Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215039.roa
File:                     AS215039.roa (raw, json)
Hash identifier:          HLWuJMayWgg5iTSEZK4Aczg71GXwIgUaRKG+D17Gn88=
Subject key identifier:   55:45:3D:D7:2A:D4:AE:48:74:62:BF:02:22:75:73:99:B9:08:C5:E7
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5B5B5FBADC68400D9FDBA809F2C3766ED797358D
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215039.roa
Signing time:             Thu 23 May 2024 16:49:08 +0000
ROA not before:           Thu 23 May 2024 16:44:08 +0000
ROA not after:            Thu 22 May 2025 16:49:08 +0000
asID:                     215039
IP address blocks:        2a0f:85c1:3c9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:5b:5f:ba:dc:68:40:0d:9f:db:a8:09:f2:c3:76:6e:d7:97:35:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:08 2024 GMT
            Not After : May 22 16:49:08 2025 GMT
        Subject: CN=55453DD72AD4AE487462BF0222757399B908C5E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:75:fe:f2:e2:6b:50:7d:74:bc:b7:d4:52:3d:
                    73:de:a3:a0:02:d8:68:5e:1e:41:c1:70:12:d9:78:
                    48:ce:54:ab:b3:da:a1:df:5a:d7:58:6f:6e:3e:d2:
                    c1:2d:c1:83:af:5d:18:39:59:6a:26:ee:df:ee:8d:
                    dc:c0:f2:aa:d8:71:27:c1:72:c7:d7:bf:fe:c0:77:
                    c9:68:bd:d7:24:88:75:f8:51:13:dd:fe:ef:05:b1:
                    65:0d:ed:27:27:60:22:16:e5:91:0a:0f:98:d1:2b:
                    90:c9:fe:1d:58:8b:21:59:36:f5:cd:48:bf:1c:91:
                    3f:4b:78:73:47:31:37:fe:9d:00:0c:ea:df:db:40:
                    44:b0:47:3b:3b:30:0d:88:76:e5:01:8b:de:ae:27:
                    d0:68:5c:15:e3:6b:40:d8:e0:5a:23:e0:d7:2d:43:
                    2d:d3:c1:f8:fe:2b:21:57:11:79:de:b0:0c:85:e2:
                    ea:26:b4:72:c2:b6:b0:3f:ab:e7:46:66:e7:02:06:
                    61:7d:9f:ec:f4:60:80:8c:e6:c2:b8:aa:80:a3:82:
                    e5:4a:df:47:c1:5c:f8:3c:c9:73:ef:bd:61:27:37:
                    8a:3b:32:1a:2c:6b:b5:45:80:2f:77:71:a9:68:4b:
                    46:c5:12:ff:63:98:77:e6:f9:d8:60:d3:9f:d2:6e:
                    f8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:45:3D:D7:2A:D4:AE:48:74:62:BF:02:22:75:73:99:B9:08:C5:E7
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3c9::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:f6:07:40:7a:7c:33:f7:0f:6f:db:8c:5e:7d:d6:9b:fd:eb:
         32:b5:5d:72:04:af:fc:c5:98:b8:4c:15:7c:1b:74:42:ed:89:
         fd:87:40:0a:de:89:b4:d9:dc:17:38:51:00:04:3a:0d:aa:04:
         c8:60:52:3a:83:14:f1:db:3f:aa:97:8b:bb:ed:e5:29:ef:7b:
         e7:d1:f8:6c:7a:af:bc:3f:03:51:7e:97:ae:46:05:d7:00:26:
         65:df:73:2a:aa:a9:70:3e:f0:6a:5e:2e:8d:0c:0f:8d:c6:4a:
         5c:89:c2:d7:ee:61:27:20:d5:f9:f4:09:91:ef:6d:ae:dd:8c:
         1e:26:cd:c7:81:3c:91:c5:85:cc:9b:c5:dc:65:65:fe:77:5c:
         66:79:fd:bf:d6:2c:5d:62:69:23:6e:62:a5:93:ab:48:ef:fb:
         28:d7:10:fa:bb:ef:f9:64:7f:be:f8:cd:8b:c5:94:29:fa:ae:
         1e:be:68:d7:fa:f8:13:dc:98:b9:01:31:15:86:17:45:43:9f:
         32:d3:bb:c6:9b:9c:86:b3:db:53:61:d4:d5:71:31:99:45:61:
         2d:f1:be:e4:03:82:72:49:24:49:6b:c1:9e:e3:14:63:92:3b:
         b5:22:f1:e9:6a:e9:30:8d:fc:55:57:05:1e:67:4c:5c:c1:34:
         0e:d6:25:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUW1tfutxoQA2f26gJ8sN2bteXNY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDhaFw0yNTA1MjIxNjQ5MDhaMDMxMTAvBgNV
BAMTKDU1NDUzREQ3MkFENEFFNDg3NDYyQkYwMjIyNzU3Mzk5QjkwOEM1RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9df7y4mtQfXS8t9RSPXPeo6AC
2GheHkHBcBLZeEjOVKuz2qHfWtdYb24+0sEtwYOvXRg5WWom7t/ujdzA8qrYcSfB
csfXv/7Ad8lovdckiHX4URPd/u8FsWUN7ScnYCIW5ZEKD5jRK5DJ/h1YiyFZNvXN
SL8ckT9LeHNHMTf+nQAM6t/bQESwRzs7MA2IduUBi96uJ9BoXBXja0DY4Foj4Nct
Qy3Twfj+KyFXEXnesAyF4uomtHLCtrA/q+dGZucCBmF9n+z0YICM5sK4qoCjguVK
30fBXPg8yXPvvWEnN4o7Mhosa7VFgC93caloS0bFEv9jmHfm+dhg05/SbvhLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVUU91yrUrkh0Yr8CInVzmbkIxecwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPJMA0GCSqGSIb3DQEBCwUAA4IBAQCN9gdAenwz9w9v24xefdab/esytV1yBK/8
xZi4TBV8G3RC7Yn9h0AK3om02dwXOFEABDoNqgTIYFI6gxTx2z+ql4u77eUp73vn
0fhseq+8PwNRfpeuRgXXACZl33MqqqlwPvBqXi6NDA+NxkpcicLX7mEnINX59AmR
722u3YweJs3HgTyRxYXMm8XcZWX+d1xmef2/1ixdYmkjbmKlk6tI7/so1xD6u+/5
ZH+++M2LxZQp+q4evmjX+vgT3Ji5ATEVhhdFQ58y07vGm5yGs9tTYdTVcTGZRWEt
8b7kA4JySSRJa8Ge4xRjkju1IvHpaukwjfxVVwUeZ0xcwTQO1iVH
-----END CERTIFICATE-----