Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          z1NQXtptxnnR2j+UIDIyMuWw0FuYQLHU43VYrOJ4Gzc=
Subject key identifier:   48:07:34:1E:23:0C:6B:18:1E:0D:6D:36:07:7B:83:51:8F:45:CD:3B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5809E2E22C57740BF01C037BD6F6B3116AB17960
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa
Signing time:             Mon 13 May 2024 07:15:49 +0000
ROA not before:           Mon 13 May 2024 07:10:49 +0000
ROA not after:            Mon 12 May 2025 07:15:49 +0000
asID:                     215287
IP address blocks:        146.103.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:09:e2:e2:2c:57:74:0b:f0:1c:03:7b:d6:f6:b3:11:6a:b1:79:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 13 07:10:49 2024 GMT
            Not After : May 12 07:15:49 2025 GMT
        Subject: CN=4807341E230C6B181E0D6D36077B83518F45CD3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:4c:1a:6e:54:ef:09:8a:9a:b6:cb:09:7d:
                    2b:8d:ad:7d:6d:5a:c4:cf:20:28:30:ca:0b:54:c5:
                    92:af:96:5b:05:fc:eb:66:04:4b:98:65:a5:28:8b:
                    8f:e4:61:64:93:e3:dd:ef:f5:ed:52:1f:95:5a:33:
                    57:d6:01:30:7e:0b:fd:35:25:06:3b:86:b5:d9:9a:
                    1d:6f:01:52:75:97:9b:d1:2d:23:59:b4:9e:53:ae:
                    8a:fd:8b:27:1b:a9:5e:14:50:7a:f0:50:e4:ee:c7:
                    b5:83:fd:d5:7d:7d:e6:63:1c:0f:b3:4f:0f:46:e9:
                    05:b3:04:9d:2c:2a:30:00:7f:ea:73:a5:36:37:f4:
                    88:81:f2:58:c2:34:03:5a:e5:53:1c:df:e5:8a:2d:
                    df:43:b7:4f:bb:01:c8:2f:b0:b7:22:ea:09:03:e4:
                    42:88:d3:2d:3f:62:59:b0:78:ee:50:6d:e8:70:bb:
                    01:ef:4b:fe:1d:14:4a:47:a3:0b:a7:dc:c4:f0:8e:
                    66:ee:9e:a3:81:ca:3b:c7:a4:d6:fe:e3:b1:4e:30:
                    60:1d:1f:d2:72:21:e4:cf:1a:8d:6e:f8:b7:6c:90:
                    7e:80:02:61:7c:3e:0b:2c:97:c4:70:b3:ee:2d:19:
                    32:c1:ab:04:b4:23:99:50:e7:02:cc:aa:07:31:a8:
                    d2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:07:34:1E:23:0C:6B:18:1E:0D:6D:36:07:7B:83:51:8F:45:CD:3B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e3:c8:42:9b:9b:00:76:e1:4f:56:5d:45:06:bb:2f:c3:9a:
         2f:bf:1d:8a:85:b7:b6:c8:01:e3:61:ea:cc:00:de:e1:35:ed:
         c5:2d:67:fe:ed:b0:72:f6:74:c5:fc:ab:21:e0:01:92:15:8f:
         5d:e0:74:c1:4b:24:e3:3a:31:e5:fb:15:08:90:8b:ac:ad:69:
         64:6e:dd:e5:6e:9a:27:53:22:e6:a1:d9:a5:8f:73:b9:9e:52:
         42:55:c1:0d:b3:bf:9e:2f:48:78:02:f6:6e:69:b0:7c:b6:f4:
         d8:d9:fa:52:45:2a:6d:c7:2d:6b:83:6d:65:6b:bb:36:14:a4:
         40:41:dd:4c:20:bb:89:fb:be:1d:4b:54:0d:45:d2:3d:59:24:
         0d:ed:77:9a:7e:c3:6b:14:74:02:42:e5:eb:e6:b8:95:8e:ee:
         a8:ca:6b:fc:d7:14:c9:f9:44:6a:da:10:97:73:e8:9a:a6:5f:
         13:f2:1f:d6:a4:9b:6f:af:03:5d:02:e0:ef:52:e2:53:84:ca:
         60:ea:a3:b5:55:cb:66:21:7d:e5:98:15:06:96:b4:46:3a:cc:
         ba:54:8f:1f:24:01:58:a0:63:6e:12:26:39:aa:66:72:56:52:
         af:46:ca:bf:d2:3b:06:29:b0:60:8c:7c:fe:0c:27:0f:a6:0e:
         fd:e6:d9:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWAni4ixXdAvwHAN71vazEWqxeWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MTMwNzEwNDlaFw0yNTA1MTIwNzE1NDlaMDMxMTAvBgNV
BAMTKDQ4MDczNDFFMjMwQzZCMTgxRTBENkQzNjA3N0I4MzUxOEY0NUNEM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi4EwablTvCYqatssJfSuNrX1t
WsTPICgwygtUxZKvllsF/OtmBEuYZaUoi4/kYWST493v9e1SH5VaM1fWATB+C/01
JQY7hrXZmh1vAVJ1l5vRLSNZtJ5Tror9iycbqV4UUHrwUOTux7WD/dV9feZjHA+z
Tw9G6QWzBJ0sKjAAf+pzpTY39IiB8ljCNANa5VMc3+WKLd9Dt0+7AcgvsLci6gkD
5EKI0y0/YlmweO5QbehwuwHvS/4dFEpHowun3MTwjmbunqOByjvHpNb+47FOMGAd
H9JyIeTPGo1u+LdskH6AAmF8Pgssl8Rws+4tGTLBqwS0I5lQ5wLMqgcxqNKrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSAc0HiMMaxgeDW02B3uDUY9FzTswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc5
MA0GCSqGSIb3DQEBCwUAA4IBAQCz48hCm5sAduFPVl1FBrsvw5ovvx2Khbe2yAHj
YerMAN7hNe3FLWf+7bBy9nTF/Ksh4AGSFY9d4HTBSyTjOjHl+xUIkIusrWlkbt3l
bponUyLmodmlj3O5nlJCVcENs7+eL0h4AvZuabB8tvTY2fpSRSptxy1rg21la7s2
FKRAQd1MILuJ+74dS1QNRdI9WSQN7XeafsNrFHQCQuXr5riVju6oymv81xTJ+URq
2hCXc+iapl8T8h/WpJtvrwNdAuDvUuJThMpg6qO1VctmIX3lmBUGlrRGOsy6VI8f
JAFYoGNuEiY5qmZyVlKvRsq/0jsGKbBgjHz+DCcPpg795tmj
-----END CERTIFICATE-----