Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215154.roa
File:                     AS215154.roa (raw, json)
Hash identifier:          PG4BFjBwxGu5FhDHM6Juchkc0L5jLjsyqheDoOVUqRE=
Subject key identifier:   AF:8B:08:B8:D9:BE:F5:B2:F2:71:0B:2E:ED:45:6F:15:E8:16:A2:24
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1360144A1C222EB5885059347BFEB90BE0364FB3
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215154.roa
Signing time:             Thu 23 May 2024 16:49:09 +0000
ROA not before:           Thu 23 May 2024 16:44:09 +0000
ROA not after:            Thu 22 May 2025 16:49:09 +0000
asID:                     215154
IP address blocks:        2a0f:85c1:3b1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:60:14:4a:1c:22:2e:b5:88:50:59:34:7b:fe:b9:0b:e0:36:4f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:09 2024 GMT
            Not After : May 22 16:49:09 2025 GMT
        Subject: CN=AF8B08B8D9BEF5B2F2710B2EED456F15E816A224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:cf:c2:89:6c:f7:9b:83:a5:02:b3:a2:fa:
                    3c:0e:ab:8f:4e:ba:12:83:d4:ba:e0:b8:f9:b0:13:
                    cc:bb:cd:c4:50:f0:c2:44:3e:39:1f:c0:1c:22:83:
                    46:e7:bc:70:b7:61:f5:7a:00:0d:4e:83:e9:eb:cc:
                    a4:0a:b7:46:f9:e4:2e:07:1b:26:a4:27:45:92:c8:
                    0c:be:02:c6:11:f3:40:59:3c:70:49:ca:0d:d7:11:
                    da:75:ef:fc:47:bc:a5:1e:73:01:61:2d:0b:64:38:
                    eb:ae:e3:37:cb:9d:45:47:5f:46:3b:56:35:68:10:
                    93:9f:77:84:f1:5b:f9:7d:5e:01:02:1f:da:f2:32:
                    15:cf:f0:c0:70:e5:9b:c8:ab:e0:d1:32:4a:6b:d4:
                    f6:38:79:86:69:94:d1:52:1b:bb:9d:33:0a:f3:79:
                    46:42:1a:8d:0e:fd:bf:3b:22:91:d3:12:3f:c3:92:
                    d9:35:e7:9b:d3:70:70:27:3f:e2:9d:ec:64:62:b2:
                    84:5f:4f:5c:fb:24:6c:a7:c4:fb:55:41:83:ee:e9:
                    79:ca:b5:db:73:8d:74:13:24:67:0d:ba:06:5e:32:
                    ee:bc:4f:d8:9e:e3:60:60:9b:2f:9e:49:c8:b1:75:
                    28:cd:39:c6:cb:df:55:49:cd:9c:35:28:37:a6:b0:
                    ab:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8B:08:B8:D9:BE:F5:B2:F2:71:0B:2E:ED:45:6F:15:E8:16:A2:24
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b1::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:d6:73:bc:e5:65:9c:45:4f:22:26:94:66:af:29:fd:7e:fd:
         3b:af:7b:e0:4d:41:6d:85:7c:49:62:b4:81:ba:63:c6:a9:39:
         da:15:73:c5:09:e1:94:13:09:0e:40:42:53:0d:39:a4:b6:a3:
         2a:b1:ef:8d:9a:0e:9c:78:be:f7:a8:71:62:c4:09:5f:d9:95:
         78:a3:61:f0:2f:69:21:2f:fe:4c:18:4e:eb:3a:59:54:fa:7e:
         4c:96:d7:0f:3c:6b:13:29:be:f3:3d:04:7c:ee:ca:fa:97:3b:
         df:34:8f:6a:7e:40:69:5f:c5:6c:54:87:56:6b:07:70:8e:18:
         05:e7:25:c1:88:1e:71:29:fd:96:8c:3f:f6:33:ae:38:f0:d9:
         e4:cf:84:ce:8c:6d:30:ae:b8:70:8b:df:0a:6b:3e:c1:11:79:
         06:7c:ff:27:08:98:bc:7c:a2:fe:dd:0b:3e:8e:c4:81:aa:af:
         b2:d5:fb:22:15:bd:18:c7:14:42:65:27:8c:dd:06:d6:a8:c8:
         57:71:65:70:e2:9e:9c:3a:32:92:b2:16:69:85:36:12:73:72:
         d3:b6:93:0a:ac:76:02:c7:0d:ed:d8:12:ff:f7:f9:b6:13:ed:
         e4:4f:1d:97:47:f4:fe:b0:20:ff:2d:6a:a2:c4:8c:d3:63:37:
         e0:56:69:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE2AUShwiLrWIUFk0e/65C+A2T7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDlaFw0yNTA1MjIxNjQ5MDlaMDMxMTAvBgNV
BAMTKEFGOEIwOEI4RDlCRUY1QjJGMjcxMEIyRUVENDU2RjE1RTgxNkEyMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFHc/CiWz3m4OlArOi+jwOq49O
uhKD1LrguPmwE8y7zcRQ8MJEPjkfwBwig0bnvHC3YfV6AA1Og+nrzKQKt0b55C4H
GyakJ0WSyAy+AsYR80BZPHBJyg3XEdp17/xHvKUecwFhLQtkOOuu4zfLnUVHX0Y7
VjVoEJOfd4TxW/l9XgECH9ryMhXP8MBw5ZvIq+DRMkpr1PY4eYZplNFSG7udMwrz
eUZCGo0O/b87IpHTEj/Dktk155vTcHAnP+Kd7GRisoRfT1z7JGynxPtVQYPu6XnK
tdtzjXQTJGcNugZeMu68T9ie42Bgmy+eScixdSjNOcbL31VJzZw1KDemsKtNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUr4sIuNm+9bLycQsu7UVvFegWoiQwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOxMA0GCSqGSIb3DQEBCwUAA4IBAQBx1nO85WWcRU8iJpRmryn9fv07r3vgTUFt
hXxJYrSBumPGqTnaFXPFCeGUEwkOQEJTDTmktqMqse+Nmg6ceL73qHFixAlf2ZV4
o2HwL2khL/5MGE7rOllU+n5MltcPPGsTKb7zPQR87sr6lzvfNI9qfkBpX8VsVIdW
awdwjhgF5yXBiB5xKf2WjD/2M6448Nnkz4TOjG0wrrhwi98Kaz7BEXkGfP8nCJi8
fKL+3Qs+jsSBqq+y1fsiFb0YxxRCZSeM3QbWqMhXcWVw4p6cOjKSshZphTYSc3LT
tpMKrHYCxw3t2BL/9/m2E+3kTx2XR/T+sCD/LWqixIzTYzfgVmkb
-----END CERTIFICATE-----