Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215791.roa
File:                     AS215791.roa (raw, json)
Hash identifier:          jAgi+VByia57DfpeDLUfkSwuEoXXWFPeOsA08XfeJIU=
Subject key identifier:   55:74:37:1C:4B:5D:CC:08:06:5D:E4:0C:67:37:8D:EB:5A:C1:04:10
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       4573D0BF371289C13B2803C98674BE3B6188A61F
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215791.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215791
IP address blocks:        2a0f:85c1:348::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:73:d0:bf:37:12:89:c1:3b:28:03:c9:86:74:be:3b:61:88:a6:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=5574371C4B5DCC08065DE40C67378DEB5AC10410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:25:1f:2a:4f:14:ad:93:5c:12:08:75:f1:
                    51:1c:49:bb:c5:59:61:8f:c0:dc:e4:96:bf:57:a6:
                    2a:78:ab:ce:bf:82:01:11:3c:31:59:1f:66:f2:e6:
                    81:ef:c0:9e:1d:2c:41:5e:fb:3f:87:70:6a:ab:71:
                    50:20:87:39:5d:ca:9f:30:76:0e:17:f0:86:50:54:
                    e9:23:12:7a:ae:51:18:a0:ab:f7:fb:26:de:e7:99:
                    bb:65:27:52:2b:d8:5f:57:07:87:98:ad:be:6d:36:
                    fd:05:82:ff:cd:5b:df:b2:6e:ae:44:94:e0:c6:e6:
                    a8:19:db:75:5b:fb:5a:a9:ba:b4:b6:e7:74:bf:4e:
                    c9:b5:4d:74:2e:7b:77:4f:da:ae:7a:f8:3a:ec:2f:
                    31:9e:5e:44:0d:79:cb:71:d9:e4:f4:14:e5:27:55:
                    15:08:41:65:f9:e6:a7:05:fa:ae:2e:fd:85:57:87:
                    88:4d:02:c8:ab:45:51:54:f3:61:94:a8:d6:91:1e:
                    a5:46:59:a6:f5:f8:ce:87:f2:dc:ea:cd:8d:77:3b:
                    88:a6:31:2f:12:1a:3c:b5:7a:0a:98:9e:82:1b:5d:
                    bc:17:c2:cf:5c:47:aa:0e:34:3c:8d:34:b5:f6:1b:
                    96:9b:cf:6c:f6:62:d2:8a:45:a6:60:6e:14:47:c7:
                    cc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:74:37:1C:4B:5D:CC:08:06:5D:E4:0C:67:37:8D:EB:5A:C1:04:10
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:348::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:9a:98:97:62:33:6d:7d:48:63:e8:fb:68:89:b2:dd:cc:55:
         3f:e8:1e:36:80:a4:fa:94:b6:7a:19:3d:ef:3a:f7:4d:e8:af:
         f7:f0:3e:4f:b6:f9:35:3b:f5:62:3f:dc:95:32:4d:63:87:a1:
         c4:bb:79:ed:e6:ca:14:02:09:eb:68:ba:2b:98:bb:bb:f0:ed:
         31:e4:27:38:79:a7:b4:82:a7:4f:49:4f:df:86:28:1e:9b:4c:
         6f:af:44:f2:af:69:41:33:a8:24:2f:38:02:fc:fc:4b:ce:22:
         a3:1d:ef:25:98:64:aa:7c:7e:96:4f:e8:ad:c8:1f:2f:18:dd:
         f2:15:c2:ea:ae:86:06:bf:16:4b:db:57:6c:1a:4a:4b:14:05:
         33:11:61:c6:b0:f6:b2:31:c5:cd:da:ec:d3:2e:e1:8d:63:a3:
         09:14:68:f7:28:e3:9b:51:69:85:f0:de:26:03:54:e4:d8:f9:
         7b:80:23:e5:f8:60:fb:c8:d3:ad:61:ac:cf:d9:6b:cb:77:04:
         ad:58:11:2b:ab:29:54:ec:fc:f2:a9:48:aa:53:3a:d2:42:84:
         ff:35:0c:5c:25:fb:e5:5a:af:48:59:1e:36:2b:81:72:86:54:
         73:55:c9:03:32:1b:43:f9:0d:4b:b9:60:e4:c4:2c:ba:cd:2b:
         19:16:08:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURXPQvzcSicE7KAPJhnS+O2GIph8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDU1NzQzNzFDNEI1RENDMDgwNjVERTQwQzY3Mzc4REVCNUFDMTA0MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9SCUfKk8UrZNcEgh18VEcSbvF
WWGPwNzklr9Xpip4q86/ggERPDFZH2by5oHvwJ4dLEFe+z+HcGqrcVAghzldyp8w
dg4X8IZQVOkjEnquURigq/f7Jt7nmbtlJ1Ir2F9XB4eYrb5tNv0Fgv/NW9+ybq5E
lODG5qgZ23Vb+1qpurS253S/Tsm1TXQue3dP2q56+DrsLzGeXkQNectx2eT0FOUn
VRUIQWX55qcF+q4u/YVXh4hNAsirRVFU82GUqNaRHqVGWab1+M6H8tzqzY13O4im
MS8SGjy1egqYnoIbXbwXws9cR6oONDyNNLX2G5abz2z2YtKKRaZgbhRHx8xrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVXQ3HEtdzAgGXeQMZzeN61rBBBAwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNIMA0GCSqGSIb3DQEBCwUAA4IBAQBbmpiXYjNtfUhj6PtoibLdzFU/6B42gKT6
lLZ6GT3vOvdN6K/38D5Ptvk1O/ViP9yVMk1jh6HEu3nt5soUAgnraLormLu78O0x
5Cc4eae0gqdPSU/fhigem0xvr0Tyr2lBM6gkLzgC/PxLziKjHe8lmGSqfH6WT+it
yB8vGN3yFcLqroYGvxZL21dsGkpLFAUzEWHGsPayMcXN2uzTLuGNY6MJFGj3KOOb
UWmF8N4mA1Tk2Pl7gCPl+GD7yNOtYazP2WvLdwStWBErqylU7PzyqUiqUzrSQoT/
NQxcJfvlWq9IWR42K4FyhlRzVckDMhtD+Q1LuWDkxCy6zSsZFgjT
-----END CERTIFICATE-----