDdERTUyRjRBQTkxQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXl25scVsKyJOnu/BukNyV2luY
z60hcdUycE1L4WhaF7+n63Ydipzl6V/xgxFrV1ee65NaiThQdvvLfwq83YW4qWfE
oZthkMQzBQYYonGQRaSIbKg4NMTNLIt7aOdKf+HqdGoo35IDvn2vUUYD0Ydecb5E
JzFrrZmt/v7g+9GB/ozmjGUQa/fY75EhCo+8ObVxIuuPIf/li365EC6LIULK6fAn
3ylszNidExmy0r8ggCQHVXuM15BoVzIuVlWMYTxBKu1ohXc07rAYEUdprYBPgOvW
tFWesXniU1Lt+iohtOomx1OPwS1FeQTubGQU+oBqL4th48+sF6hQ8alpB+O9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUloUEG7hNGEjDl6gJPNfeUvSqkaMwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MDI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOzMA0GCSqGSIb3DQEBCwUAA4IBAQCKlEHm0SGTWvaOFGqmvbFNSP9ENOhSpLEd
PJ5p22R+SwYE2RQ6f385q/lg3ATXagbU8dUH7oZYA4PGrY687hfyZ5oND+j2oB6+
EXlGttdWLHrT3zQ3eUuTNAjfng4rJxG5ZcZTCMKIrZlUlQYhfHZ1UqBdpGdZeCwO
x8PW2ka2M0hndrBVFQhPM+thi4+WfNVnn1+jgPgyWs5GbnLHDpkThbH7j8Nx9d4D
nK7UQx2vwZr8gFYTUf1MZp4cZ1WwUZMUw91mcQ7UGySX9rRYGJFdhIu7yzqO/iuG
2vXZHS328XnUvY9k/sX/Jo2bu6sgGcyQc15EHI+RFrCcLTY/oMQr
-----END CERTIFICATE-----