Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215470.roa
File:                     AS215470.roa (raw, json)
Hash identifier:          Rb7lgPQ7dNui7D4OUWTiI/AlNPRpFD4Q/3Dp9L+IzNQ=
Subject key identifier:   63:AA:1F:39:BD:C8:DD:6C:2D:89:11:32:C2:19:BE:9B:6C:03:76:42
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       76B1F90F4A603EC76C8B771F9B0B82B08CB8A29A
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215470.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     215470
IP address blocks:        2a0f:85c1:390::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b1:f9:0f:4a:60:3e:c7:6c:8b:77:1f:9b:0b:82:b0:8c:b8:a2:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=63AA1F39BDC8DD6C2D891132C219BE9B6C037642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6c:cf:2c:8e:70:94:c6:af:2c:65:ef:f5:8d:
                    df:5b:17:b9:cc:58:a2:9c:3e:bf:c9:24:53:9b:ad:
                    2d:dc:0a:41:d5:11:29:e2:52:b6:e3:8b:4c:42:be:
                    f2:7e:f5:5d:eb:c3:1b:43:ac:29:fb:9d:79:53:54:
                    ca:11:59:55:c9:45:6a:f6:08:6a:b7:7f:da:23:f1:
                    05:e5:0d:eb:d2:76:51:f4:11:2b:b0:93:f2:a4:e7:
                    d3:2a:44:9b:02:52:37:d8:e3:cf:4c:88:f4:e6:5f:
                    0c:1b:c4:ae:fd:b9:db:c1:c3:14:0d:cd:9b:7d:04:
                    cb:ee:c4:23:cb:da:4a:64:4e:d3:8f:c0:94:1e:fb:
                    47:88:0e:68:f1:32:52:ed:67:4c:dd:95:55:42:63:
                    13:34:fe:85:00:cc:0a:c5:23:0b:a4:c3:87:63:db:
                    f2:6b:ad:50:41:fd:31:39:8e:4e:6a:a7:fc:11:dd:
                    76:b1:07:95:2f:5a:3b:27:74:1b:ea:db:76:e5:8d:
                    d1:b6:63:b5:2a:7f:dc:6d:fe:81:4d:85:e6:f9:2f:
                    1f:42:e4:36:12:65:20:ba:1b:48:39:81:08:4a:72:
                    ea:09:9c:ca:42:c7:01:20:5b:f6:8e:fe:51:48:ed:
                    40:4b:7a:d3:26:26:af:57:b0:35:4a:1b:26:4d:86:
                    36:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:AA:1F:39:BD:C8:DD:6C:2D:89:11:32:C2:19:BE:9B:6C:03:76:42
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:390::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:20:8d:15:15:f6:84:b7:e9:3f:13:be:89:75:85:89:9e:e0:
         84:0c:b9:41:b3:09:86:41:69:a9:35:c5:e5:0c:e4:cd:c9:9d:
         a6:ea:57:2c:55:25:87:13:e6:54:fc:74:ff:4c:3f:de:31:dc:
         79:44:b9:74:f8:27:64:cd:22:8a:33:d7:a4:cc:0e:94:1c:a8:
         07:c3:e2:8c:bd:78:8a:41:e5:07:b2:15:c0:79:dd:b9:02:a2:
         e2:c7:99:e9:bc:87:7a:66:c4:df:fa:40:53:7d:7a:76:d9:06:
         25:b7:f2:0b:0c:bf:ee:e1:8e:14:f7:72:e8:da:8d:a9:58:5a:
         fa:fa:b3:34:46:75:d8:00:98:ca:4d:27:1e:3c:95:e9:99:12:
         93:60:a8:a5:dd:1a:3f:b0:05:c1:18:fe:74:4b:03:4f:fb:28:
         ae:43:11:4e:b4:1c:61:2a:13:9d:a6:76:31:ee:3e:2e:04:7f:
         9d:15:8b:aa:f3:5a:0a:54:1d:91:c6:34:88:ad:18:20:6f:8d:
         89:8b:5d:e5:e8:e0:0d:b4:3c:4c:68:c3:2b:eb:75:a5:f9:9e:
         8b:1a:c9:f6:fa:f9:d1:c3:22:c0:61:a0:2c:37:29:59:3a:bf:
         b6:89:d4:de:87:bf:a1:d8:72:b5:02:90:5c:fc:14:00:4a:97:
         cd:a2:58:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdrH5D0pgPsdsi3cfmwuCsIy4opowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKDYzQUExRjM5QkRDOERENkMyRDg5MTEzMkMyMTlCRTlCNkMwMzc2NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6bM8sjnCUxq8sZe/1jd9bF7nM
WKKcPr/JJFObrS3cCkHVESniUrbji0xCvvJ+9V3rwxtDrCn7nXlTVMoRWVXJRWr2
CGq3f9oj8QXlDevSdlH0ESuwk/Kk59MqRJsCUjfY489MiPTmXwwbxK79udvBwxQN
zZt9BMvuxCPL2kpkTtOPwJQe+0eIDmjxMlLtZ0zdlVVCYxM0/oUAzArFIwukw4dj
2/JrrVBB/TE5jk5qp/wR3XaxB5UvWjsndBvq23bljdG2Y7Uqf9xt/oFNheb5Lx9C
5DYSZSC6G0g5gQhKcuoJnMpCxwEgW/aO/lFI7UBLetMmJq9XsDVKGyZNhjaDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUY6ofOb3I3WwtiREywhm+m2wDdkIwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOQMA0GCSqGSIb3DQEBCwUAA4IBAQBDII0VFfaEt+k/E76JdYWJnuCEDLlBswmG
QWmpNcXlDOTNyZ2m6lcsVSWHE+ZU/HT/TD/eMdx5RLl0+CdkzSKKM9ekzA6UHKgH
w+KMvXiKQeUHshXAed25AqLix5npvId6ZsTf+kBTfXp22QYlt/ILDL/u4Y4U93Lo
2o2pWFr6+rM0RnXYAJjKTScePJXpmRKTYKil3Ro/sAXBGP50SwNP+yiuQxFOtBxh
KhOdpnYx7j4uBH+dFYuq81oKVB2RxjSIrRggb42Ji13l6OANtDxMaMMr63Wl+Z6L
Gsn2+vnRwyLAYaAsNylZOr+2idTeh7+h2HK1ApBc/BQASpfNoliU
-----END CERTIFICATE-----