Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215674.roa
File:                     AS215674.roa (raw, json)
Hash identifier:          OJVzDvswLuKSWJKXkA7/hNzbPxPGfr7KFkf1AVJojRQ=
Subject key identifier:   51:86:EA:5D:1E:A3:71:CC:75:7C:B1:6A:60:E8:27:C8:E4:4C:D7:EA
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6D6A52A51A20025B7D499E369B49129F64620D4B
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215674.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215674
IP address blocks:        2a0f:85c1:359::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:6a:52:a5:1a:20:02:5b:7d:49:9e:36:9b:49:12:9f:64:62:0d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=5186EA5D1EA371CC757CB16A60E827C8E44CD7EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:31:35:b0:35:48:36:79:1a:ec:55:10:3c:8c:
                    1e:7d:ff:a3:a9:e3:c8:9c:18:0b:14:48:08:87:33:
                    a4:e0:ce:3d:43:3b:b7:62:44:4d:6b:66:6e:8a:6e:
                    e4:73:06:96:06:f1:a1:41:87:3d:ce:57:26:57:f3:
                    65:e9:a5:70:63:7f:70:65:e0:ee:28:d5:bb:38:00:
                    af:b1:e1:fc:52:2c:17:4e:0a:77:dd:e9:8f:78:09:
                    e3:c5:84:57:7c:c9:9c:3b:2e:21:d0:95:2b:04:f2:
                    e7:3b:18:0d:be:eb:92:37:d0:5b:a0:67:5d:13:70:
                    61:89:f1:43:cd:c9:6a:5c:ef:a8:3c:77:7c:d6:8b:
                    97:1c:c3:cf:2b:fc:ba:e7:c3:c0:44:11:63:e6:fd:
                    f4:fd:46:eb:a7:59:50:c0:d8:69:a0:85:47:fc:f1:
                    fe:e9:af:4d:7d:c9:7e:0f:44:15:96:b0:30:cb:ca:
                    86:39:1d:fc:44:59:4e:99:d9:b5:9d:15:d0:d2:08:
                    c0:56:a6:3e:61:fe:9c:25:a8:02:2b:b3:ba:39:d6:
                    ba:0f:a7:bc:07:83:16:d7:32:34:29:c0:a7:98:d3:
                    23:01:34:cd:50:c2:77:e1:00:4b:7c:fd:94:84:12:
                    4c:ae:f6:65:e4:2b:88:89:1e:d0:08:77:d1:95:da:
                    85:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:86:EA:5D:1E:A3:71:CC:75:7C:B1:6A:60:E8:27:C8:E4:4C:D7:EA
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215674.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:359::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:3b:2c:08:91:5a:1c:35:2a:2d:f9:14:f4:35:9e:b0:82:13:
         e1:17:d1:66:ed:5b:f3:83:64:c3:b0:7e:08:51:48:60:43:38:
         11:74:19:58:5e:d4:fa:e1:2b:5a:ad:62:06:18:5b:22:b5:0b:
         cc:71:8d:fd:f9:22:ec:90:0a:66:eb:70:4e:d2:24:f4:89:b7:
         c2:c7:96:5a:c9:27:1f:13:c6:93:6a:43:3e:8c:25:6a:57:ea:
         af:1f:ba:52:6f:0d:8e:74:c1:f3:1a:8d:e2:f1:4c:9c:a1:c9:
         2d:02:0c:44:a7:d5:a1:57:48:e8:76:f3:c3:98:cc:4f:59:77:
         3a:ca:d2:9c:29:89:a5:c5:36:31:6d:ff:9d:f0:c4:95:6e:5b:
         77:f7:c1:cd:f2:da:ec:d4:d1:a5:52:ba:49:13:80:12:37:f0:
         0e:6c:5c:64:c0:d2:b3:04:86:fa:74:09:22:8b:8f:7f:59:19:
         79:c9:79:74:43:ca:aa:46:8a:40:cf:1b:6c:bf:2f:36:51:96:
         96:f6:dd:19:ee:33:8e:11:23:a6:2d:14:0b:51:5d:9c:ba:a7:
         6e:ed:6a:56:00:81:62:09:be:32:b4:b9:ce:07:da:bf:53:60:
         d4:92:6f:96:82:f9:66:57:b0:0b:e2:91:e1:66:d6:ee:44:d3:
         b5:5c:41:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbWpSpRogAlt9SZ42m0kSn2RiDUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDUxODZFQTVEMUVBMzcxQ0M3NTdDQjE2QTYwRTgyN0M4RTQ0Q0Q3RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MTWwNUg2eRrsVRA8jB59/6Op
48icGAsUSAiHM6Tgzj1DO7diRE1rZm6KbuRzBpYG8aFBhz3OVyZX82XppXBjf3Bl
4O4o1bs4AK+x4fxSLBdOCnfd6Y94CePFhFd8yZw7LiHQlSsE8uc7GA2+65I30Fug
Z10TcGGJ8UPNyWpc76g8d3zWi5ccw88r/Lrnw8BEEWPm/fT9RuunWVDA2GmghUf8
8f7pr019yX4PRBWWsDDLyoY5HfxEWU6Z2bWdFdDSCMBWpj5h/pwlqAIrs7o51roP
p7wHgxbXMjQpwKeY0yMBNM1QwnfhAEt8/ZSEEkyu9mXkK4iJHtAId9GV2oVrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUUYbqXR6jccx1fLFqYOgnyORM1+owHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1Njc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNZMA0GCSqGSIb3DQEBCwUAA4IBAQArOywIkVocNSot+RT0NZ6wghPhF9Fm7Vvz
g2TDsH4IUUhgQzgRdBlYXtT64StarWIGGFsitQvMcY39+SLskApm63BO0iT0ibfC
x5ZayScfE8aTakM+jCVqV+qvH7pSbw2OdMHzGo3i8UycocktAgxEp9WhV0jodvPD
mMxPWXc6ytKcKYmlxTYxbf+d8MSVblt398HN8trs1NGlUrpJE4ASN/AObFxkwNKz
BIb6dAkii49/WRl5yXl0Q8qqRopAzxtsvy82UZaW9t0Z7jOOESOmLRQLUV2cuqdu
7WpWAIFiCb4ytLnOB9q/U2DUkm+WgvlmV7AL4pHhZtbuRNO1XEH4
-----END CERTIFICATE-----