Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215731.roa
File:                     AS215731.roa (raw, json)
Hash identifier:          ok2aU5O1KZ/gth4vn7UicRtX2HJdxJE+6ZcJYCBCVMc=
Subject key identifier:   0F:11:7F:56:6B:96:AC:59:DF:7E:D6:91:B7:53:5B:B7:26:13:67:66
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       77EB3B6B405544CADB9EBB34076C7DBF1D6D69FF
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215731.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215731
IP address blocks:        2a0f:85c1:349::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:eb:3b:6b:40:55:44:ca:db:9e:bb:34:07:6c:7d:bf:1d:6d:69:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=0F117F566B96AC59DF7ED691B7535BB726136766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:18:66:d4:a7:9a:fb:38:c0:04:a5:22:ca:ae:
                    c9:71:21:ac:c8:95:d3:31:af:72:1b:29:fe:c3:14:
                    a3:f5:22:25:04:52:74:3b:83:df:bb:21:6c:b9:ae:
                    98:e3:dc:0a:b5:85:3b:02:ea:cf:22:5e:dd:fe:53:
                    66:3a:b2:0e:e2:d0:64:46:2c:e9:ac:10:a5:10:00:
                    04:36:86:fe:4e:54:82:66:74:b6:99:f5:46:63:a0:
                    89:58:a0:6c:d9:0c:c0:55:42:66:a1:d4:57:f1:8b:
                    a2:af:5c:53:05:ba:cc:b7:f2:b0:23:4a:8c:fc:d3:
                    36:cc:8a:2d:4b:e3:9d:b6:71:32:c9:06:97:0d:ec:
                    04:eb:0a:3d:b6:77:98:5f:08:fd:95:53:ed:66:6b:
                    57:b1:7d:4e:fe:0c:21:b7:27:54:2b:6d:03:08:a6:
                    2d:ec:95:85:5b:76:6d:5a:1b:aa:b1:5c:5a:a8:bc:
                    77:8d:62:32:ae:2f:65:79:11:58:99:be:3a:87:4a:
                    cf:c7:70:a1:b7:ac:c2:8e:12:d0:63:70:dc:08:42:
                    8a:a8:9c:36:da:a4:d4:4c:2b:30:07:31:62:7d:59:
                    2e:72:a2:62:61:0a:2b:66:fd:73:bf:21:6d:79:23:
                    80:22:b8:34:68:e0:c6:92:6f:42:42:d6:bf:48:a8:
                    c1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:11:7F:56:6B:96:AC:59:DF:7E:D6:91:B7:53:5B:B7:26:13:67:66
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:349::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:c4:cb:ec:dd:db:b5:33:fc:40:d8:83:e2:cb:cf:a0:8a:44:
         82:a2:ed:8f:74:1a:7c:51:3b:7a:8b:b8:bb:57:f3:b3:46:c2:
         d9:0f:7c:08:3c:c8:e8:3a:b1:72:b3:ba:5d:0c:6f:1e:3c:68:
         2b:48:0d:ae:f0:64:f5:a6:e9:76:aa:a8:9c:8c:2d:33:12:ad:
         2c:88:5e:54:fb:33:73:2d:48:d1:fb:84:6b:cf:ac:48:3a:0c:
         68:15:c5:46:6d:31:d6:e3:f8:64:a2:c6:1e:26:67:74:f0:29:
         3c:ee:81:27:1d:74:50:05:ba:96:d7:62:93:cc:ee:a2:0a:c5:
         fb:2c:a2:c8:a5:ad:9e:c3:08:0b:1d:92:65:5e:80:61:7f:38:
         f9:89:4f:c0:35:8b:9f:3e:cf:64:6d:ed:e2:ee:ed:96:35:5f:
         0e:c3:c3:98:04:2f:a2:c3:ff:fb:93:b5:b9:51:44:2b:84:14:
         74:ad:89:73:6a:8c:fb:8d:e8:6d:00:c1:9c:18:e4:5a:53:bc:
         fa:87:b3:be:73:0d:5a:02:3f:3e:b5:05:9c:47:8f:3c:77:71:
         c0:8d:2b:c6:dc:44:19:22:c8:0e:9b:fd:7a:9f:b2:7d:03:bc:
         09:37:77:26:27:69:46:22:09:83:52:30:5a:ee:55:1b:95:14:
         d3:f4:48:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUd+s7a0BVRMrbnrs0B2x9vx1taf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKDBGMTE3RjU2NkI5NkFDNTlERjdFRDY5MUI3NTM1QkI3MjYxMzY3NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClGGbUp5r7OMAEpSLKrslxIazI
ldMxr3IbKf7DFKP1IiUEUnQ7g9+7IWy5rpjj3Aq1hTsC6s8iXt3+U2Y6sg7i0GRG
LOmsEKUQAAQ2hv5OVIJmdLaZ9UZjoIlYoGzZDMBVQmah1Ffxi6KvXFMFusy38rAj
Soz80zbMii1L4522cTLJBpcN7ATrCj22d5hfCP2VU+1ma1exfU7+DCG3J1QrbQMI
pi3slYVbdm1aG6qxXFqovHeNYjKuL2V5EViZvjqHSs/HcKG3rMKOEtBjcNwIQoqo
nDbapNRMKzAHMWJ9WS5yomJhCitm/XO/IW15I4AiuDRo4MaSb0JC1r9IqMGJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDxF/VmuWrFnfftaRt1NbtyYTZ2YwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NzMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNJMA0GCSqGSIb3DQEBCwUAA4IBAQAQxMvs3du1M/xA2IPiy8+gikSCou2PdBp8
UTt6i7i7V/OzRsLZD3wIPMjoOrFys7pdDG8ePGgrSA2u8GT1pul2qqicjC0zEq0s
iF5U+zNzLUjR+4Rrz6xIOgxoFcVGbTHW4/hkosYeJmd08Ck87oEnHXRQBbqW12KT
zO6iCsX7LKLIpa2ewwgLHZJlXoBhfzj5iU/ANYufPs9kbe3i7u2WNV8Ow8OYBC+i
w//7k7W5UUQrhBR0rYlzaoz7jehtAMGcGORaU7z6h7O+cw1aAj8+tQWcR488d3HA
jSvG3EQZIsgOm/16n7J9A7wJN3cmJ2lGIgmDUjBa7lUblRTT9Ejx
-----END CERTIFICATE-----