Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215382.roa
File:                     AS215382.roa (raw, json)
Hash identifier:          btHOi5ZiZtxsbjUHM/YLg/suKnwy+EF62rU9U/ZCyM8=
Subject key identifier:   0B:22:C6:45:E9:BF:06:8E:6E:25:B7:DF:EC:7F:B6:28:57:28:88:AC
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7ED65DC9AFAAFF311972792288D3C6DFBEE26165
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215382.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215382
IP address blocks:        2a0f:85c1:395::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d6:5d:c9:af:aa:ff:31:19:72:79:22:88:d3:c6:df:be:e2:61:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=0B22C645E9BF068E6E25B7DFEC7FB628572888AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c1:7d:b6:36:9e:51:93:ae:ad:74:fa:18:0c:
                    ff:c0:58:9c:d5:c3:41:61:c9:9f:d4:6d:83:c3:0e:
                    af:e9:b1:9f:bd:b4:d8:75:d1:93:59:7e:22:7a:9c:
                    0c:3a:9f:60:3c:4c:98:e1:9b:e3:1b:df:21:c0:e1:
                    7d:a7:41:07:58:16:d1:fb:82:81:8e:e2:dc:26:92:
                    13:d9:49:ca:d8:6d:e2:ad:8b:db:7d:b9:09:0f:9a:
                    db:43:87:fc:27:26:64:cd:95:a8:bb:1f:bf:af:1b:
                    f1:3e:8a:a2:70:ac:78:be:d1:57:f6:70:4b:ce:21:
                    89:7f:66:38:52:5f:36:99:83:ce:fb:94:cd:b7:ff:
                    7f:4a:b3:7c:11:93:bf:86:c3:dd:38:4a:a9:bb:bf:
                    b7:a2:24:1e:dd:87:2e:f1:6a:44:5b:e9:c5:d2:1f:
                    01:c3:56:de:f4:1b:07:ce:92:b5:aa:df:b7:d6:3f:
                    39:d2:ba:a7:38:b1:65:d6:8f:59:bc:2f:6c:69:1b:
                    73:36:79:e0:0a:9e:60:d1:ab:f1:13:73:58:11:ca:
                    28:fc:e9:fc:60:85:04:00:f8:e2:4f:5b:5b:a3:b7:
                    5d:40:66:69:fd:84:cb:6b:d1:b8:11:a9:e5:0d:7d:
                    a0:3e:d6:ca:a3:b3:2d:38:c3:e5:a7:34:79:f5:f0:
                    77:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:22:C6:45:E9:BF:06:8E:6E:25:B7:DF:EC:7F:B6:28:57:28:88:AC
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215382.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:395::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:7d:9f:37:02:b2:68:aa:6e:8c:f8:9b:9b:0c:f6:81:df:65:
         e1:32:36:1a:5e:19:20:40:c8:23:44:7e:18:be:f0:42:2a:20:
         89:90:eb:7b:03:ff:2f:cd:de:d7:66:22:12:ce:c3:0b:8c:0d:
         1c:63:68:b2:0c:35:59:bd:fd:e6:1d:ac:b8:c8:9c:81:f5:73:
         61:5e:53:4e:41:29:df:a1:97:d2:9c:c6:4e:92:5a:2e:95:6d:
         9a:de:df:58:2a:3e:5e:2e:a6:ec:b6:ce:c0:70:92:0e:f3:d6:
         fa:03:e5:38:08:ff:7a:af:bc:13:91:a8:c4:be:b3:6e:8c:71:
         34:e5:e0:ec:30:32:17:f9:06:68:de:be:18:a5:dc:d5:b9:c2:
         53:ef:df:07:1f:33:7b:45:07:11:c8:f5:9a:e8:3e:f4:11:4e:
         32:ff:27:f5:76:50:bc:75:7e:44:ec:85:62:df:b1:7d:fb:0d:
         c7:1f:87:41:55:5e:fe:68:49:47:8b:04:2b:49:26:8d:24:eb:
         e0:1a:11:08:d5:6d:6a:35:d2:f3:9e:40:db:f8:4a:7f:f9:d8:
         82:cf:67:c2:37:f5:57:78:0e:68:23:db:8b:d7:00:88:cf:0c:
         e7:12:8c:78:d5:62:19:81:42:8d:98:3e:69:7f:2c:ec:e4:74:
         57:a8:ed:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUftZdya+q/zEZcnkiiNPG377iYWUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKDBCMjJDNjQ1RTlCRjA2OEU2RTI1QjdERkVDN0ZCNjI4NTcyODg4QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwX22Np5Rk66tdPoYDP/AWJzV
w0FhyZ/UbYPDDq/psZ+9tNh10ZNZfiJ6nAw6n2A8TJjhm+Mb3yHA4X2nQQdYFtH7
goGO4twmkhPZScrYbeKti9t9uQkPmttDh/wnJmTNlai7H7+vG/E+iqJwrHi+0Vf2
cEvOIYl/ZjhSXzaZg877lM23/39Ks3wRk7+Gw904Sqm7v7eiJB7dhy7xakRb6cXS
HwHDVt70GwfOkrWq37fWPznSuqc4sWXWj1m8L2xpG3M2eeAKnmDRq/ETc1gRyij8
6fxghQQA+OJPW1ujt11AZmn9hMtr0bgRqeUNfaA+1sqjsy04w+WnNHn18HddAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCyLGRem/Bo5uJbff7H+2KFcoiKwwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MzgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOVMA0GCSqGSIb3DQEBCwUAA4IBAQCufZ83ArJoqm6M+JubDPaB32XhMjYaXhkg
QMgjRH4YvvBCKiCJkOt7A/8vzd7XZiISzsMLjA0cY2iyDDVZvf3mHay4yJyB9XNh
XlNOQSnfoZfSnMZOkloulW2a3t9YKj5eLqbsts7AcJIO89b6A+U4CP96r7wTkajE
vrNujHE05eDsMDIX+QZo3r4YpdzVucJT798HHzN7RQcRyPWa6D70EU4y/yf1dlC8
dX5E7IVi37F9+w3HH4dBVV7+aElHiwQrSSaNJOvgGhEI1W1qNdLznkDb+Ep/+diC
z2fCN/VXeA5oI9uL1wCIzwznEox41WIZgUKNmD5pfyzs5HRXqO2Y
-----END CERTIFICATE-----