Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215134.roa
File:                     AS215134.roa (raw, json)
Hash identifier:          TRmAbOP0X2F9LSZJW8rPLpHfOgEMGFQMsqbXiqxJ2pk=
Subject key identifier:   38:F0:B8:BF:19:F3:E2:25:55:99:C5:2E:50:8D:3E:79:61:92:2C:65
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       115459D14CB56901A9E396A390A87D51D6230333
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215134.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215134
IP address blocks:        2a0f:85c1:3bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:54:59:d1:4c:b5:69:01:a9:e3:96:a3:90:a8:7d:51:d6:23:03:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=38F0B8BF19F3E2255599C52E508D3E7961922C65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:63:81:33:72:a9:61:3f:1c:5e:1c:f7:70:60:
                    76:ac:f4:40:bd:ef:85:8e:3d:ed:b4:a0:7e:77:99:
                    d3:46:cd:2f:b8:20:92:22:e2:21:d5:e3:d9:c5:cc:
                    08:68:91:2e:03:db:12:4f:e6:15:c4:3a:cd:6a:82:
                    f4:d4:de:d0:3b:e4:d2:da:e2:b3:43:3e:bb:d9:f1:
                    c8:e1:ea:c5:56:e4:54:32:57:db:7e:1d:1b:4d:99:
                    13:0b:fc:7a:f0:9f:e5:5c:02:a7:66:33:81:dc:82:
                    c3:de:56:84:61:80:ff:99:9a:6c:03:a0:5b:22:ba:
                    1e:c7:50:10:37:7d:4b:56:ad:83:7e:f3:15:1c:43:
                    a4:1e:35:f3:23:d8:5e:6a:49:57:e5:46:71:ec:3b:
                    07:50:cf:0a:7a:9a:3a:2c:93:74:25:e0:0b:2e:8b:
                    7f:82:50:17:03:15:40:4a:07:a7:fc:1b:f8:04:cf:
                    d1:12:60:9e:b7:e3:33:03:30:54:fe:45:01:8a:9b:
                    ca:07:dd:dc:c8:a7:ea:f0:2e:8b:d6:58:e8:1b:df:
                    16:97:e4:5d:94:0c:2a:ca:de:6f:b1:fe:f7:11:6a:
                    23:c1:21:7d:36:71:e0:c8:a4:91:b0:b2:ca:a8:32:
                    7b:06:de:12:b5:8c:10:05:af:6f:4b:a8:12:96:14:
                    1e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F0:B8:BF:19:F3:E2:25:55:99:C5:2E:50:8D:3E:79:61:92:2C:65
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:4d:de:34:41:25:12:3d:ef:4a:7f:1b:e3:a4:c1:6c:b4:c4:
         ca:31:f8:26:d3:2b:9d:cf:07:99:bc:cf:8f:c6:70:f2:24:69:
         cc:65:9c:37:7f:0e:3f:6a:b1:8e:05:b7:e4:2e:f3:5d:52:7d:
         6b:e2:8e:7a:26:13:2c:a3:dc:7e:1f:fa:e8:89:c5:25:f7:9b:
         6c:8a:f4:12:27:c4:d9:c9:0a:61:30:c6:68:f1:7a:33:b8:ec:
         6e:8d:e0:c7:ba:0b:e7:d6:ef:34:45:74:8f:bd:61:38:03:ab:
         c9:62:08:3d:c6:76:81:38:b2:06:58:12:aa:e7:b8:8d:3f:d6:
         0e:99:a6:5c:6b:cd:b3:b9:91:92:18:d9:34:44:47:54:84:9e:
         b6:ab:d5:2d:46:10:12:5d:05:af:39:3a:a5:b7:b0:d9:67:55:
         62:10:ab:bb:2e:83:ab:0a:47:cf:b3:1d:38:fa:fe:9f:09:66:
         89:fa:7c:56:93:b9:31:14:ae:0a:95:7e:52:75:35:6b:30:2c:
         82:97:9b:9d:69:72:ba:41:9d:3e:d7:9e:7c:b7:8c:7d:e0:b5:
         87:58:1f:54:68:f7:67:37:c9:3c:c2:50:97:ee:e2:8a:24:8f:
         ab:e7:e4:9e:99:e3:d7:21:71:ab:c6:a5:4f:c3:f4:18:03:0f:
         00:fc:c3:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEVRZ0Uy1aQGp45ajkKh9UdYjAzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDM4RjBCOEJGMTlGM0UyMjU1NTk5QzUyRTUwOEQzRTc5NjE5MjJDNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuY4EzcqlhPxxeHPdwYHas9EC9
74WOPe20oH53mdNGzS+4IJIi4iHV49nFzAhokS4D2xJP5hXEOs1qgvTU3tA75NLa
4rNDPrvZ8cjh6sVW5FQyV9t+HRtNmRML/Hrwn+VcAqdmM4HcgsPeVoRhgP+ZmmwD
oFsiuh7HUBA3fUtWrYN+8xUcQ6QeNfMj2F5qSVflRnHsOwdQzwp6mjosk3Ql4Asu
i3+CUBcDFUBKB6f8G/gEz9ESYJ634zMDMFT+RQGKm8oH3dzIp+rwLovWWOgb3xaX
5F2UDCrK3m+x/vcRaiPBIX02ceDIpJGwssqoMnsG3hK1jBAFr29LqBKWFB7FAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOPC4vxnz4iVVmcUuUI0+eWGSLGUwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO8MA0GCSqGSIb3DQEBCwUAA4IBAQBbTd40QSUSPe9KfxvjpMFstMTKMfgm0yud
zweZvM+PxnDyJGnMZZw3fw4/arGOBbfkLvNdUn1r4o56JhMso9x+H/roicUl95ts
ivQSJ8TZyQphMMZo8XozuOxujeDHugvn1u80RXSPvWE4A6vJYgg9xnaBOLIGWBKq
57iNP9YOmaZca82zuZGSGNk0REdUhJ62q9UtRhASXQWvOTqlt7DZZ1ViEKu7LoOr
CkfPsx04+v6fCWaJ+nxWk7kxFK4KlX5SdTVrMCyCl5udaXK6QZ0+1558t4x94LWH
WB9UaPdnN8k8wlCX7uKKJI+r5+SemePXIXGrxqVPw/QYAw8A/MOY
-----END CERTIFICATE-----