Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215516.roa
File:                     AS215516.roa (raw, json)
Hash identifier:          eCgjw8eGt0oyf456sOUZ3OXN95BLC1O0azLe/wLshzM=
Subject key identifier:   EE:D8:A9:1E:C6:80:EC:57:64:5B:F9:AB:4C:B9:14:27:FB:D6:02:E0
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       12716E51E7F8413C204A24F702F4C7F8C1F6C907
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215516.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215516
IP address blocks:        2a0f:85c1:366::/48 maxlen: 48
                          2a0f:85c1:380::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:71:6e:51:e7:f8:41:3c:20:4a:24:f7:02:f4:c7:f8:c1:f6:c9:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=EED8A91EC680EC57645BF9AB4CB91427FBD602E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:81:71:fa:76:91:d3:65:47:c9:36:62:8d:7f:
                    09:da:27:d9:2c:cf:dd:40:f3:a9:18:67:45:81:0a:
                    66:f8:a1:aa:35:81:10:f4:ac:d9:d2:ba:6d:d4:62:
                    de:1a:c3:4b:4c:65:e9:ee:43:aa:26:4b:65:de:b5:
                    62:45:1a:84:3e:46:9e:d5:69:1a:ac:3f:88:71:37:
                    fc:b9:a4:8c:0a:f0:2a:9e:b9:af:d5:76:da:68:f7:
                    9e:19:a3:ec:ac:c9:89:d9:c2:ef:f0:b1:82:1c:3c:
                    e8:f3:e5:b2:3c:81:e6:d0:28:6e:63:0b:f4:61:35:
                    4f:09:82:ca:f0:ed:55:24:c2:15:1b:df:38:97:af:
                    7b:bb:4f:88:64:e5:bc:9d:df:f0:0b:05:45:66:25:
                    bc:3f:2e:c3:3b:49:2c:bc:23:0c:c0:33:39:cb:90:
                    9b:a6:9a:37:34:ec:f9:ca:b1:08:39:fa:57:cf:b9:
                    38:f0:a0:ee:e4:42:31:7c:0d:cc:bb:7b:5c:ed:c4:
                    8f:23:02:68:ef:5d:3a:7f:73:65:20:8f:8e:83:d1:
                    fb:40:08:04:54:0b:ae:65:81:38:da:67:c6:73:d1:
                    e0:0a:a9:a7:43:52:54:07:a8:b1:af:bc:f6:47:db:
                    63:1e:9a:31:af:06:67:00:1e:4d:2c:12:aa:3a:66:
                    ff:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:D8:A9:1E:C6:80:EC:57:64:5B:F9:AB:4C:B9:14:27:FB:D6:02:E0
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215516.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:366::/48
                  2a0f:85c1:380::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:f9:7a:e9:30:f6:a8:7e:25:5c:e1:cb:c8:9e:af:d2:a9:1a:
         ab:51:12:93:f2:4e:40:03:cd:69:2f:2e:a2:0c:63:90:7b:10:
         fe:41:7f:2e:b1:be:e9:ac:00:5b:71:84:36:55:e9:bb:ba:c8:
         c5:e7:dc:82:11:46:52:4d:d0:81:e4:ab:c6:8c:04:5a:e1:c9:
         a5:d4:23:d1:7c:f9:e8:cf:af:82:75:53:6c:b3:1f:37:33:9c:
         75:5e:5e:f5:c4:60:00:e1:73:95:b0:c6:ed:6c:07:3a:bc:6d:
         bf:04:1f:53:a8:d3:c8:83:64:5f:54:4f:1c:d8:f2:2d:0c:0b:
         90:76:5f:f4:be:cc:de:f6:6f:fa:8d:52:74:cc:cf:33:00:fa:
         8d:f9:a4:ac:3b:e5:03:4e:9e:e2:61:fb:0c:73:e9:d2:b5:4b:
         f3:08:0e:d6:32:9c:6d:46:8d:2c:12:ab:c8:6c:ce:40:b9:d2:
         59:34:1c:e3:55:48:ca:2c:49:fb:78:2a:cf:f6:e1:79:ed:1c:
         06:7c:f9:7c:54:6c:f1:85:f1:e6:a8:45:05:6d:2c:6a:67:5a:
         b6:41:db:1b:38:86:96:14:c1:a4:8a:76:62:66:92:72:78:9b:
         5e:00:28:83:14:8c:9c:30:c1:69:84:0b:d0:c0:22:89:12:d1:
         35:6d:f1:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUEnFuUef4QTwgSiT3AvTH+MH2yQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKEVFRDhBOTFFQzY4MEVDNTc2NDVCRjlBQjRDQjkxNDI3RkJENjAyRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNgXH6dpHTZUfJNmKNfwnaJ9ks
z91A86kYZ0WBCmb4oao1gRD0rNnSum3UYt4aw0tMZenuQ6omS2XetWJFGoQ+Rp7V
aRqsP4hxN/y5pIwK8Cqeua/Vdtpo954Zo+ysyYnZwu/wsYIcPOjz5bI8gebQKG5j
C/RhNU8Jgsrw7VUkwhUb3ziXr3u7T4hk5byd3/ALBUVmJbw/LsM7SSy8IwzAMznL
kJummjc07PnKsQg5+lfPuTjwoO7kQjF8Dcy7e1ztxI8jAmjvXTp/c2Ugj46D0ftA
CARUC65lgTjaZ8Zz0eAKqadDUlQHqLGvvPZH22MemjGvBmcAHk0sEqo6Zv9pAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU7tipHsaA7FdkW/mrTLkUJ/vWAuAwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NTE2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQNmAwcEKg+FwQOAMA0GCSqGSIb3DQEBCwUAA4IBAQA3+XrpMPaofiVc4cvInq/S
qRqrURKT8k5AA81pLy6iDGOQexD+QX8usb7prABbcYQ2Vem7usjF59yCEUZSTdCB
5KvGjARa4cml1CPRfPnoz6+CdVNssx83M5x1Xl71xGAA4XOVsMbtbAc6vG2/BB9T
qNPIg2RfVE8c2PItDAuQdl/0vsze9m/6jVJ0zM8zAPqN+aSsO+UDTp7iYfsMc+nS
tUvzCA7WMpxtRo0sEqvIbM5AudJZNBzjVUjKLEn7eCrP9uF57RwGfPl8VGzxhfHm
qEUFbSxqZ1q2QdsbOIaWFMGkinZiZpJyeJteACiDFIycMMFphAvQwCKJEtE1bfFb
-----END CERTIFICATE-----