Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215172.roa
File:                     AS215172.roa (raw, json)
Hash identifier:          1TaBISB+40a6TNU5ZqkEg9kZFjlzZbAYPbZo74dFij0=
Subject key identifier:   E1:8F:1D:09:1E:99:48:19:1F:18:23:5C:B4:86:47:35:7C:17:41:ED
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       28BDBEF857AE5BC4613E7E146594E5BB7279DA36
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215172.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215172
IP address blocks:        2a0f:85c1:3ad::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:bd:be:f8:57:ae:5b:c4:61:3e:7e:14:65:94:e5:bb:72:79:da:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=E18F1D091E9948191F18235CB48647357C1741ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:85:01:c6:a4:64:e8:d1:50:77:62:b5:fe:9d:
                    05:70:bd:0c:61:7b:b4:e5:48:78:c1:06:32:b8:59:
                    12:74:91:33:f4:5b:7b:38:24:63:2c:1c:e6:0f:8d:
                    5a:d7:7e:a8:f0:f3:c5:4b:b5:99:61:17:e5:f1:52:
                    68:25:6d:cd:4f:d0:16:d9:de:77:bd:bd:02:20:a8:
                    64:5f:47:ee:0d:55:e8:fa:34:09:83:58:b9:20:33:
                    a2:7d:d9:d6:cc:ab:b6:44:f1:7b:b0:6f:5e:dd:5a:
                    7a:a0:35:7d:4c:9a:98:c7:81:fa:a6:2b:96:8d:77:
                    4c:e6:53:a2:50:3c:cf:55:01:2e:89:54:ea:ac:57:
                    48:bc:69:e8:59:8e:ce:2f:31:88:c7:06:90:72:a0:
                    4b:e0:16:ed:d0:88:52:0e:62:63:40:ac:88:19:49:
                    1c:a0:c6:cb:47:79:d2:17:82:c8:eb:6e:64:fc:c3:
                    c1:7e:b8:f8:fc:30:70:29:a5:eb:07:d3:a3:ab:d4:
                    c6:0c:e4:4d:a5:95:6f:62:13:1f:70:12:5c:f0:cb:
                    42:1b:df:d0:7f:01:6c:fb:e0:a6:ff:cd:c7:29:16:
                    59:87:70:12:36:a9:09:7c:bc:22:8f:b0:6e:cd:9f:
                    4c:ee:ac:b8:c0:b6:6d:6e:15:2a:89:d3:cf:16:f6:
                    6c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:8F:1D:09:1E:99:48:19:1F:18:23:5C:B4:86:47:35:7C:17:41:ED
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:92:de:dd:87:5a:ce:e2:c2:28:6e:78:0c:3a:7b:4d:94:4e:
         9b:ec:3d:90:ff:48:85:64:3f:a0:97:87:7a:36:b9:13:62:ea:
         b9:06:f8:62:32:0c:47:f4:08:ac:6a:85:68:69:86:c1:09:8f:
         30:3f:0a:fb:29:16:72:94:68:5a:8f:68:71:d2:d9:60:e0:1f:
         d7:23:20:18:02:e4:be:13:d1:e2:fe:a3:88:6e:7b:91:73:ff:
         55:f6:38:a2:e0:59:52:83:bb:a9:4a:bd:ed:cc:f4:8c:0c:58:
         df:05:35:fe:15:27:c8:f1:05:87:8d:e6:bd:e1:b1:27:15:e6:
         34:42:4e:e1:9c:11:1c:5f:8a:7d:64:f4:6d:b1:9f:c7:03:8e:
         65:f3:92:88:26:cb:ff:57:52:1d:fd:8e:21:42:96:aa:90:86:
         c9:2b:a0:a3:02:56:22:5f:31:39:dd:3c:c0:e0:4c:a4:7b:b4:
         73:28:50:28:61:a1:21:26:fb:a5:e9:bb:75:95:49:6d:63:21:
         a3:1c:a2:96:f7:4d:1e:03:5f:ec:d7:d2:c6:e0:1e:f7:df:64:
         9b:b1:8b:7d:af:54:4e:7f:dc:87:d5:f7:8e:63:c2:3d:67:e6:
         23:b9:95:1c:d8:88:a0:6d:2f:8e:09:03:5d:2b:54:6c:79:0c:
         47:3a:92:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKL2++FeuW8RhPn4UZZTlu3J52jYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKEUxOEYxRDA5MUU5OTQ4MTkxRjE4MjM1Q0I0ODY0NzM1N0MxNzQxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGhQHGpGTo0VB3YrX+nQVwvQxh
e7TlSHjBBjK4WRJ0kTP0W3s4JGMsHOYPjVrXfqjw88VLtZlhF+XxUmglbc1P0BbZ
3ne9vQIgqGRfR+4NVej6NAmDWLkgM6J92dbMq7ZE8Xuwb17dWnqgNX1MmpjHgfqm
K5aNd0zmU6JQPM9VAS6JVOqsV0i8aehZjs4vMYjHBpByoEvgFu3QiFIOYmNArIgZ
SRygxstHedIXgsjrbmT8w8F+uPj8MHAppesH06Or1MYM5E2llW9iEx9wElzwy0Ib
39B/AWz74Kb/zccpFlmHcBI2qQl8vCKPsG7Nn0zurLjAtm1uFSqJ088W9my5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4Y8dCR6ZSBkfGCNctIZHNXwXQe0wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOtMA0GCSqGSIb3DQEBCwUAA4IBAQCWkt7dh1rO4sIobngMOntNlE6b7D2Q/0iF
ZD+gl4d6NrkTYuq5BvhiMgxH9AisaoVoaYbBCY8wPwr7KRZylGhaj2hx0tlg4B/X
IyAYAuS+E9Hi/qOIbnuRc/9V9jii4FlSg7upSr3tzPSMDFjfBTX+FSfI8QWHjea9
4bEnFeY0Qk7hnBEcX4p9ZPRtsZ/HA45l85KIJsv/V1Id/Y4hQpaqkIbJK6CjAlYi
XzE53TzA4Eyke7RzKFAoYaEhJvul6bt1lUltYyGjHKKW900eA1/s19LG4B7332Sb
sYt9r1ROf9yH1feOY8I9Z+YjuZUc2IigbS+OCQNdK1RseQxHOpLu
-----END CERTIFICATE-----