Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215108.roa
File:                     AS215108.roa (raw, json)
Hash identifier:          cNopuogejn6oD4sNVeqG/nIMOQwnU2AjWHcML2YhXIg=
Subject key identifier:   FC:6B:C7:18:20:A4:0B:C6:39:D3:53:1B:21:D8:07:7D:28:50:3F:B9
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1D68036E2F60D06807ED9FEC85C63B2C50BDF791
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215108.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215108
IP address blocks:        2a0f:85c1:3bf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:68:03:6e:2f:60:d0:68:07:ed:9f:ec:85:c6:3b:2c:50:bd:f7:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=FC6BC71820A40BC639D3531B21D8077D28503FB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:32:67:b2:1a:98:2f:f5:1e:4a:d2:9f:f6:0f:
                    d9:e1:4c:70:b6:98:15:68:23:57:64:7e:5f:8d:c0:
                    a7:ea:d0:69:b4:36:39:ea:9c:6b:55:9b:a5:46:b9:
                    2b:0e:bb:9c:e4:8b:32:cc:34:84:f3:fc:80:b8:11:
                    05:7a:b4:f3:89:a4:4e:b6:26:fd:07:25:34:a2:db:
                    08:af:ee:34:7e:74:a8:90:33:a4:60:af:77:de:b0:
                    c5:52:63:08:a7:1b:52:ed:fd:46:22:96:9e:83:fa:
                    ff:2a:6b:ee:15:f7:04:20:8d:d8:c3:dc:80:a9:8d:
                    6f:5a:81:fa:79:67:00:52:5b:4d:c1:de:c3:fc:4f:
                    4b:07:f9:9c:7e:a4:0e:7b:02:0e:17:56:2f:ba:1b:
                    3b:50:cc:a5:c7:d0:ce:a3:c0:85:05:bd:20:28:d5:
                    8e:e5:1f:0b:08:58:a9:d8:75:da:53:87:80:a4:4a:
                    81:84:00:f3:d5:e4:9b:6d:64:1a:f8:7e:ee:af:ee:
                    a0:d8:76:ba:ce:a4:d2:e7:e8:33:3f:23:48:cd:3f:
                    30:63:96:7b:56:bf:35:7f:50:0d:e3:2d:a7:76:0c:
                    b4:78:fc:79:3b:fc:8c:fe:88:54:b8:b0:02:07:d0:
                    e5:52:00:4c:f5:94:c8:4a:36:f2:44:4f:49:d9:88:
                    d5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:6B:C7:18:20:A4:0B:C6:39:D3:53:1B:21:D8:07:7D:28:50:3F:B9
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215108.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3bf::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:2d:a3:3b:90:6a:79:58:3f:67:14:00:5e:54:d7:b5:a9:a9:
         eb:62:5a:0c:f2:66:70:16:3f:c0:22:19:58:df:09:29:0e:81:
         78:7f:1c:71:e2:94:8d:81:1a:68:37:6a:78:bc:37:d5:fe:63:
         fe:03:e7:09:d4:ec:d2:8f:3d:e1:d0:40:2b:1f:68:72:12:02:
         9d:ba:ef:5c:b6:f6:b0:29:89:99:fc:84:ab:a7:83:1e:84:7f:
         bb:ce:cb:05:84:31:8a:d6:b0:d4:e3:8c:b4:aa:f3:8c:6c:31:
         3e:38:4b:6f:22:f1:ee:87:9c:62:ef:39:85:f1:d1:22:c6:d5:
         6e:0c:5e:b0:23:78:42:ac:68:17:52:16:7d:d5:b5:dc:b2:89:
         4a:e4:39:95:9e:40:d5:aa:d9:5d:b6:28:1f:2b:c9:31:fd:57:
         b0:ef:1b:d4:c0:59:69:b5:cb:b5:f1:a5:41:a4:72:20:60:d0:
         75:c2:37:b9:d0:cf:9d:05:ec:cc:68:f3:82:21:45:4d:c6:88:
         a6:65:cf:66:5c:b7:53:b3:0f:1a:c2:d4:2e:76:c5:9c:43:2e:
         f6:21:9f:66:ad:1d:b0:0e:14:5d:1b:a6:3f:bf:bd:d6:38:e9:
         74:79:6b:74:b0:9e:5e:84:57:db:e8:b3:b1:8a:e6:ab:6e:0f:
         24:c3:13:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHWgDbi9g0GgH7Z/shcY7LFC995EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKEZDNkJDNzE4MjBBNDBCQzYzOUQzNTMxQjIxRDgwNzdEMjg1MDNGQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMMmeyGpgv9R5K0p/2D9nhTHC2
mBVoI1dkfl+NwKfq0Gm0NjnqnGtVm6VGuSsOu5zkizLMNITz/IC4EQV6tPOJpE62
Jv0HJTSi2wiv7jR+dKiQM6Rgr3fesMVSYwinG1Lt/UYilp6D+v8qa+4V9wQgjdjD
3ICpjW9agfp5ZwBSW03B3sP8T0sH+Zx+pA57Ag4XVi+6GztQzKXH0M6jwIUFvSAo
1Y7lHwsIWKnYddpTh4CkSoGEAPPV5JttZBr4fu6v7qDYdrrOpNLn6DM/I0jNPzBj
lntWvzV/UA3jLad2DLR4/Hk7/Iz+iFS4sAIH0OVSAEz1lMhKNvJET0nZiNVXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/GvHGCCkC8Y501MbIdgHfShQP7kwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO/MA0GCSqGSIb3DQEBCwUAA4IBAQCILaM7kGp5WD9nFABeVNe1qanrYloM8mZw
Fj/AIhlY3wkpDoF4fxxx4pSNgRpoN2p4vDfV/mP+A+cJ1OzSjz3h0EArH2hyEgKd
uu9ctvawKYmZ/ISrp4MehH+7zssFhDGK1rDU44y0qvOMbDE+OEtvIvHuh5xi7zmF
8dEixtVuDF6wI3hCrGgXUhZ91bXcsolK5DmVnkDVqtldtigfK8kx/Vew7xvUwFlp
tcu18aVBpHIgYNB1wje50M+dBezMaPOCIUVNxoimZc9mXLdTsw8awtQudsWcQy72
IZ9mrR2wDhRdG6Y/v73WOOl0eWt0sJ5ehFfb6LOxiuarbg8kwxNG
-----END CERTIFICATE-----