Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215520.roa
File:                     AS215520.roa (raw, json)
Hash identifier:          PFCfmRLH1blOmKMdPB9/beCcI49ajjZxjkEGE3kzxDk=
Subject key identifier:   2A:E3:8C:5D:BD:F2:C7:75:77:B1:D5:F7:64:59:AE:A5:AB:49:F4:C6
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       42F727CB2D70DF9CB0A9FE7B88C89A5BB67AC590
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215520.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215520
IP address blocks:        2a0f:85c1:368::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:f7:27:cb:2d:70:df:9c:b0:a9:fe:7b:88:c8:9a:5b:b6:7a:c5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=2AE38C5DBDF2C77577B1D5F76459AEA5AB49F4C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:69:c5:47:8a:3f:66:38:f7:70:9b:bd:4b:01:
                    a0:19:29:41:39:c5:4a:2f:e8:93:a5:4c:08:24:1d:
                    67:aa:33:8e:bb:53:0e:fe:f7:90:cc:f9:84:f3:5f:
                    52:a6:16:7f:f0:9b:de:41:d4:06:80:9f:e5:d5:2b:
                    89:64:2a:21:0b:dc:8b:58:4f:6e:49:6e:63:31:6c:
                    d5:52:b6:39:77:e2:ec:91:2e:e2:23:15:8a:3c:99:
                    4c:76:27:3f:3d:da:75:53:03:fc:12:00:a5:b0:30:
                    0e:06:eb:df:bb:3d:4f:6b:92:9f:81:9c:25:65:c5:
                    70:b2:6d:b3:6f:19:84:c5:a7:53:5a:bf:b0:fc:4f:
                    bb:63:fa:7c:bd:02:07:bd:44:15:3c:13:2c:4e:de:
                    b9:0e:ab:03:78:94:85:d1:a0:bb:66:88:22:46:23:
                    5b:ec:56:47:85:56:b2:46:b1:9e:f5:86:e0:70:6e:
                    b3:ce:32:9a:81:a1:fa:9b:b8:6a:ee:04:0e:09:f2:
                    38:6e:53:89:ef:49:b4:2a:66:51:48:bb:52:05:55:
                    c5:ce:6f:b0:31:0c:c6:39:1d:b8:bd:80:e9:8a:96:
                    7b:b3:65:c3:c0:d5:69:98:58:c8:69:e3:1c:42:11:
                    7b:72:9f:1b:04:c6:22:d5:45:2c:b0:a4:a8:4b:99:
                    49:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E3:8C:5D:BD:F2:C7:75:77:B1:D5:F7:64:59:AE:A5:AB:49:F4:C6
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215520.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:368::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:67:2a:48:67:96:89:bd:fb:39:f7:f9:01:e4:9b:37:72:49:
         b2:7d:3c:2c:3b:ad:8f:11:07:3e:3b:bc:fe:54:34:bd:7e:59:
         56:17:6a:a1:e3:aa:c2:5b:49:b8:f4:c9:bc:b7:3f:4c:b0:23:
         7b:e0:dd:a1:b5:8e:cd:10:72:7e:82:ee:d6:6b:61:1e:90:bb:
         ff:c3:5e:6d:1b:dd:70:03:89:1f:84:80:64:38:e1:d3:06:77:
         53:ab:fa:c3:a9:65:b3:e6:f2:76:7e:7f:f0:a0:0d:7e:a3:ff:
         a8:26:b7:9a:21:65:4b:34:70:ab:32:68:cb:fa:92:98:0c:21:
         01:56:f6:d7:33:56:3d:92:fd:c1:c1:eb:f2:a8:ca:00:dd:a7:
         ad:e4:23:82:98:55:d0:87:50:c3:2f:33:4a:85:b6:70:e9:f1:
         b8:06:1f:57:71:60:35:21:bf:db:e1:bc:14:d1:ea:b1:0d:de:
         ac:86:e2:5b:6b:e2:d5:3e:b3:fe:47:fb:81:11:5a:1b:58:b9:
         7b:62:11:71:e1:a8:3f:d0:a2:74:66:4a:33:d8:39:4a:67:05:
         05:7b:0b:15:d0:17:71:ad:d0:19:63:f2:5f:64:28:50:d2:99:
         4c:fd:34:8d:1b:6b:e5:5f:7f:e7:b1:8f:94:7c:d2:45:0b:8e:
         2c:b2:d8:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQvcnyy1w35ywqf57iMiaW7Z6xZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKDJBRTM4QzVEQkRGMkM3NzU3N0IxRDVGNzY0NTlBRUE1QUI0OUY0QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPacVHij9mOPdwm71LAaAZKUE5
xUov6JOlTAgkHWeqM467Uw7+95DM+YTzX1KmFn/wm95B1AaAn+XVK4lkKiEL3ItY
T25JbmMxbNVStjl34uyRLuIjFYo8mUx2Jz892nVTA/wSAKWwMA4G69+7PU9rkp+B
nCVlxXCybbNvGYTFp1Nav7D8T7tj+ny9Age9RBU8EyxO3rkOqwN4lIXRoLtmiCJG
I1vsVkeFVrJGsZ71huBwbrPOMpqBofqbuGruBA4J8jhuU4nvSbQqZlFIu1IFVcXO
b7AxDMY5Hbi9gOmKlnuzZcPA1WmYWMhp4xxCEXtynxsExiLVRSywpKhLmUmtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUKuOMXb3yx3V3sdX3ZFmupatJ9MYwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNoMA0GCSqGSIb3DQEBCwUAA4IBAQBXZypIZ5aJvfs59/kB5Js3ckmyfTwsO62P
EQc+O7z+VDS9fllWF2qh46rCW0m49Mm8tz9MsCN74N2htY7NEHJ+gu7Wa2EekLv/
w15tG91wA4kfhIBkOOHTBndTq/rDqWWz5vJ2fn/woA1+o/+oJreaIWVLNHCrMmjL
+pKYDCEBVvbXM1Y9kv3BwevyqMoA3aet5COCmFXQh1DDLzNKhbZw6fG4Bh9XcWA1
Ib/b4bwU0eqxDd6shuJba+LVPrP+R/uBEVobWLl7YhFx4ag/0KJ0Zkoz2DlKZwUF
ewsV0BdxrdAZY/JfZChQ0plM/TSNG2vlX3/nsY+UfNJFC44sstjB
-----END CERTIFICATE-----