Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215810.roa
File:                     AS215810.roa (raw, json)
Hash identifier:          xBvZC752oVdEwwX4NaM01bMMj0nmNac8L3yj2fnAu3Q=
Subject key identifier:   81:C9:E2:3B:2B:36:02:FF:DE:39:81:BD:70:47:31:73:3C:03:DF:19
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       08AD248D626070BF33481AC430B4A5CB4A9D5C75
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215810.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     215810
IP address blocks:        2a0f:85c1:340::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ad:24:8d:62:60:70:bf:33:48:1a:c4:30:b4:a5:cb:4a:9d:5c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=81C9E23B2B3602FFDE3981BD704731733C03DF19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:70:62:d3:62:bd:57:d2:df:0f:f2:07:f7:91:
                    19:1e:34:d9:16:d2:76:69:00:6d:65:89:9c:46:77:
                    0b:0c:ff:ca:39:01:11:d8:8c:10:cb:9f:4e:77:1b:
                    fd:44:af:eb:16:5c:1e:40:40:09:ee:2c:e8:80:9f:
                    ed:06:a8:05:64:42:e8:de:51:65:d8:dd:98:0b:f8:
                    54:75:7e:93:86:cc:52:f9:f9:27:cb:07:38:19:33:
                    58:d3:4e:ed:93:65:fc:80:73:d5:d5:08:93:71:ce:
                    7d:e2:24:92:47:06:9c:97:22:e3:a2:16:be:52:8e:
                    89:53:eb:7a:77:f4:f9:b0:91:a9:bb:96:51:4f:1c:
                    33:59:c5:8d:fd:56:79:fe:da:e3:a1:79:32:f9:ff:
                    51:31:b7:86:2b:73:24:a3:2f:fa:44:57:1e:27:ec:
                    9e:78:94:b3:48:a4:7f:67:7c:f6:b2:5c:1b:a8:c9:
                    f5:76:7d:e9:5f:8d:99:91:53:0a:5e:07:60:49:fd:
                    7d:0e:e0:67:43:b1:6e:b1:c0:08:9d:51:d6:fe:19:
                    ad:1c:d9:fb:f3:81:60:1d:e3:a2:c4:3e:ec:91:18:
                    16:19:00:d8:e2:c9:78:f5:a0:98:5e:a4:58:e9:bf:
                    38:fd:8d:d3:61:54:2f:c1:07:f5:3b:38:c3:8d:3a:
                    85:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C9:E2:3B:2B:36:02:FF:DE:39:81:BD:70:47:31:73:3C:03:DF:19
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:340::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:1f:cf:27:83:65:6e:b3:3d:1b:72:f1:7e:6e:cc:ca:55:c6:
         0b:97:0b:bc:3b:f8:f7:78:3e:6e:05:3f:7a:6a:c1:ea:1d:4c:
         c6:a9:73:b8:91:f8:67:84:39:b2:3b:40:dd:d4:8e:a9:94:42:
         98:9c:5d:d5:7f:cf:85:a6:d5:3c:0e:a0:22:99:99:2b:5f:2f:
         57:4c:ff:43:4e:b3:85:93:f5:5e:af:b7:15:04:3e:d8:b5:50:
         5a:ae:9b:41:da:94:3c:a9:44:6b:7c:d8:23:4c:54:a1:4b:81:
         0e:5c:28:d3:68:ad:db:0b:bb:7b:37:df:df:4d:e4:55:8b:e8:
         96:fb:02:73:18:4b:12:04:e4:57:c8:59:cb:9e:e1:39:35:57:
         cd:53:8c:e3:a8:c0:62:dc:bb:3d:ec:eb:01:6f:b3:76:68:85:
         91:8d:0c:a1:7f:e7:f7:80:20:fd:11:2c:25:0d:a6:13:ce:c4:
         f7:af:e4:98:44:11:33:f1:15:df:ee:eb:8d:ae:33:91:2e:35:
         69:e7:a3:db:29:8a:98:2d:6f:f2:55:12:4d:85:7b:2f:5b:fe:
         de:82:5f:77:aa:f4:12:6e:4b:a1:45:12:a5:08:62:c4:b5:b3:
         a4:e6:bb:e5:93:bc:21:d6:4e:60:36:5f:89:67:be:28:9c:2a:
         28:39:ce:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCK0kjWJgcL8zSBrEMLSly0qdXHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKDgxQzlFMjNCMkIzNjAyRkZERTM5ODFCRDcwNDczMTczM0MwM0RGMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFcGLTYr1X0t8P8gf3kRkeNNkW
0nZpAG1liZxGdwsM/8o5ARHYjBDLn053G/1Er+sWXB5AQAnuLOiAn+0GqAVkQuje
UWXY3ZgL+FR1fpOGzFL5+SfLBzgZM1jTTu2TZfyAc9XVCJNxzn3iJJJHBpyXIuOi
Fr5SjolT63p39Pmwkam7llFPHDNZxY39Vnn+2uOheTL5/1Ext4YrcySjL/pEVx4n
7J54lLNIpH9nfPayXBuoyfV2felfjZmRUwpeB2BJ/X0O4GdDsW6xwAidUdb+Ga0c
2fvzgWAd46LEPuyRGBYZANjiyXj1oJhepFjpvzj9jdNhVC/BB/U7OMONOoVlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgcniOys2Av/eOYG9cEcxczwD3xkwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1ODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNAMA0GCSqGSIb3DQEBCwUAA4IBAQBaH88ng2Vusz0bcvF+bszKVcYLlwu8O/j3
eD5uBT96asHqHUzGqXO4kfhnhDmyO0Dd1I6plEKYnF3Vf8+FptU8DqAimZkrXy9X
TP9DTrOFk/Ver7cVBD7YtVBarptB2pQ8qURrfNgjTFShS4EOXCjTaK3bC7t7N9/f
TeRVi+iW+wJzGEsSBORXyFnLnuE5NVfNU4zjqMBi3Ls97OsBb7N2aIWRjQyhf+f3
gCD9ESwlDaYTzsT3r+SYRBEz8RXf7uuNrjORLjVp56PbKYqYLW/yVRJNhXsvW/7e
gl93qvQSbkuhRRKlCGLEtbOk5rvlk7wh1k5gNl+JZ74onCooOc5U
-----END CERTIFICATE-----