Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          TbcQbtdsDYaPxZD0EbAtVnGSmg9kcT7vzqrHCgRs6Fc=
Subject key identifier:   28:69:DB:EA:F0:81:44:48:2A:AF:47:9C:A8:0F:BD:33:DD:AB:1E:67
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       586C4E16F8D034A87606AF737155AFD556FA0387
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215304.roa
Signing time:             Mon 28 Oct 2024 11:30:42 +0000
ROA not before:           Mon 28 Oct 2024 11:25:42 +0000
ROA not after:            Mon 27 Oct 2025 11:30:42 +0000
asID:                     215304
IP address blocks:        140.233.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:6c:4e:16:f8:d0:34:a8:76:06:af:73:71:55:af:d5:56:fa:03:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 28 11:25:42 2024 GMT
            Not After : Oct 27 11:30:42 2025 GMT
        Subject: CN=2869DBEAF08144482AAF479CA80FBD33DDAB1E67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:51:61:64:ca:df:71:7c:6b:4f:fb:a9:eb:
                    d5:f6:6b:ae:da:ee:9c:ce:5c:ae:3f:a9:0e:d3:3c:
                    ce:1b:fc:87:91:97:aa:58:4e:d1:d1:08:63:9e:18:
                    cd:e7:29:6d:65:d9:7c:3e:7b:a6:ed:67:d6:55:9c:
                    06:d7:03:05:61:fa:fd:9b:1f:7a:af:15:46:1d:5e:
                    55:9a:fe:77:6a:10:18:43:69:b5:38:8e:dd:ee:73:
                    42:3c:06:62:ca:84:cc:5f:d1:07:43:e0:2a:58:a7:
                    c8:bb:b1:51:7d:92:c7:2f:85:8b:95:31:77:9b:1e:
                    e2:b0:06:6e:16:ac:ae:fc:d5:f7:6f:05:33:04:82:
                    ce:c3:7c:4d:da:68:19:6a:dd:88:54:91:fb:e6:ce:
                    a8:65:4e:17:01:e6:02:e9:c3:a0:6c:12:99:08:fc:
                    89:cb:0d:68:35:ce:54:6f:e3:a3:b8:d1:72:e2:e4:
                    5a:6b:dc:fc:14:dc:3c:02:f8:0e:7b:a8:6e:a7:d3:
                    b4:f1:b4:fa:23:59:8a:b8:ee:8e:82:c5:e0:98:91:
                    32:77:68:c7:ef:12:f7:5b:17:08:7d:5e:0d:6c:d1:
                    0f:6e:66:d9:f4:16:46:d1:0a:8e:d9:a3:f3:f2:47:
                    d0:86:cc:62:e2:bf:b9:f6:12:6e:d4:54:b2:49:16:
                    de:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:69:DB:EA:F0:81:44:48:2A:AF:47:9C:A8:0F:BD:33:DD:AB:1E:67
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:6b:b1:78:3c:91:c0:f7:b5:74:5b:ee:d1:d2:a8:a4:43:c4:
         c8:52:13:61:c8:09:3a:c0:9a:e4:74:60:cd:58:a6:11:57:59:
         96:03:86:c8:e8:d8:4f:df:84:c3:9d:59:00:28:5a:60:ad:d3:
         9b:9a:03:38:fe:9b:9e:85:19:55:d1:43:32:0c:1f:b3:42:9e:
         51:98:b1:92:02:f5:1d:cb:1c:45:38:7f:3c:60:56:67:db:96:
         41:8a:de:14:d4:e8:3f:ca:26:6b:02:2e:ba:48:b7:3d:01:dd:
         3c:32:50:15:8c:a3:01:b1:ca:0c:cf:b9:a6:e2:bd:fc:43:4b:
         f0:aa:0e:9a:4b:32:b3:10:6b:fb:ff:ee:42:82:d6:d2:65:e1:
         ac:55:05:aa:b8:15:d1:4f:39:3b:b9:df:c2:44:c9:f4:1a:13:
         2b:4a:51:6b:3f:9f:52:82:42:43:37:bf:36:c3:85:5a:65:a7:
         7f:6c:0f:4b:37:14:49:9e:5e:4c:4d:50:73:b3:2b:89:26:c0:
         af:f0:3c:46:3e:28:51:57:2c:68:fb:b2:0c:fc:3b:da:35:b2:
         ac:5f:8d:2e:ef:32:c6:3f:c7:7a:74:11:85:54:b0:a9:47:f4:
         ee:ed:d8:b6:52:ed:74:20:5d:44:db:f2:10:21:6f:7a:46:7f:
         7a:c2:36:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWGxOFvjQNKh2Bq9zcVWv1Vb6A4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEwMjgxMTI1NDJaFw0yNTEwMjcxMTMwNDJaMDMxMTAvBgNV
BAMTKDI4NjlEQkVBRjA4MTQ0NDgyQUFGNDc5Q0E4MEZCRDMzRERBQjFFNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8GVFhZMrfcXxrT/up69X2a67a
7pzOXK4/qQ7TPM4b/IeRl6pYTtHRCGOeGM3nKW1l2Xw+e6btZ9ZVnAbXAwVh+v2b
H3qvFUYdXlWa/ndqEBhDabU4jt3uc0I8BmLKhMxf0QdD4CpYp8i7sVF9kscvhYuV
MXebHuKwBm4WrK781fdvBTMEgs7DfE3aaBlq3YhUkfvmzqhlThcB5gLpw6BsEpkI
/InLDWg1zlRv46O40XLi5Fpr3PwU3DwC+A57qG6n07TxtPojWYq47o6CxeCYkTJ3
aMfvEvdbFwh9Xg1s0Q9uZtn0FkbRCo7Zo/PyR9CGzGLiv7n2Em7UVLJJFt6bAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKGnb6vCBREgqr0ecqA+9M92rHmcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm5
MA0GCSqGSIb3DQEBCwUAA4IBAQBVa7F4PJHA97V0W+7R0qikQ8TIUhNhyAk6wJrk
dGDNWKYRV1mWA4bI6NhP34TDnVkAKFpgrdObmgM4/puehRlV0UMyDB+zQp5RmLGS
AvUdyxxFOH88YFZn25ZBit4U1Og/yiZrAi66SLc9Ad08MlAVjKMBscoMz7mm4r38
Q0vwqg6aSzKzEGv7/+5CgtbSZeGsVQWquBXRTzk7ud/CRMn0GhMrSlFrP59SgkJD
N782w4VaZad/bA9LNxRJnl5MTVBzsyuJJsCv8DxGPihRVyxo+7IM/DvaNbKsX40u
7zLGP8d6dBGFVLCpR/Tu7di2Uu10IF1E2/IQIW96Rn96wjbT
-----END CERTIFICATE-----