Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215214.roa
File:                     AS215214.roa (raw, json)
Hash identifier:          WjT68ntnQcxme49/OjZWeXTatlV+GJnLOm9X1KcYyzc=
Subject key identifier:   40:D7:82:E0:A9:65:03:56:73:12:D9:43:2A:7C:64:CD:84:22:FB:6F
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       145C719A4D13A3552BD5FE4B2B6D06CBE7E4A80F
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215214.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     215214
IP address blocks:        2a0f:85c1:3a5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:5c:71:9a:4d:13:a3:55:2b:d5:fe:4b:2b:6d:06:cb:e7:e4:a8:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=40D782E0A96503567312D9432A7C64CD8422FB6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bf:23:60:41:fb:38:b9:7d:c3:3b:01:3b:96:
                    a8:89:01:26:0b:67:d5:a8:af:88:55:ab:81:f4:bd:
                    1b:70:13:29:3a:92:24:eb:cd:e1:38:b7:ed:61:c2:
                    03:e4:d6:75:be:dd:6d:5a:65:d2:51:77:d5:68:3f:
                    8a:7e:e2:7d:02:50:13:81:56:8c:05:b1:d3:43:35:
                    0b:25:5e:b3:2f:f5:5b:a2:f9:1a:b0:e5:c9:62:03:
                    bd:5e:fa:99:fe:e7:ef:86:61:c2:ab:94:6a:03:f5:
                    02:eb:05:ed:6e:56:ff:b9:a3:8b:34:01:f5:73:51:
                    af:30:21:95:5a:e5:77:51:84:9d:da:07:2c:8c:9c:
                    7f:f7:c5:ca:60:96:41:04:33:8f:79:94:a4:b9:e3:
                    41:c5:4f:39:a5:dd:72:b8:ee:c0:be:2d:af:84:ff:
                    1e:ad:90:2e:52:90:7a:5d:91:70:10:e8:ec:06:57:
                    ef:60:6a:50:a6:af:84:6a:5a:99:d2:45:1a:4d:70:
                    2d:12:11:5b:40:21:40:0b:82:c3:f3:05:2a:74:cc:
                    3d:1e:31:12:c1:c5:b0:8c:2f:b6:33:57:a5:e6:2a:
                    e1:15:f1:8b:1f:a4:6c:b5:2a:15:c8:58:67:58:11:
                    2b:be:01:16:04:2a:87:73:e4:0f:8b:50:5e:54:39:
                    54:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D7:82:E0:A9:65:03:56:73:12:D9:43:2A:7C:64:CD:84:22:FB:6F
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a5::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:b6:8a:7a:f3:12:06:b8:82:f8:9b:77:70:8a:0f:6a:eb:32:
         4f:b9:e5:5c:7d:42:27:d5:ab:7a:3c:16:ce:d5:0e:e5:ad:18:
         25:21:46:76:54:0a:78:66:ae:46:98:d1:03:38:68:ff:fe:8d:
         16:72:29:29:41:4b:37:f1:87:10:73:86:4c:a0:b1:8e:b0:20:
         ae:0f:5c:2d:04:38:ce:e9:df:34:5f:fb:1d:b1:2e:19:b0:52:
         67:c5:4c:54:b8:a5:d4:ca:05:d3:d9:a6:33:69:2a:eb:62:90:
         5c:ec:84:d3:5c:0c:56:5e:6a:c7:28:09:40:97:b4:20:a1:4b:
         6f:c4:cb:9f:ab:01:b3:86:5e:1f:a4:79:26:31:f7:d8:1b:3a:
         19:89:71:a0:0a:53:7c:10:b7:c8:b7:fe:76:37:75:15:a6:54:
         85:52:2f:6b:71:ee:8c:98:e8:7c:be:ca:cb:8d:ec:09:5f:46:
         0b:42:85:f8:9e:6c:fc:25:53:a4:ca:05:28:3f:e0:f2:f6:50:
         40:12:9f:2f:03:e7:49:94:97:d5:45:0c:b0:a7:b5:98:dc:53:
         8b:20:36:9c:41:60:a4:c0:27:d9:11:e0:16:bc:42:6a:e1:80:
         6f:90:14:2b:d5:4d:55:9c:31:fc:02:86:9b:59:43:d7:5b:d9:
         23:07:88:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFFxxmk0To1Ur1f5LK20Gy+fkqA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKDQwRDc4MkUwQTk2NTAzNTY3MzEyRDk0MzJBN0M2NENEODQyMkZCNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCvyNgQfs4uX3DOwE7lqiJASYL
Z9Wor4hVq4H0vRtwEyk6kiTrzeE4t+1hwgPk1nW+3W1aZdJRd9VoP4p+4n0CUBOB
VowFsdNDNQslXrMv9Vui+Rqw5cliA71e+pn+5++GYcKrlGoD9QLrBe1uVv+5o4s0
AfVzUa8wIZVa5XdRhJ3aByyMnH/3xcpglkEEM495lKS540HFTzml3XK47sC+La+E
/x6tkC5SkHpdkXAQ6OwGV+9galCmr4RqWpnSRRpNcC0SEVtAIUALgsPzBSp0zD0e
MRLBxbCML7YzV6XmKuEV8YsfpGy1KhXIWGdYESu+ARYEKodz5A+LUF5UOVSfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQNeC4KllA1ZzEtlDKnxkzYQi+28wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOlMA0GCSqGSIb3DQEBCwUAA4IBAQBKtop68xIGuIL4m3dwig9q6zJPueVcfUIn
1at6PBbO1Q7lrRglIUZ2VAp4Zq5GmNEDOGj//o0WcikpQUs38YcQc4ZMoLGOsCCu
D1wtBDjO6d80X/sdsS4ZsFJnxUxUuKXUygXT2aYzaSrrYpBc7ITTXAxWXmrHKAlA
l7QgoUtvxMufqwGzhl4fpHkmMffYGzoZiXGgClN8ELfIt/52N3UVplSFUi9rce6M
mOh8vsrLjewJX0YLQoX4nmz8JVOkygUoP+Dy9lBAEp8vA+dJlJfVRQywp7WY3FOL
IDacQWCkwCfZEeAWvEJq4YBvkBQr1U1VnDH8AoabWUPXW9kjB4h+
-----END CERTIFICATE-----