Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215560.roa
File:                     AS215560.roa (raw, json)
Hash identifier:          mfggdHrUZkgExjqJEhQ6bE1anLQEv8FSBixERwDqaHc=
Subject key identifier:   77:0D:92:94:60:27:9D:44:8F:AE:B5:41:F1:51:04:6D:E5:7C:96:0D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0CE925F411E39818C45624014528C263670031CE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215560.roa
Signing time:             Tue 20 Feb 2024 03:11:31 +0000
ROA not before:           Tue 20 Feb 2024 03:06:31 +0000
ROA not after:            Tue 18 Feb 2025 03:11:31 +0000
asID:                     215560
IP address blocks:        45.151.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 16:22:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e9:25:f4:11:e3:98:18:c4:56:24:01:45:28:c2:63:67:00:31:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 20 03:06:31 2024 GMT
            Not After : Feb 18 03:11:31 2025 GMT
        Subject: CN=770D929460279D448FAEB541F151046DE57C960D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ec:05:3e:e8:68:02:12:c4:c3:a5:d0:79:33:
                    d6:1e:cf:d3:1c:11:a7:70:94:d4:b9:5c:c9:9b:2a:
                    93:51:0f:69:52:01:70:6a:43:a4:29:c4:f6:c4:77:
                    32:96:61:49:6b:41:94:c4:0c:db:ce:f2:09:fe:2c:
                    2a:68:89:fd:14:75:0c:43:cc:a8:57:e6:95:cf:3c:
                    99:33:30:2e:b1:13:06:c0:ad:8d:68:9b:85:12:cb:
                    19:7c:75:3d:2f:b2:3b:7f:25:27:fc:8c:47:77:5f:
                    d2:96:8d:af:c9:d2:f4:ee:2d:a2:77:88:c6:15:cd:
                    6c:63:27:69:d6:e3:2c:09:21:57:54:ed:5d:e6:55:
                    22:04:b0:1f:53:0f:45:88:12:6b:0f:bd:79:6c:1a:
                    02:42:fc:ef:76:5f:14:23:0d:45:5e:32:e6:18:47:
                    c0:45:80:c5:68:80:a7:a0:fe:9c:48:90:ce:74:a1:
                    b9:15:72:9b:2a:e7:9a:84:6b:9d:89:22:88:4a:b8:
                    84:bf:b8:d7:d3:62:8f:2f:ac:ad:2f:12:45:9c:c2:
                    82:53:0a:4b:bc:b3:6c:0e:8b:3e:34:7a:88:11:ca:
                    c8:8d:5b:57:bb:a3:1a:21:41:94:e1:82:7a:33:9a:
                    07:85:31:3a:bb:48:b1:da:ae:6b:d8:38:ba:69:b6:
                    d6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:0D:92:94:60:27:9D:44:8F:AE:B5:41:F1:51:04:6D:E5:7C:96:0D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS215560.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:b2:90:50:69:f3:8d:78:38:a0:3e:84:0f:9e:05:30:0a:88:
         5c:f8:04:b2:ce:ac:1a:5f:44:fb:f8:3b:35:e4:37:c8:93:53:
         2e:b0:81:2f:7d:a5:1f:6d:d2:d8:b1:09:03:1d:7a:1f:33:f1:
         40:2b:41:2e:8e:e8:ce:e2:41:71:81:50:67:f9:a5:e5:ad:50:
         e9:03:a8:bc:7f:a8:4e:8b:f2:fa:ee:52:73:9f:66:37:01:29:
         63:d0:f7:73:0f:8a:ff:c0:37:a3:3e:78:0a:5d:d7:8e:28:eb:
         49:04:da:62:af:fe:c7:b6:15:78:4f:5b:c2:ab:97:96:e1:98:
         21:4c:0b:d2:ed:58:90:7b:6c:f3:ee:b3:bc:49:66:44:37:c9:
         06:21:92:a3:39:42:70:08:b3:79:da:f1:67:80:e2:90:41:32:
         04:1c:77:04:a3:cb:d7:02:ae:cd:34:51:a4:c7:86:a7:56:55:
         d2:80:0d:a0:47:c3:3e:e9:79:a3:9d:3e:d7:c5:19:f1:da:74:
         75:32:98:68:2e:e7:68:6e:ef:8c:96:90:3d:6d:72:b0:81:ca:
         ec:98:0d:30:b2:84:6a:91:5e:1b:65:19:31:40:ac:6a:dc:f0:
         80:c5:12:b2:d9:82:72:a2:9a:64:a0:e7:80:99:f5:9c:f0:e4:
         05:cf:ab:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDOkl9BHjmBjEViQBRSjCY2cAMc4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjAwMzA2MzFaFw0yNTAyMTgwMzExMzFaMDMxMTAvBgNV
BAMTKDc3MEQ5Mjk0NjAyNzlENDQ4RkFFQjU0MUYxNTEwNDZERTU3Qzk2MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY7AU+6GgCEsTDpdB5M9Yez9Mc
EadwlNS5XMmbKpNRD2lSAXBqQ6QpxPbEdzKWYUlrQZTEDNvO8gn+LCpoif0UdQxD
zKhX5pXPPJkzMC6xEwbArY1om4USyxl8dT0vsjt/JSf8jEd3X9KWja/J0vTuLaJ3
iMYVzWxjJ2nW4ywJIVdU7V3mVSIEsB9TD0WIEmsPvXlsGgJC/O92XxQjDUVeMuYY
R8BFgMVogKeg/pxIkM50obkVcpsq55qEa52JIohKuIS/uNfTYo8vrK0vEkWcwoJT
Cku8s2wOiz40eogRysiNW1e7oxohQZThgnozmgeFMTq7SLHarmvYOLppttb7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdw2SlGAnnUSPrrVB8VEEbeV8lg0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE1NTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZcs
MA0GCSqGSIb3DQEBCwUAA4IBAQBEspBQafONeDigPoQPngUwCohc+ASyzqwaX0T7
+Ds15DfIk1MusIEvfaUfbdLYsQkDHXofM/FAK0EujujO4kFxgVBn+aXlrVDpA6i8
f6hOi/L67lJzn2Y3ASlj0PdzD4r/wDejPngKXdeOKOtJBNpir/7HthV4T1vCq5eW
4ZghTAvS7ViQe2zz7rO8SWZEN8kGIZKjOUJwCLN52vFngOKQQTIEHHcEo8vXAq7N
NFGkx4anVlXSgA2gR8M+6XmjnT7XxRnx2nR1MphoLudobu+MlpA9bXKwgcrsmA0w
soRqkV4bZRkxQKxq3PCAxRKy2YJyoppkoOeAmfWc8OQFz6sf
-----END CERTIFICATE-----