Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215993.roa
File:                     AS215993.roa (raw, json)
Hash identifier:          txMlS57+0bcKdzM8aKugXjiHPZHnCj35y7oXq/ReGCY=
Subject key identifier:   4F:ED:4B:A5:C9:3A:0D:5D:6C:C2:B5:A9:A0:83:87:B2:3C:05:11:FB
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       19E2ED3F6D774793B138F0EE3F1600D6B04C9D8A
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215993.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     215993
IP address blocks:        2a0f:85c1:298::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:e2:ed:3f:6d:77:47:93:b1:38:f0:ee:3f:16:00:d6:b0:4c:9d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=4FED4BA5C93A0D5D6CC2B5A9A08387B23C0511FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c4:95:a5:f9:96:ff:25:2a:50:99:0b:39:09:
                    16:df:19:bc:3a:e7:99:80:02:5e:12:39:7b:d6:53:
                    a4:63:dd:90:09:a3:13:88:63:09:32:d4:a2:8c:15:
                    a5:88:83:37:79:88:c7:79:3b:99:1a:50:0b:10:23:
                    44:9d:15:bf:85:c4:dc:28:87:c7:c1:dd:dc:d4:7d:
                    4a:af:dc:ba:86:4b:b0:39:23:e4:90:0d:f5:33:d3:
                    01:77:59:74:ec:40:6d:b0:54:86:df:e4:4a:15:05:
                    d4:e9:42:d6:d8:54:c7:32:4a:18:e8:d0:ff:f6:0d:
                    32:0b:c3:0f:b2:30:65:f3:1e:e5:4d:13:f1:9b:2c:
                    b0:6c:da:9e:1c:88:0b:2d:5e:ad:aa:a8:9a:3b:ad:
                    d5:a6:2c:bb:27:fe:67:a2:12:29:1e:c8:13:2c:38:
                    ce:af:6c:50:cd:d8:30:08:7f:43:47:b8:44:d9:5d:
                    d5:d1:4b:8a:7f:37:74:d2:3f:76:7a:7b:40:4b:40:
                    e3:d8:35:68:fc:ec:80:34:d0:4d:91:f2:4b:69:72:
                    e8:c4:be:88:b0:11:7c:2f:f6:fd:17:78:16:bf:39:
                    67:7c:f3:63:d5:7f:f3:b4:89:e6:68:9f:73:74:c2:
                    15:36:ba:25:f8:a7:33:cd:26:aa:5b:59:44:42:44:
                    d2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:ED:4B:A5:C9:3A:0D:5D:6C:C2:B5:A9:A0:83:87:B2:3C:05:11:FB
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:298::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:a4:2c:7e:72:fa:a2:8b:19:2f:c1:e7:3b:a5:23:56:d5:0d:
         f5:06:da:06:6d:c1:d1:6e:4e:c6:c9:73:ae:c7:80:6c:e0:fc:
         66:42:c7:07:05:68:7e:af:6f:69:a9:99:60:96:59:27:fe:53:
         06:58:55:ac:8a:11:31:66:fa:28:ee:3b:a5:99:24:71:e6:fe:
         e3:c4:e3:2a:a5:68:90:98:22:38:75:d1:27:37:bd:2d:fd:b3:
         86:fc:21:2a:54:8e:b8:68:9d:67:97:86:ae:6e:fc:4f:c2:47:
         f8:b4:f7:a7:1d:ad:d9:fe:75:93:fb:7f:56:28:3d:cd:41:8b:
         f6:28:1e:2a:05:2e:00:b1:58:52:0c:33:78:7d:08:6e:87:2c:
         ba:56:cf:c2:43:d7:db:6a:26:6a:89:ef:42:e2:ad:29:fc:9b:
         81:46:b2:d8:bd:f6:30:01:7c:c0:04:41:c8:56:eb:ef:b7:72:
         34:ae:86:d1:d0:b7:b8:9d:25:53:ac:e0:64:1f:6a:b7:06:93:
         67:9b:95:0f:01:1d:31:68:aa:16:ce:87:de:cc:5b:04:3c:b5:
         49:9c:82:7d:42:7b:3c:29:af:cd:e0:56:e3:5c:ed:bb:21:42:
         a4:72:9c:6c:63:c4:21:4e:61:5f:62:97:bf:57:83:c5:05:32:
         d4:57:45:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGeLtP213R5OxOPDuPxYA1rBMnYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKDRGRUQ0QkE1QzkzQTBENUQ2Q0MyQjVBOUEwODM4N0IyM0MwNTExRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChxJWl+Zb/JSpQmQs5CRbfGbw6
55mAAl4SOXvWU6Rj3ZAJoxOIYwky1KKMFaWIgzd5iMd5O5kaUAsQI0SdFb+FxNwo
h8fB3dzUfUqv3LqGS7A5I+SQDfUz0wF3WXTsQG2wVIbf5EoVBdTpQtbYVMcyShjo
0P/2DTILww+yMGXzHuVNE/GbLLBs2p4ciAstXq2qqJo7rdWmLLsn/meiEikeyBMs
OM6vbFDN2DAIf0NHuETZXdXRS4p/N3TSP3Z6e0BLQOPYNWj87IA00E2R8ktpcujE
voiwEXwv9v0XeBa/OWd882PVf/O0ieZon3N0whU2uiX4pzPNJqpbWURCRNKlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUT+1Lpck6DV1swrWpoIOHsjwFEfswHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1OTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQKYMA0GCSqGSIb3DQEBCwUAA4IBAQAQpCx+cvqiixkvwec7pSNW1Q31BtoGbcHR
bk7GyXOux4Bs4PxmQscHBWh+r29pqZlgllkn/lMGWFWsihExZvoo7julmSRx5v7j
xOMqpWiQmCI4ddEnN70t/bOG/CEqVI64aJ1nl4aubvxPwkf4tPenHa3Z/nWT+39W
KD3NQYv2KB4qBS4AsVhSDDN4fQhuhyy6Vs/CQ9fbaiZqie9C4q0p/JuBRrLYvfYw
AXzABEHIVuvvt3I0robR0Le4nSVTrOBkH2q3BpNnm5UPAR0xaKoWzofezFsEPLVJ
nIJ9Qns8Ka/N4FbjXO27IUKkcpxsY8QhTmFfYpe/V4PFBTLUV0Xh
-----END CERTIFICATE-----