Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215223.roa
File:                     AS215223.roa (raw, json)
Hash identifier:          5KsnSBCNtT93qaUV3KY7ach95OwHuDPC5SQnXjss3ZY=
Subject key identifier:   FC:0D:34:73:74:BF:35:FC:63:60:4A:6D:0D:4C:DB:6D:6E:BC:95:32
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       70B99205C7DE0610934FC620BA8569D6A5BC313E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215223.roa
Signing time:             Thu 23 May 2024 16:49:14 +0000
ROA not before:           Thu 23 May 2024 16:44:14 +0000
ROA not after:            Thu 22 May 2025 16:49:14 +0000
asID:                     215223
IP address blocks:        2a0f:85c1:3a6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b9:92:05:c7:de:06:10:93:4f:c6:20:ba:85:69:d6:a5:bc:31:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:14 2024 GMT
            Not After : May 22 16:49:14 2025 GMT
        Subject: CN=FC0D347374BF35FC63604A6D0D4CDB6D6EBC9532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:85:80:a3:5e:c0:96:69:a5:78:bf:33:d6:f2:
                    dc:d4:51:8f:27:6f:ad:d3:67:75:05:32:09:a2:3a:
                    88:cb:65:d9:40:ca:b7:22:1e:8b:e5:ff:b9:f6:c7:
                    1d:9c:c8:67:8f:38:96:c8:ad:29:ed:80:cd:eb:a0:
                    67:65:cd:4c:e6:4b:2e:0c:12:05:71:74:b5:be:9f:
                    0e:22:e3:48:ff:19:83:20:64:b4:8c:fc:03:bb:00:
                    e9:c5:4e:4f:ce:be:59:b0:b9:66:c9:00:3b:f9:f3:
                    7d:2c:be:36:28:ee:62:87:82:df:80:c6:e1:d0:a0:
                    66:b3:7e:97:08:37:58:09:69:27:46:a4:e1:e9:48:
                    a5:67:bb:2a:f2:90:65:29:1b:d2:0a:e4:c3:d5:b0:
                    cc:e6:df:a0:a8:11:d7:7f:1d:19:e6:2b:73:ae:d8:
                    66:8c:fd:1e:46:32:f7:cb:d8:e7:94:ba:52:37:03:
                    db:6e:c9:c6:58:a7:5e:01:b3:48:eb:2f:ed:7f:6e:
                    f4:91:54:5b:1e:e4:ea:e6:3d:9f:36:80:21:2c:79:
                    fa:d3:98:0e:29:31:a9:16:30:d3:5b:a3:40:6f:a3:
                    5d:ae:9f:6a:f5:6f:8c:ad:98:30:19:44:c1:b8:29:
                    9f:e1:f8:a1:61:22:a7:74:4d:64:08:6d:54:b6:51:
                    23:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:0D:34:73:74:BF:35:FC:63:60:4A:6D:0D:4C:DB:6D:6E:BC:95:32
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a6::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:fb:d6:78:ae:02:3d:70:be:fa:9d:e2:20:d9:41:23:0c:27:
         53:3f:06:39:9a:0b:9c:72:ae:d9:d4:1f:cc:9b:b7:b4:fa:e3:
         ef:fd:04:18:6f:20:63:db:1a:4f:c1:0d:6f:84:6d:71:ac:59:
         a5:84:2e:ec:5c:9a:fe:a9:34:33:f9:65:71:db:3c:2d:08:66:
         53:db:c5:95:6b:70:6f:6d:33:82:c8:c0:f4:18:66:95:c4:81:
         f0:df:5f:06:82:ca:7a:0b:87:e2:2f:d4:9b:1d:df:14:49:e2:
         8b:dd:b1:70:e1:76:62:d2:d4:13:15:0f:99:ca:77:a8:f6:91:
         ac:3e:43:b8:99:0a:a2:03:e6:7c:b0:94:6f:eb:36:ae:9a:ca:
         f6:b2:4c:a7:c2:96:b9:a9:f5:bf:b2:7c:65:b5:26:e3:72:06:
         64:c4:95:aa:19:39:4e:94:51:19:08:5e:3b:8c:35:5d:6e:88:
         25:f6:e6:6b:da:53:a3:77:fe:4b:1a:37:f6:77:66:94:54:99:
         e2:93:b6:ba:88:88:60:78:64:04:a7:35:76:71:d6:eb:95:b9:
         0b:15:95:c7:b7:d0:75:0c:8f:86:1f:0a:f4:cc:ba:c8:a1:9a:
         83:2c:28:42:8a:79:ce:11:ad:b8:57:51:76:6d:29:61:03:d6:
         f8:8c:e7:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcLmSBcfeBhCTT8YguoVp1qW8MT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTRaFw0yNTA1MjIxNjQ5MTRaMDMxMTAvBgNV
BAMTKEZDMEQzNDczNzRCRjM1RkM2MzYwNEE2RDBENENEQjZENkVCQzk1MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRhYCjXsCWaaV4vzPW8tzUUY8n
b63TZ3UFMgmiOojLZdlAyrciHovl/7n2xx2cyGePOJbIrSntgM3roGdlzUzmSy4M
EgVxdLW+nw4i40j/GYMgZLSM/AO7AOnFTk/OvlmwuWbJADv5830svjYo7mKHgt+A
xuHQoGazfpcIN1gJaSdGpOHpSKVnuyrykGUpG9IK5MPVsMzm36CoEdd/HRnmK3Ou
2GaM/R5GMvfL2OeUulI3A9tuycZYp14Bs0jrL+1/bvSRVFse5OrmPZ82gCEsefrT
mA4pMakWMNNbo0Bvo12un2r1b4ytmDAZRMG4KZ/h+KFhIqd0TWQIbVS2USOXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/A00c3S/NfxjYEptDUzbbW68lTIwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOmMA0GCSqGSIb3DQEBCwUAA4IBAQCp+9Z4rgI9cL76neIg2UEjDCdTPwY5mguc
cq7Z1B/Mm7e0+uPv/QQYbyBj2xpPwQ1vhG1xrFmlhC7sXJr+qTQz+WVx2zwtCGZT
28WVa3BvbTOCyMD0GGaVxIHw318Ggsp6C4fiL9SbHd8USeKL3bFw4XZi0tQTFQ+Z
yneo9pGsPkO4mQqiA+Z8sJRv6zaumsr2skynwpa5qfW/snxltSbjcgZkxJWqGTlO
lFEZCF47jDVdbogl9uZr2lOjd/5LGjf2d2aUVJnik7a6iIhgeGQEpzV2cdbrlbkL
FZXHt9B1DI+GHwr0zLrIoZqDLChCinnOEa24V1F2bSlhA9b4jOez
-----END CERTIFICATE-----