Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215241.roa
File:                     AS215241.roa (raw, json)
Hash identifier:          ssJqdEt3Pv4cN9vjVJ1+5CINca62uWNqW6ohXQzT9hE=
Subject key identifier:   7E:4C:A6:D1:98:03:6C:3F:3D:E8:36:DE:EB:A1:54:1E:65:42:C3:AB
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7D1FD6E5190B9F4829ADBFF2B6378E01ADB806B0
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215241.roa
Signing time:             Thu 23 May 2024 16:49:08 +0000
ROA not before:           Thu 23 May 2024 16:44:08 +0000
ROA not after:            Thu 22 May 2025 16:49:08 +0000
asID:                     215241
IP address blocks:        2a0f:85c1:3a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:1f:d6:e5:19:0b:9f:48:29:ad:bf:f2:b6:37:8e:01:ad:b8:06:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:08 2024 GMT
            Not After : May 22 16:49:08 2025 GMT
        Subject: CN=7E4CA6D198036C3F3DE836DEEBA1541E6542C3AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:05:5e:1a:9c:cf:50:76:b4:3c:47:55:6b:e4:
                    18:9b:23:ca:29:f2:15:c3:eb:1b:4f:10:e7:97:89:
                    0f:f8:15:ae:d7:e4:94:fe:c1:c9:bc:45:c1:0c:bc:
                    8d:41:63:08:0b:48:b8:0b:23:0a:ac:65:42:88:06:
                    e2:c4:35:77:1d:8c:e3:6d:97:94:5e:be:d7:fa:30:
                    e2:97:c6:10:5a:fd:79:ac:7d:37:d1:39:26:a5:d8:
                    09:38:31:af:fe:3e:50:40:19:ef:bc:55:cf:b1:70:
                    62:e8:d6:51:8d:84:b1:5e:de:65:cf:c7:49:0d:e2:
                    10:db:0c:dc:3b:6b:d2:bf:0e:d6:a7:96:bc:e6:be:
                    33:ae:16:a0:e0:7b:78:8e:f7:b0:a4:b8:18:55:a7:
                    c5:cc:01:f4:b6:58:c5:c1:19:ee:d9:01:37:aa:64:
                    c0:c6:d1:b3:2c:cd:eb:16:2b:15:c7:80:7f:51:c5:
                    17:f3:a5:07:52:ba:53:bf:94:d4:47:13:d7:d9:9a:
                    ce:52:db:d7:99:35:0f:5e:a7:2b:03:f7:04:7a:f4:
                    a0:aa:0e:37:ae:93:60:a6:3b:df:17:a6:fb:7f:5b:
                    ef:fa:ec:3c:4c:a0:32:98:34:09:ba:c4:81:92:db:
                    07:dc:b6:bd:aa:ae:73:79:3d:4c:16:d9:43:76:85:
                    3c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4C:A6:D1:98:03:6C:3F:3D:E8:36:DE:EB:A1:54:1E:65:42:C3:AB
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215241.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:3f:0d:e8:b9:17:fb:9b:e3:de:3e:6e:36:f2:b3:8c:b4:5d:
         45:6e:41:f4:03:c2:8c:68:c8:5c:72:f7:e2:97:54:c8:6e:b7:
         c7:7c:6d:62:3e:67:cf:97:30:60:19:ae:4d:9b:08:ac:b5:f2:
         02:c6:59:2e:fc:9e:75:05:2b:cd:74:6d:5b:dd:a7:1f:36:de:
         db:0c:4b:af:80:58:af:a2:4c:fa:da:5f:b1:83:3a:e6:11:29:
         dd:f4:2a:41:40:8d:79:22:b0:c0:a5:84:8c:0b:64:78:2e:37:
         aa:f3:ea:10:e3:0c:83:f6:2b:08:34:81:b4:0f:47:c3:9b:5e:
         a6:10:c9:2f:1d:f8:e6:e3:15:56:4e:da:18:c9:42:1f:d0:4a:
         a5:95:a3:e5:c5:22:67:47:14:23:3a:0b:23:03:00:ba:5d:15:
         35:1a:9b:4c:f4:dd:01:8e:93:60:f4:3c:04:5e:66:49:f2:a1:
         58:71:82:13:b1:f0:e4:a8:5d:9f:8b:13:b2:62:4a:be:f0:b2:
         bb:31:4b:f1:74:b0:29:dc:86:9c:a0:e9:dd:e0:e9:7e:5b:1f:
         d2:cf:4c:f0:6c:6a:05:b2:53:5d:70:dc:17:29:d4:07:af:b0:
         15:39:78:a1:bb:bf:2f:64:32:a5:0a:bf:9d:a0:4d:52:64:84:
         ed:64:99:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfR/W5RkLn0gprb/ytjeOAa24BrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDhaFw0yNTA1MjIxNjQ5MDhaMDMxMTAvBgNV
BAMTKDdFNENBNkQxOTgwMzZDM0YzREU4MzZERUVCQTE1NDFFNjU0MkMzQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWBV4anM9QdrQ8R1Vr5BibI8op
8hXD6xtPEOeXiQ/4Fa7X5JT+wcm8RcEMvI1BYwgLSLgLIwqsZUKIBuLENXcdjONt
l5Revtf6MOKXxhBa/XmsfTfROSal2Ak4Ma/+PlBAGe+8Vc+xcGLo1lGNhLFe3mXP
x0kN4hDbDNw7a9K/DtanlrzmvjOuFqDge3iO97CkuBhVp8XMAfS2WMXBGe7ZATeq
ZMDG0bMszesWKxXHgH9RxRfzpQdSulO/lNRHE9fZms5S29eZNQ9epysD9wR69KCq
Djeuk2CmO98Xpvt/W+/67DxMoDKYNAm6xIGS2wfctr2qrnN5PUwW2UN2hTzRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfkym0ZgDbD896Dbe66FUHmVCw6swHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOkMA0GCSqGSIb3DQEBCwUAA4IBAQAOPw3ouRf7m+PePm428rOMtF1FbkH0A8KM
aMhccvfil1TIbrfHfG1iPmfPlzBgGa5NmwistfICxlku/J51BSvNdG1b3acfNt7b
DEuvgFivokz62l+xgzrmESnd9CpBQI15IrDApYSMC2R4Ljeq8+oQ4wyD9isINIG0
D0fDm16mEMkvHfjm4xVWTtoYyUIf0EqllaPlxSJnRxQjOgsjAwC6XRU1GptM9N0B
jpNg9DwEXmZJ8qFYcYITsfDkqF2fixOyYkq+8LK7MUvxdLAp3IacoOnd4Ol+Wx/S
z0zwbGoFslNdcNwXKdQHr7AVOXihu78vZDKlCr+doE1SZITtZJky
-----END CERTIFICATE-----