Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215224.roa
File:                     AS215224.roa (raw, json)
Hash identifier:          d9qnuXOMO/YQw/eNiXIHnYEjie899Xr5693qbN/PxxU=
Subject key identifier:   2A:3C:46:83:56:3E:98:80:93:55:B5:FC:B9:30:64:68:11:B9:D5:62
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2CA2841563234D84930E45A899538E3A8BA9BAC9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215224.roa
Signing time:             Mon 20 Jan 2025 12:42:15 +0000
ROA not before:           Mon 20 Jan 2025 12:37:15 +0000
ROA not after:            Mon 19 Jan 2026 12:42:15 +0000
asID:                     215224
IP address blocks:        82.29.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:a2:84:15:63:23:4d:84:93:0e:45:a8:99:53:8e:3a:8b:a9:ba:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 20 12:37:15 2025 GMT
            Not After : Jan 19 12:42:15 2026 GMT
        Subject: CN=2A3C4683563E98809355B5FCB930646811B9D562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:9f:84:03:f4:0b:15:f6:99:5f:61:8b:50:
                    40:60:ec:b4:b0:aa:fe:5f:9a:b7:d0:0c:d7:78:91:
                    43:a7:c7:b9:f4:e6:3f:d3:ae:1c:b5:b7:c9:ce:07:
                    3f:2d:75:76:e4:59:84:15:6c:7a:16:e6:dc:60:0a:
                    cc:1d:d9:ac:74:eb:47:76:1e:5c:05:44:c2:61:f4:
                    69:2a:34:bd:85:bd:90:d6:6e:0a:08:1d:74:42:80:
                    6b:ab:2b:ab:a1:df:46:f5:c9:52:67:3f:33:b2:4c:
                    14:93:42:b7:f8:99:3c:8c:1d:33:8c:c6:2d:fe:ec:
                    00:60:06:52:e5:76:9c:9f:db:42:16:e5:51:79:3a:
                    6e:e8:c5:20:b6:d3:de:b3:3c:dc:5e:1b:eb:b5:ba:
                    3b:39:8c:1f:2e:37:bc:1c:64:27:3b:ae:71:4f:bf:
                    88:d9:79:3c:10:ec:e8:b3:0e:80:7f:f8:52:2f:4c:
                    ea:dd:64:6c:4e:9e:13:99:f2:3a:9f:38:11:cc:76:
                    f9:74:10:20:af:03:ab:e4:ef:a2:b1:5e:26:cf:5e:
                    38:f7:e6:10:56:95:00:f5:e3:19:c7:24:79:16:81:
                    9d:d9:ed:16:e5:01:04:68:4c:b9:f5:0f:4f:99:f6:
                    11:c9:a1:1c:83:6e:16:7a:ca:a0:a5:aa:1d:a8:33:
                    47:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3C:46:83:56:3E:98:80:93:55:B5:FC:B9:30:64:68:11:B9:D5:62
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:cd:89:c1:de:ad:69:db:ed:3e:aa:d0:f2:ad:49:24:d5:f1:
         72:37:49:73:49:55:1d:c9:5b:b9:60:ef:4e:b3:1f:7f:9e:42:
         64:9b:83:74:ee:89:08:29:4a:c8:5f:6f:86:01:b3:ed:af:0f:
         71:be:c9:60:c7:b2:4a:f8:f9:8d:43:34:f8:86:0a:8b:d2:66:
         c4:3f:8d:71:ff:38:16:35:53:6a:27:ef:97:f5:2d:b9:9b:a0:
         58:59:04:dd:8a:75:10:90:92:81:12:42:10:10:ba:12:50:f4:
         7a:6a:c9:77:d7:e8:71:3f:41:6d:f6:00:78:2c:9c:61:56:23:
         f4:81:d7:21:20:a2:12:25:57:4c:33:24:c7:fb:86:c7:38:dd:
         cb:c9:0a:e9:fb:c2:97:84:92:3e:27:f9:11:6e:a0:fc:39:f1:
         6c:fa:1c:21:2d:6f:ee:16:44:62:f9:73:17:63:d6:25:e6:13:
         27:d5:39:a5:be:92:dd:3a:b3:2f:1f:bb:50:32:57:7c:9e:e4:
         e6:5f:9c:45:23:15:3c:28:9d:cf:0b:69:00:23:1b:aa:e9:bb:
         8d:15:e2:e1:d5:58:70:84:eb:ab:62:4a:c3:4a:f6:e4:cb:d0:
         aa:39:c9:4b:d7:c2:3c:df:52:d7:5a:93:03:93:31:8b:f2:34:
         cf:e9:50:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULKKEFWMjTYSTDkWomVOOOoupuskwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjAxMjM3MTVaFw0yNjAxMTkxMjQyMTVaMDMxMTAvBgNV
BAMTKDJBM0M0NjgzNTYzRTk4ODA5MzU1QjVGQ0I5MzA2NDY4MTFCOUQ1NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrw5+EA/QLFfaZX2GLUEBg7LSw
qv5fmrfQDNd4kUOnx7n05j/Trhy1t8nOBz8tdXbkWYQVbHoW5txgCswd2ax060d2
HlwFRMJh9GkqNL2FvZDWbgoIHXRCgGurK6uh30b1yVJnPzOyTBSTQrf4mTyMHTOM
xi3+7ABgBlLldpyf20IW5VF5Om7oxSC2096zPNxeG+u1ujs5jB8uN7wcZCc7rnFP
v4jZeTwQ7OizDoB/+FIvTOrdZGxOnhOZ8jqfOBHMdvl0ECCvA6vk76KxXibPXjj3
5hBWlQD14xnHJHkWgZ3Z7RblAQRoTLn1D0+Z9hHJoRyDbhZ6yqClqh2oM0cxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKjxGg1Y+mICTVbX8uTBkaBG51WIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh0p
MA0GCSqGSIb3DQEBCwUAA4IBAQCQzYnB3q1p2+0+qtDyrUkk1fFyN0lzSVUdyVu5
YO9Osx9/nkJkm4N07okIKUrIX2+GAbPtrw9xvslgx7JK+PmNQzT4hgqL0mbEP41x
/zgWNVNqJ++X9S25m6BYWQTdinUQkJKBEkIQELoSUPR6asl31+hxP0Ft9gB4LJxh
ViP0gdchIKISJVdMMyTH+4bHON3LyQrp+8KXhJI+J/kRbqD8OfFs+hwhLW/uFkRi
+XMXY9Yl5hMn1TmlvpLdOrMvH7tQMld8nuTmX5xFIxU8KJ3PC2kAIxuq6buNFeLh
1VhwhOurYkrDSvbky9CqOclL18I831LXWpMDkzGL8jTP6VAq
-----END CERTIFICATE-----