Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215368.roa
File:                     AS215368.roa (raw, json)
Hash identifier:          9z9BksHh6NmFaxWNqNBOuYhsDinYP/4B7HQXDDYVrO0=
Subject key identifier:   A4:F4:63:76:24:B4:B3:9C:30:7D:35:73:7C:16:D3:B0:57:71:14:C4
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       582B38079766BB61FD8116F7846FF61B44457618
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215368.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215368
IP address blocks:        2a0f:85c1:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:2b:38:07:97:66:bb:61:fd:81:16:f7:84:6f:f6:1b:44:45:76:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=A4F4637624B4B39C307D35737C16D3B0577114C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:62:86:de:b1:42:90:1b:e6:a6:85:ea:cb:af:
                    05:00:41:cb:ee:88:f0:56:36:cd:45:2a:cb:9a:9f:
                    e4:6f:4a:6d:9f:7b:a3:98:2e:8e:e3:db:3e:b0:12:
                    90:f4:af:35:0c:02:49:1d:52:6a:76:a2:d2:3e:14:
                    d6:e3:58:b1:04:df:9b:36:b6:3a:c5:7c:7a:ff:b2:
                    0c:1f:df:39:5c:1f:25:d1:12:ad:10:79:04:e7:0e:
                    61:2d:4d:4c:e1:05:db:e0:10:ac:ce:75:0d:8d:69:
                    5d:ec:f2:45:f7:45:3a:e8:72:a0:a5:ab:e1:8d:1e:
                    30:e0:d3:90:73:fd:01:49:e8:d2:97:48:05:52:ea:
                    ad:8f:85:7c:7d:e0:d0:49:c2:d9:7c:01:ae:d4:d1:
                    85:28:5f:5d:79:23:44:0c:43:83:12:e0:07:55:8b:
                    c0:2e:7e:e4:38:82:23:99:d3:a4:ca:01:b0:65:23:
                    81:28:68:8d:4f:65:e7:d4:d7:21:b0:5a:3e:40:07:
                    b2:12:80:82:69:7e:3e:45:f5:e2:4f:f5:30:12:24:
                    43:ba:47:d9:2e:1e:4d:7a:b5:1e:1e:4b:c7:1e:1d:
                    a4:3f:aa:c2:b7:60:d5:e5:b3:02:7d:e3:32:57:45:
                    8d:bd:dd:d9:da:4b:f6:35:83:99:ef:5b:5a:ec:f4:
                    1f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F4:63:76:24:B4:B3:9C:30:7D:35:73:7C:16:D3:B0:57:71:14:C4
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:23:56:e7:18:21:4e:69:a2:4f:3c:9f:3b:51:9f:96:24:d8:
         82:49:cb:59:3a:b3:65:7b:70:5f:0c:38:c8:8f:cf:40:60:29:
         33:01:9f:6f:21:83:b4:9f:73:28:3f:1d:ac:35:42:e7:49:c7:
         ae:cf:21:80:60:8d:69:a6:95:d5:e3:b5:1b:ca:12:43:57:f2:
         86:a4:f2:0d:10:78:98:5e:72:fd:ed:c1:0c:b6:5b:40:f8:ff:
         da:1b:28:58:d6:dd:41:5f:50:20:86:40:3b:15:bf:fb:6c:61:
         13:f7:0f:79:67:73:d7:db:48:9c:42:41:b5:30:ab:38:b1:1f:
         b2:59:38:8e:b1:72:b6:cd:f5:41:d1:bf:b2:dd:d7:76:3b:23:
         58:b3:38:39:06:22:07:d7:f7:11:0d:41:8e:38:63:b1:a5:cc:
         e4:1f:b9:15:b9:43:1c:01:67:85:16:10:72:49:86:2c:0c:97:
         de:31:af:87:a5:76:f0:42:7c:32:aa:08:07:05:87:0a:47:c3:
         78:cc:92:74:e6:c9:dc:75:b0:b3:c9:8d:05:0c:9d:20:eb:58:
         b5:c0:17:fc:e7:85:53:2c:55:c2:ef:fa:47:f9:d7:fa:c6:08:
         f3:62:c2:c5:bc:43:98:55:1d:7a:c0:be:3d:a1:62:0b:de:62:
         24:a8:10:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWCs4B5dmu2H9gRb3hG/2G0RFdhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKEE0RjQ2Mzc2MjRCNEIzOUMzMDdEMzU3MzdDMTZEM0IwNTc3MTE0QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYobesUKQG+amherLrwUAQcvu
iPBWNs1FKsuan+RvSm2fe6OYLo7j2z6wEpD0rzUMAkkdUmp2otI+FNbjWLEE35s2
tjrFfHr/sgwf3zlcHyXREq0QeQTnDmEtTUzhBdvgEKzOdQ2NaV3s8kX3RTrocqCl
q+GNHjDg05Bz/QFJ6NKXSAVS6q2PhXx94NBJwtl8Aa7U0YUoX115I0QMQ4MS4AdV
i8AufuQ4giOZ06TKAbBlI4EoaI1PZefU1yGwWj5AB7ISgIJpfj5F9eJP9TASJEO6
R9kuHk16tR4eS8ceHaQ/qsK3YNXlswJ94zJXRY293dnaS/Y1g5nvW1rs9B/bAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpPRjdiS0s5wwfTVzfBbTsFdxFMQwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQABMA0GCSqGSIb3DQEBCwUAA4IBAQAnI1bnGCFOaaJPPJ87UZ+WJNiCSctZOrNl
e3BfDDjIj89AYCkzAZ9vIYO0n3MoPx2sNULnSceuzyGAYI1pppXV47UbyhJDV/KG
pPINEHiYXnL97cEMtltA+P/aGyhY1t1BX1AghkA7Fb/7bGET9w95Z3PX20icQkG1
MKs4sR+yWTiOsXK2zfVB0b+y3dd2OyNYszg5BiIH1/cRDUGOOGOxpczkH7kVuUMc
AWeFFhBySYYsDJfeMa+HpXbwQnwyqggHBYcKR8N4zJJ05sncdbCzyY0FDJ0g61i1
wBf854VTLFXC7/pH+df6xgjzYsLFvEOYVR16wL49oWIL3mIkqBCc
-----END CERTIFICATE-----