Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215280.roa
File:                     AS215280.roa (raw, json)
Hash identifier:          ZBwL9rZjbkYEUAN+0cdhNViU4RkVxGdOakdwh9WsgCU=
Subject key identifier:   D8:B0:68:65:37:6A:E8:01:79:DF:AC:30:4A:33:49:ED:2D:69:B2:A4
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       28A595AF36A88AFB0AF12DB5EE8EE7D027335A42
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215280.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215280
IP address blocks:        2a0f:85c1:39d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a5:95:af:36:a8:8a:fb:0a:f1:2d:b5:ee:8e:e7:d0:27:33:5a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=D8B06865376AE80179DFAC304A3349ED2D69B2A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:18:60:a2:aa:14:7c:ed:3d:44:aa:b8:ab:10:
                    c4:4e:cb:09:02:d6:b6:3f:70:4b:e9:24:1d:93:dd:
                    54:aa:7c:24:f1:a2:cf:89:65:2c:1f:25:ec:5a:a8:
                    e6:1c:91:53:55:35:24:e3:a0:53:d0:1a:43:74:32:
                    bc:1b:bf:c9:d9:5f:ea:37:a2:97:bc:a1:2a:18:e7:
                    83:9f:24:d4:6c:f1:2f:3a:d1:12:e1:40:96:c4:c9:
                    b1:3a:0b:7b:db:f8:a9:74:de:82:31:32:19:99:e1:
                    fe:5d:92:50:0f:cd:bf:ba:79:af:e6:37:5d:0f:39:
                    90:0d:02:55:05:4f:9d:e1:7e:6b:23:a9:e1:71:32:
                    36:b9:f0:9b:ab:61:2b:41:9b:03:a0:c3:c1:4a:a8:
                    71:c8:cb:0e:94:e3:74:77:42:e2:e7:66:26:84:ab:
                    ae:d9:19:7e:cf:d5:03:e6:58:63:90:e8:e6:d4:ed:
                    31:ae:86:7f:96:94:c0:79:18:9f:2b:2b:52:71:4e:
                    73:c4:53:29:db:10:18:50:eb:93:20:2e:17:89:ee:
                    c4:7e:77:02:e6:65:cf:23:29:0b:3b:81:25:74:5f:
                    7f:0d:67:61:22:b6:1e:62:94:94:87:06:2f:14:6f:
                    50:93:dd:16:92:c9:64:20:6a:36:4a:c5:c4:ab:65:
                    6c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B0:68:65:37:6A:E8:01:79:DF:AC:30:4A:33:49:ED:2D:69:B2:A4
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215280.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39d::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:a9:09:62:ab:4f:04:dc:62:44:f0:67:96:02:0e:9b:73:50:
         6e:39:16:5c:a6:38:6c:c0:42:76:7f:94:60:64:99:93:e2:a5:
         47:94:97:96:9a:44:2d:73:22:ad:32:cd:4a:44:1a:4a:62:db:
         43:a5:0b:48:40:6b:0c:4d:e2:d7:cd:dd:80:20:e7:b6:4d:14:
         2d:e1:6a:83:36:64:62:48:de:69:71:b9:76:68:90:6a:11:6b:
         68:76:24:79:cd:c2:b2:b2:5c:22:e2:7a:c7:50:6b:ec:ae:a4:
         30:5c:80:b3:f0:9d:63:11:57:1f:12:4c:b5:5d:fb:2d:62:eb:
         be:3a:9f:5a:7c:84:98:9e:79:82:e3:66:19:61:fe:eb:93:2a:
         a0:ec:68:f2:82:b2:50:25:50:99:97:f1:f2:c0:fc:79:7a:df:
         06:84:99:d8:9b:57:57:4c:1c:f7:be:cc:de:51:d5:97:71:37:
         de:9a:56:7f:9d:00:69:b6:93:7a:59:c3:fb:85:98:da:a2:1e:
         6b:2e:d6:71:8a:95:14:91:00:cf:fb:1a:cd:63:fe:3e:89:40:
         f5:32:b4:23:98:20:65:e1:81:2b:2d:79:08:76:9b:3a:5e:fd:
         3b:48:55:f6:d5:32:5e:9b:a8:46:fe:ec:59:86:07:3e:43:11:
         48:82:e3:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKKWVrzaoivsK8S217o7n0CczWkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKEQ4QjA2ODY1Mzc2QUU4MDE3OURGQUMzMDRBMzM0OUVEMkQ2OUIyQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTGGCiqhR87T1EqrirEMROywkC
1rY/cEvpJB2T3VSqfCTxos+JZSwfJexaqOYckVNVNSTjoFPQGkN0Mrwbv8nZX+o3
ope8oSoY54OfJNRs8S860RLhQJbEybE6C3vb+Kl03oIxMhmZ4f5dklAPzb+6ea/m
N10POZANAlUFT53hfmsjqeFxMja58JurYStBmwOgw8FKqHHIyw6U43R3QuLnZiaE
q67ZGX7P1QPmWGOQ6ObU7TGuhn+WlMB5GJ8rK1JxTnPEUynbEBhQ65MgLheJ7sR+
dwLmZc8jKQs7gSV0X38NZ2Eith5ilJSHBi8Ub1CT3RaSyWQgajZKxcSrZWzDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2LBoZTdq6AF536wwSjNJ7S1psqQwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOdMA0GCSqGSIb3DQEBCwUAA4IBAQC4qQliq08E3GJE8GeWAg6bc1BuORZcpjhs
wEJ2f5RgZJmT4qVHlJeWmkQtcyKtMs1KRBpKYttDpQtIQGsMTeLXzd2AIOe2TRQt
4WqDNmRiSN5pcbl2aJBqEWtodiR5zcKyslwi4nrHUGvsrqQwXICz8J1jEVcfEky1
XfstYuu+Op9afISYnnmC42YZYf7rkyqg7GjygrJQJVCZl/HywPx5et8GhJnYm1dX
TBz3vszeUdWXcTfemlZ/nQBptpN6WcP7hZjaoh5rLtZxipUUkQDP+xrNY/4+iUD1
MrQjmCBl4YErLXkIdps6Xv07SFX21TJem6hG/uxZhgc+QxFIguNy
-----END CERTIFICATE-----