Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215379.roa
File:                     AS215379.roa (raw, json)
Hash identifier:          8PH9P0i26YbfbZZOynL+vPZZaHMmVk4GoPPEMN8pbjs=
Subject key identifier:   0F:F2:0B:55:C1:E3:04:FE:53:AD:B1:78:04:05:10:F9:FD:FE:DE:CD
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1F8232EB3A6CAAB4C22E5F49EBEF25B0E12EFBEC
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215379.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     215379
IP address blocks:        2a0f:85c1:396::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:82:32:eb:3a:6c:aa:b4:c2:2e:5f:49:eb:ef:25:b0:e1:2e:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=0FF20B55C1E304FE53ADB178040510F9FDFEDECD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:2a:9f:aa:ce:a1:3f:1b:e7:a2:ff:09:79:
                    f2:d4:5f:1f:82:73:2f:8e:7a:29:26:7a:da:f0:f8:
                    d7:b1:ba:de:2d:7b:eb:aa:3e:22:05:e5:7d:cf:ce:
                    5b:8b:d0:0b:e5:68:60:e0:9d:a3:3b:5b:4f:bf:2b:
                    a6:a3:19:2d:05:84:24:95:c0:9b:53:cc:0b:2b:a1:
                    6e:cf:37:0e:ee:5e:9f:b3:6f:ee:5c:62:ce:42:d4:
                    8e:85:95:85:6c:99:f8:80:5a:62:a9:93:1b:a3:e8:
                    15:d8:48:cc:04:dc:00:a5:35:04:b5:0b:f2:cb:35:
                    91:ec:2e:dd:32:80:1e:a1:c4:fe:2e:f4:28:29:70:
                    cf:5d:88:b1:cb:27:cf:41:88:08:70:21:c3:93:58:
                    d7:3a:ed:3d:4f:ca:fa:3e:17:1d:48:26:0a:24:dd:
                    3e:ae:3d:69:65:c5:59:f7:09:04:ed:a1:4c:6a:c3:
                    ff:f2:08:91:95:d1:c7:40:c7:64:97:0f:77:a4:56:
                    51:2b:14:c4:b0:95:c6:ac:6d:52:29:92:aa:0e:a6:
                    0d:ab:3d:5d:1c:48:4a:54:d5:bc:a7:63:17:c2:20:
                    52:1a:53:f0:6f:36:f2:e7:6d:bc:e2:98:3a:20:bd:
                    d2:33:fb:89:ad:64:58:47:5d:4a:34:94:2f:a3:3d:
                    52:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F2:0B:55:C1:E3:04:FE:53:AD:B1:78:04:05:10:F9:FD:FE:DE:CD
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215379.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:396::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:65:ca:76:fc:67:00:33:1e:59:88:19:aa:b6:6e:e3:24:ac:
         74:96:40:02:46:58:a4:b2:66:15:0f:4d:92:50:6a:8b:dd:da:
         c2:ce:54:fe:c4:09:99:a0:f2:18:ee:ff:46:62:ad:9c:11:2f:
         e9:d3:f4:80:18:e0:e5:34:83:1d:02:08:ad:f8:fd:f1:b6:a5:
         29:fb:df:c1:e5:f8:4d:8c:00:28:cd:25:43:90:c3:d6:cd:f4:
         9d:b3:79:6b:4b:4e:3c:80:1b:2c:52:bd:68:ea:1c:1b:f6:0f:
         7b:02:37:db:35:12:e7:22:b5:42:a2:6d:bc:88:b6:aa:2a:37:
         02:ce:d4:9a:06:17:74:f5:32:66:36:e2:46:be:6a:e5:35:31:
         3c:2b:d7:c3:a9:6b:b3:3f:e0:fd:f5:50:57:8c:ca:8f:f8:38:
         d3:8a:f2:5a:1b:88:46:55:fd:d7:c7:2d:05:42:4c:6a:d5:84:
         a8:c5:2e:fd:23:b1:b7:4a:a4:80:e9:8e:2f:a3:d6:a6:1e:ce:
         34:ca:52:57:45:85:95:0c:44:f6:25:10:ae:fb:51:d8:81:23:
         8b:a5:03:47:48:f7:ea:6e:a5:f9:84:95:4e:33:44:ea:8d:65:
         fc:a4:e1:7d:2d:c6:26:02:81:6c:57:49:a8:a1:c3:da:af:16:
         bb:7a:e8:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH4Iy6zpsqrTCLl9J6+8lsOEu++wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKDBGRjIwQjU1QzFFMzA0RkU1M0FEQjE3ODA0MDUxMEY5RkRGRURFQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAqSqfqs6hPxvnov8JefLUXx+C
cy+Oeikmetrw+Nexut4te+uqPiIF5X3PzluL0AvlaGDgnaM7W0+/K6ajGS0FhCSV
wJtTzAsroW7PNw7uXp+zb+5cYs5C1I6FlYVsmfiAWmKpkxuj6BXYSMwE3AClNQS1
C/LLNZHsLt0ygB6hxP4u9CgpcM9diLHLJ89BiAhwIcOTWNc67T1Pyvo+Fx1IJgok
3T6uPWllxVn3CQTtoUxqw//yCJGV0cdAx2SXD3ekVlErFMSwlcasbVIpkqoOpg2r
PV0cSEpU1bynYxfCIFIaU/BvNvLnbbzimDogvdIz+4mtZFhHXUo0lC+jPVLTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUD/ILVcHjBP5TrbF4BAUQ+f3+3s0wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1Mzc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOWMA0GCSqGSIb3DQEBCwUAA4IBAQA4Zcp2/GcAMx5ZiBmqtm7jJKx0lkACRlik
smYVD02SUGqL3drCzlT+xAmZoPIY7v9GYq2cES/p0/SAGODlNIMdAgit+P3xtqUp
+9/B5fhNjAAozSVDkMPWzfSds3lrS048gBssUr1o6hwb9g97AjfbNRLnIrVCom28
iLaqKjcCztSaBhd09TJmNuJGvmrlNTE8K9fDqWuzP+D99VBXjMqP+DjTivJaG4hG
Vf3Xxy0FQkxq1YSoxS79I7G3SqSA6Y4vo9amHs40ylJXRYWVDET2JRCu+1HYgSOL
pQNHSPfqbqX5hJVOM0TqjWX8pOF9LcYmAoFsV0moocParxa7eui/
-----END CERTIFICATE-----