Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215105.roa
File:                     AS215105.roa (raw, json)
Hash identifier:          CXtc1kdQlHP7p/26Qjsis3U6cetAbqGTZkyOQJO5rgs=
Subject key identifier:   57:61:5D:0D:A3:57:37:2A:AE:D3:D2:B6:50:69:BA:53:F4:0E:7A:77
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7948E7A6A38A6785ED64193F47D82071D717CF2A
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215105.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     215105
IP address blocks:        2a0f:85c1:3b5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:48:e7:a6:a3:8a:67:85:ed:64:19:3f:47:d8:20:71:d7:17:cf:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=57615D0DA357372AAED3D2B65069BA53F40E7A77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2c:b6:1e:d3:79:24:55:f3:99:2a:95:21:28:
                    2e:56:71:9c:4e:02:49:8b:73:cd:40:c0:e3:7e:d4:
                    7e:cd:b6:65:e8:62:b4:50:38:fe:d4:97:9b:65:73:
                    8a:b5:38:ff:fa:80:98:88:cd:2d:8f:9f:e6:30:6c:
                    2e:7b:0f:cb:59:cb:dd:ff:25:8e:f4:33:bd:e0:35:
                    5f:8b:c3:3e:79:70:3a:4d:e7:b1:b0:fa:14:8f:07:
                    20:e2:72:aa:46:ed:9c:e8:8c:75:26:50:93:8a:48:
                    55:ed:36:d3:b4:56:13:ef:59:51:61:a7:e7:51:be:
                    54:7a:4a:bd:68:df:ad:b8:c8:c4:66:da:13:e4:13:
                    9a:ef:fe:c9:57:7b:b3:74:f4:03:ab:ff:6a:00:1f:
                    20:81:3f:30:d3:88:a4:02:7c:fa:ec:4f:94:16:74:
                    24:d3:40:5c:f7:f5:51:7f:13:c0:3c:8d:db:67:01:
                    d3:f3:8d:5f:11:01:bf:b0:45:8f:3d:2e:6e:e6:3e:
                    0e:39:48:6a:e4:4c:92:cd:36:b0:1e:a1:d3:e1:dc:
                    c6:a1:97:8a:55:23:9e:48:40:72:60:c7:19:be:db:
                    4e:8b:1f:08:cd:8d:52:c1:c8:c7:c3:61:84:6d:5c:
                    6c:dc:05:85:3b:14:8d:df:80:5f:39:5d:d4:90:96:
                    73:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:61:5D:0D:A3:57:37:2A:AE:D3:D2:B6:50:69:BA:53:F4:0E:7A:77
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215105.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b5::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:dc:b9:5b:68:27:ac:5d:31:e5:8b:34:82:b8:ce:bd:f6:f5:
         0a:7f:df:ca:44:95:d8:3f:f3:cc:ef:bd:42:9d:b7:fa:9d:1d:
         b7:2f:e9:79:e8:c4:78:0d:7a:78:59:a9:19:10:f5:75:ab:c7:
         f7:dc:87:43:fb:b4:4b:b7:12:27:c0:ac:70:4e:d8:32:df:46:
         07:ae:74:31:cc:fe:41:63:98:d6:53:47:39:04:ad:53:28:db:
         f4:bc:e6:a0:c7:0d:d2:80:2e:02:fc:3b:34:c7:75:7f:2c:08:
         96:a6:ed:0e:50:e8:92:59:98:2c:1f:b1:8f:15:43:1d:f5:e1:
         7f:d8:c9:e7:28:d4:56:27:88:79:73:e6:d9:6b:20:c9:a6:08:
         59:3a:26:5a:41:d4:4f:40:de:9f:1d:85:70:b1:9a:eb:bd:2e:
         16:88:10:13:06:85:d9:5f:ba:62:f4:55:12:b6:1f:d4:6f:54:
         e5:d2:40:b0:cc:d5:16:6f:ba:80:f3:a0:14:18:0b:6d:9d:37:
         5b:59:fd:9b:3a:a1:06:a5:02:1a:9b:8b:6b:6f:09:49:11:60:
         06:2a:3a:f9:5d:40:98:a7:29:0d:da:41:67:b6:e5:b0:f3:fc:
         b5:10:07:a2:0e:47:d6:8f:66:85:fb:3a:79:d4:5f:f6:6a:d2:
         e6:e8:66:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeUjnpqOKZ4XtZBk/R9ggcdcXzyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKDU3NjE1RDBEQTM1NzM3MkFBRUQzRDJCNjUwNjlCQTUzRjQwRTdBNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2LLYe03kkVfOZKpUhKC5WcZxO
AkmLc81AwON+1H7NtmXoYrRQOP7Ul5tlc4q1OP/6gJiIzS2Pn+YwbC57D8tZy93/
JY70M73gNV+Lwz55cDpN57Gw+hSPByDicqpG7ZzojHUmUJOKSFXtNtO0VhPvWVFh
p+dRvlR6Sr1o3624yMRm2hPkE5rv/slXe7N09AOr/2oAHyCBPzDTiKQCfPrsT5QW
dCTTQFz39VF/E8A8jdtnAdPzjV8RAb+wRY89Lm7mPg45SGrkTJLNNrAeodPh3Mah
l4pVI55IQHJgxxm+206LHwjNjVLByMfDYYRtXGzcBYU7FI3fgF85XdSQlnOFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUV2FdDaNXNyqu09K2UGm6U/QOencwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO1MA0GCSqGSIb3DQEBCwUAA4IBAQAS3LlbaCesXTHlizSCuM699vUKf9/KRJXY
P/PM771Cnbf6nR23L+l56MR4DXp4WakZEPV1q8f33IdD+7RLtxInwKxwTtgy30YH
rnQxzP5BY5jWU0c5BK1TKNv0vOagxw3SgC4C/Ds0x3V/LAiWpu0OUOiSWZgsH7GP
FUMd9eF/2MnnKNRWJ4h5c+bZayDJpghZOiZaQdRPQN6fHYVwsZrrvS4WiBATBoXZ
X7pi9FUSth/Ub1Tl0kCwzNUWb7qA86AUGAttnTdbWf2bOqEGpQIam4trbwlJEWAG
Kjr5XUCYpykN2kFntuWw8/y1EAeiDkfWj2aF+zp51F/2atLm6GYL
-----END CERTIFICATE-----