Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215171.roa
File:                     AS215171.roa (raw, json)
Hash identifier:          Z9VjGkeTbEsAk0M8zN8ZWW8ipAgvqhL6JD4FxzMkmjI=
Subject key identifier:   87:8E:A9:67:FF:C3:0A:F1:8B:75:A9:F3:F5:DC:5F:43:04:72:23:3F
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6074E166703D065587F8B74A1049D066A16CD71E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215171.roa
Signing time:             Thu 23 May 2024 16:49:08 +0000
ROA not before:           Thu 23 May 2024 16:44:08 +0000
ROA not after:            Thu 22 May 2025 16:49:08 +0000
asID:                     215171
IP address blocks:        2a0f:85c1:3ae::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:74:e1:66:70:3d:06:55:87:f8:b7:4a:10:49:d0:66:a1:6c:d7:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:08 2024 GMT
            Not After : May 22 16:49:08 2025 GMT
        Subject: CN=878EA967FFC30AF18B75A9F3F5DC5F430472233F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:84:aa:fc:c9:28:c1:a8:bc:de:f8:6c:53:4b:
                    6e:14:36:5d:34:5b:ea:cc:70:c7:df:b8:93:c4:19:
                    73:3b:ee:87:31:59:a8:d9:6c:1c:bb:b7:4c:51:fe:
                    3b:6a:29:25:76:46:f0:ac:65:97:d6:0d:7b:7e:8f:
                    ef:85:19:de:3b:5a:8d:b2:2f:90:01:c9:00:84:7f:
                    81:08:44:ac:90:55:b6:6d:b0:d7:c5:8d:71:fb:71:
                    07:e0:50:7e:cb:eb:f9:e8:e1:09:80:07:1f:cd:c5:
                    95:0f:7b:89:45:8a:4b:c2:28:c3:d9:df:45:dc:25:
                    81:df:e9:93:cf:e3:a2:b5:33:19:ed:c6:54:ea:ed:
                    ef:ef:21:86:95:3c:e0:29:44:e9:22:d4:b1:66:db:
                    d5:3b:54:b8:d4:4e:49:2e:99:2a:ad:6f:0e:61:82:
                    ec:7f:b2:13:70:29:9c:82:9d:79:b0:8c:1b:b6:13:
                    1d:b7:9a:20:2d:cf:f0:f6:ba:13:1c:b3:d7:f7:41:
                    7a:cb:68:bb:66:9a:e7:ae:7a:95:90:44:6a:61:72:
                    22:5a:b7:37:70:51:b8:11:ea:95:2b:3e:46:2d:d0:
                    33:ad:9e:5f:7a:bd:09:6a:1a:25:64:19:3f:31:52:
                    76:34:a3:2b:57:ff:00:cc:fd:24:03:0b:66:2e:ae:
                    6c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8E:A9:67:FF:C3:0A:F1:8B:75:A9:F3:F5:DC:5F:43:04:72:23:3F
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ae::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:30:2e:85:dc:e4:be:57:0b:c6:47:f7:84:5a:e4:b1:97:9d:
         b5:71:1d:24:33:33:69:ac:88:fd:62:33:e6:ae:f4:c8:84:60:
         2a:e6:aa:e1:c8:e2:2f:66:9a:63:ef:a0:f6:8e:11:6e:b5:0f:
         4b:90:d8:57:93:a4:43:e4:8a:82:7d:1f:e3:f5:9d:4d:4b:16:
         35:2f:14:a4:fe:71:de:d3:60:41:99:41:4c:f2:9a:f3:1f:b6:
         84:c1:71:2f:a9:20:8f:38:fb:68:4d:57:08:e5:74:6e:ea:35:
         b2:00:4a:ea:77:b0:9e:b3:4f:44:ed:c9:c2:6a:d9:4e:f8:03:
         63:a6:2b:7c:77:7a:01:dc:f2:3f:71:6f:ec:6d:23:de:a1:5e:
         c4:15:92:4d:0b:78:df:e9:f4:d7:60:67:d6:54:21:33:21:5e:
         3f:74:36:44:23:5e:19:05:1c:c9:b8:ac:18:af:d2:c2:07:02:
         e6:e7:bb:56:b6:b8:0b:3b:5f:ab:87:26:b5:85:f5:ea:0b:59:
         33:ad:ba:80:8e:62:45:fe:58:05:df:a4:2b:22:c0:9d:87:20:
         6c:71:dd:cd:98:97:9a:0a:d7:ad:d2:6c:20:a4:e8:c1:39:a8:
         10:ae:31:8b:a6:5c:62:13:d9:e6:25:63:a2:e6:86:b5:12:48:
         39:67:d1:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYHThZnA9BlWH+LdKEEnQZqFs1x4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDhaFw0yNTA1MjIxNjQ5MDhaMDMxMTAvBgNV
BAMTKDg3OEVBOTY3RkZDMzBBRjE4Qjc1QTlGM0Y1REM1RjQzMDQ3MjIzM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBhKr8ySjBqLze+GxTS24UNl00
W+rMcMffuJPEGXM77ocxWajZbBy7t0xR/jtqKSV2RvCsZZfWDXt+j++FGd47Wo2y
L5AByQCEf4EIRKyQVbZtsNfFjXH7cQfgUH7L6/no4QmABx/NxZUPe4lFikvCKMPZ
30XcJYHf6ZPP46K1MxntxlTq7e/vIYaVPOApROki1LFm29U7VLjUTkkumSqtbw5h
gux/shNwKZyCnXmwjBu2Ex23miAtz/D2uhMcs9f3QXrLaLtmmueuepWQRGphciJa
tzdwUbgR6pUrPkYt0DOtnl96vQlqGiVkGT8xUnY0oytX/wDM/SQDC2Yurmz3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUh46pZ//DCvGLdanz9dxfQwRyIz8wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOuMA0GCSqGSIb3DQEBCwUAA4IBAQCvMC6F3OS+VwvGR/eEWuSxl521cR0kMzNp
rIj9YjPmrvTIhGAq5qrhyOIvZppj76D2jhFutQ9LkNhXk6RD5IqCfR/j9Z1NSxY1
LxSk/nHe02BBmUFM8przH7aEwXEvqSCPOPtoTVcI5XRu6jWyAErqd7Ces09E7cnC
atlO+ANjpit8d3oB3PI/cW/sbSPeoV7EFZJNC3jf6fTXYGfWVCEzIV4/dDZEI14Z
BRzJuKwYr9LCBwLm57tWtrgLO1+rhya1hfXqC1kzrbqAjmJF/lgF36QrIsCdhyBs
cd3NmJeaCtet0mwgpOjBOagQrjGLplxiE9nmJWOi5oa1Ekg5Z9Fd
-----END CERTIFICATE-----