Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215532.roa
File:                     AS215532.roa (raw, json)
Hash identifier:          oWRCAL+7REhmJYmEuCdBja3zYGs3svJGLd87Vd8Bz7I=
Subject key identifier:   0D:EE:1E:1D:A8:4A:EB:76:FB:BC:80:8B:9E:25:D1:0D:C2:DB:C9:1B
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1A7F82064D85264D81DE5EB81664634342761E10
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215532.roa
Signing time:             Thu 23 May 2024 16:49:08 +0000
ROA not before:           Thu 23 May 2024 16:44:08 +0000
ROA not after:            Thu 22 May 2025 16:49:08 +0000
asID:                     215532
IP address blocks:        2a0f:85c1:36d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:7f:82:06:4d:85:26:4d:81:de:5e:b8:16:64:63:43:42:76:1e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:08 2024 GMT
            Not After : May 22 16:49:08 2025 GMT
        Subject: CN=0DEE1E1DA84AEB76FBBC808B9E25D10DC2DBC91B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a7:6f:01:b6:ea:05:60:42:10:1a:d4:2b:02:
                    a8:24:73:64:77:ed:f8:d3:fd:b3:2d:9c:9f:11:c5:
                    5b:d5:0e:36:55:f9:25:00:32:20:dc:93:36:0d:f9:
                    e4:13:e9:35:75:43:f0:03:57:d8:f0:b7:26:82:d5:
                    9b:0c:d3:6f:c6:02:b0:e6:41:0e:1f:c9:6b:c0:c9:
                    c6:3d:c0:6b:d4:6e:fb:89:54:33:e7:00:9a:f3:40:
                    fa:3b:8a:a7:3e:56:5a:e7:09:dc:74:c8:ce:d9:5a:
                    44:2a:61:a8:4d:74:78:4d:ed:20:84:fd:b8:80:9c:
                    df:b4:74:ab:d3:d1:2b:f6:b0:b6:08:97:c4:43:70:
                    1c:c2:76:08:ff:76:d9:34:1d:24:49:09:15:df:6b:
                    e2:e3:35:77:44:7d:e1:df:07:a0:f9:34:54:ef:6f:
                    50:00:44:52:06:cf:64:f1:b3:11:36:a2:e1:ec:b2:
                    ff:a5:c9:88:28:2e:a1:76:f6:12:60:59:20:be:08:
                    b0:82:bd:0d:ff:6e:98:e7:5f:f1:93:df:db:ae:8f:
                    00:e1:7a:2e:16:b8:fe:a0:d3:7b:6f:96:ae:8e:17:
                    d4:36:8a:fc:a3:5c:87:af:c3:3e:fd:9c:2d:7e:70:
                    c7:a5:b8:5c:35:77:34:ea:50:87:be:23:18:f5:54:
                    48:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EE:1E:1D:A8:4A:EB:76:FB:BC:80:8B:9E:25:D1:0D:C2:DB:C9:1B
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:36d::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:59:45:a8:ac:a7:34:8a:d4:61:ef:26:bc:d2:38:96:a4:cb:
         0c:05:6d:99:48:2e:1f:b1:1d:1e:f7:d4:2d:1d:9c:34:c4:6e:
         46:57:a0:27:9e:76:5d:d8:e2:6c:30:70:5a:3e:37:6c:57:b8:
         49:34:9a:c0:48:91:f2:0e:dd:62:57:7c:ff:f8:86:0c:a0:cc:
         ba:af:b0:7e:d0:be:3b:3a:c0:42:60:ba:94:2d:33:46:8d:55:
         7e:e5:62:2d:4f:60:1c:3b:cc:45:38:95:9a:18:cb:8f:b8:b4:
         c3:d8:93:65:75:77:ca:b1:c3:10:49:9a:70:ac:27:72:b4:5d:
         f2:0d:de:23:0f:aa:fb:cb:96:50:3f:98:2c:ee:d5:c0:cb:31:
         e0:e0:ed:51:87:68:e6:e2:fe:7b:08:c3:c2:03:04:3c:2c:73:
         71:4b:26:7c:cf:99:89:7d:aa:86:25:4a:e1:73:a8:e1:fe:aa:
         17:28:b5:62:3f:9d:8b:85:d0:d2:c4:4c:01:2d:59:7a:d8:9a:
         23:8a:22:a1:07:44:ba:40:62:00:44:c7:55:bf:cd:80:c8:c6:
         03:52:26:33:45:bc:18:36:51:f3:c9:4c:0b:c1:9a:33:ba:68:
         62:fd:04:41:1a:df:0f:49:cc:aa:18:22:15:e2:13:b7:66:b0:
         ee:99:18:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGn+CBk2FJk2B3l64FmRjQ0J2HhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDhaFw0yNTA1MjIxNjQ5MDhaMDMxMTAvBgNV
BAMTKDBERUUxRTFEQTg0QUVCNzZGQkJDODA4QjlFMjVEMTBEQzJEQkM5MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+p28BtuoFYEIQGtQrAqgkc2R3
7fjT/bMtnJ8RxVvVDjZV+SUAMiDckzYN+eQT6TV1Q/ADV9jwtyaC1ZsM02/GArDm
QQ4fyWvAycY9wGvUbvuJVDPnAJrzQPo7iqc+VlrnCdx0yM7ZWkQqYahNdHhN7SCE
/biAnN+0dKvT0Sv2sLYIl8RDcBzCdgj/dtk0HSRJCRXfa+LjNXdEfeHfB6D5NFTv
b1AARFIGz2TxsxE2ouHssv+lyYgoLqF29hJgWSC+CLCCvQ3/bpjnX/GT39uujwDh
ei4WuP6g03tvlq6OF9Q2ivyjXIevwz79nC1+cMeluFw1dzTqUIe+Ixj1VEhHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDe4eHahK63b7vICLniXRDcLbyRswHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNtMA0GCSqGSIb3DQEBCwUAA4IBAQCYWUWorKc0itRh7ya80jiWpMsMBW2ZSC4f
sR0e99QtHZw0xG5GV6AnnnZd2OJsMHBaPjdsV7hJNJrASJHyDt1iV3z/+IYMoMy6
r7B+0L47OsBCYLqULTNGjVV+5WItT2AcO8xFOJWaGMuPuLTD2JNldXfKscMQSZpw
rCdytF3yDd4jD6r7y5ZQP5gs7tXAyzHg4O1Rh2jm4v57CMPCAwQ8LHNxSyZ8z5mJ
faqGJUrhc6jh/qoXKLViP52LhdDSxEwBLVl62JojiiKhB0S6QGIARMdVv82AyMYD
UiYzRbwYNlHzyUwLwZozumhi/QRBGt8PScyqGCIV4hO3ZrDumRjI
-----END CERTIFICATE-----