Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215135.roa
File:                     AS215135.roa (raw, json)
Hash identifier:          ag7DtWzTE3Pc6o/F8weFiPuNtQa2iP4+31HZTxvTOdM=
Subject key identifier:   33:CD:30:43:19:A4:9E:29:3B:27:0A:A3:ED:DD:35:F2:3B:E1:F5:D6
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       17463EE545B2CDF706E0106F32925D49D0DDD79A
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215135.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     215135
IP address blocks:        2a0f:85c1:3b9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:46:3e:e5:45:b2:cd:f7:06:e0:10:6f:32:92:5d:49:d0:dd:d7:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=33CD304319A49E293B270AA3EDDD35F23BE1F5D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d2:6c:95:71:54:b5:30:f2:03:5f:2c:0d:61:
                    b7:2f:73:e0:a9:45:68:78:52:38:42:2d:39:5a:9b:
                    fb:d2:af:9e:41:e4:60:33:4e:4d:e2:ac:f7:94:ea:
                    7f:b0:4e:fb:86:ae:75:6e:92:ba:40:df:82:ca:70:
                    7a:a2:ae:1d:1d:7d:c8:73:37:01:39:29:69:b3:45:
                    70:bf:ad:81:22:2a:cd:9b:13:fb:16:af:b6:1b:10:
                    0e:88:0f:77:66:e5:e4:c2:9b:dc:cc:f7:46:9d:bc:
                    b9:3a:8d:3a:86:cd:78:85:6d:ec:8b:af:1b:b0:bf:
                    dd:63:a7:66:88:fb:ec:f3:cf:4d:77:bc:c0:0c:3f:
                    d5:14:f3:a1:72:ff:c2:f9:2c:20:90:b8:7e:33:94:
                    9b:8c:19:d2:8d:68:5c:84:da:fa:cb:ca:b9:71:eb:
                    f6:e5:d1:58:cc:7d:36:31:ac:b5:65:be:47:5b:4c:
                    62:a7:e5:d5:72:e6:21:b5:50:f3:f1:d2:20:56:5a:
                    2a:b8:56:68:75:bb:87:b6:7a:9c:1c:a5:0a:1f:48:
                    d8:dd:d7:d7:3b:d3:01:00:89:c3:a8:74:a8:e7:4d:
                    33:7a:02:e9:78:16:81:5c:7c:26:5b:52:ea:ed:94:
                    61:58:c6:7d:d8:5e:1f:26:4e:8a:a4:cf:1e:df:26:
                    4d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:CD:30:43:19:A4:9E:29:3B:27:0A:A3:ED:DD:35:F2:3B:E1:F5:D6
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b9::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:0b:f2:72:d4:b2:f2:52:c3:fb:46:8b:9b:65:d3:7e:23:16:
         f6:95:4e:95:78:5b:dd:4b:d3:50:8e:29:18:b1:1f:47:e1:ba:
         37:c4:57:6f:b6:24:60:93:b7:1b:13:b6:b5:f7:ed:b1:f4:77:
         6a:e6:1b:e6:ee:83:3c:62:56:be:2d:a4:63:27:e5:d0:e7:02:
         9c:cb:f2:80:b2:e2:66:87:55:d9:f3:28:6b:0b:24:97:37:6f:
         1e:0d:b3:02:b7:20:4e:e9:f2:dc:20:8f:29:98:81:82:a9:f8:
         f3:c7:5d:db:4b:c4:67:3b:77:ef:b0:9e:b2:7a:d4:57:34:34:
         45:14:cc:18:c6:a1:36:4b:a8:7f:81:36:c6:21:7f:94:d4:56:
         b5:5e:e2:2c:93:d1:f7:e2:c0:91:3c:03:43:3b:f3:5f:fe:99:
         c4:b5:18:e7:b0:2d:51:52:6c:b3:47:a3:70:2c:5e:19:a1:25:
         0f:ea:9b:66:4c:1d:5d:1c:bf:26:ff:8c:51:e8:b7:df:0f:94:
         a3:9d:a0:00:60:24:7c:77:de:3c:a8:22:54:1f:19:9b:fb:e3:
         e1:46:c8:62:d8:ed:2e:39:fa:78:ca:2c:7b:b2:f0:b9:b9:d1:
         46:3e:93:b6:94:3b:4b:fb:f0:ac:2e:70:89:b6:28:1c:b4:2c:
         2f:86:de:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUF0Y+5UWyzfcG4BBvMpJdSdDd15owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKDMzQ0QzMDQzMTlBNDlFMjkzQjI3MEFBM0VEREQzNUYyM0JFMUY1RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0myVcVS1MPIDXywNYbcvc+Cp
RWh4UjhCLTlam/vSr55B5GAzTk3irPeU6n+wTvuGrnVukrpA34LKcHqirh0dfchz
NwE5KWmzRXC/rYEiKs2bE/sWr7YbEA6ID3dm5eTCm9zM90advLk6jTqGzXiFbeyL
rxuwv91jp2aI++zzz013vMAMP9UU86Fy/8L5LCCQuH4zlJuMGdKNaFyE2vrLyrlx
6/bl0VjMfTYxrLVlvkdbTGKn5dVy5iG1UPPx0iBWWiq4Vmh1u4e2epwcpQofSNjd
19c70wEAicOodKjnTTN6Aul4FoFcfCZbUurtlGFYxn3YXh8mToqkzx7fJk3tAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUM80wQxmknik7Jwqj7d018jvh9dYwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO5MA0GCSqGSIb3DQEBCwUAA4IBAQAGC/Jy1LLyUsP7RoubZdN+Ixb2lU6VeFvd
S9NQjikYsR9H4bo3xFdvtiRgk7cbE7a19+2x9Hdq5hvm7oM8Yla+LaRjJ+XQ5wKc
y/KAsuJmh1XZ8yhrCySXN28eDbMCtyBO6fLcII8pmIGCqfjzx13bS8RnO3fvsJ6y
etRXNDRFFMwYxqE2S6h/gTbGIX+U1Fa1XuIsk9H34sCRPANDO/Nf/pnEtRjnsC1R
UmyzR6NwLF4ZoSUP6ptmTB1dHL8m/4xR6LffD5SjnaAAYCR8d948qCJUHxmb++Ph
Rshi2O0uOfp4yix7svC5udFGPpO2lDtL+/CsLnCJtigctCwvht5w
-----END CERTIFICATE-----