Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215084.roa
File:                     AS215084.roa (raw, json)
Hash identifier:          AcsHmoIAA0X6dwgKp+Kwk6xNr45co5I9sZ3IBNonv2c=
Subject key identifier:   6C:0C:01:87:14:33:85:D4:37:3B:02:D3:A4:44:52:C9:27:AF:96:36
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3CAA0641AD920E2FB32E8F8D403314CFE10D03E9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215084.roa
Signing time:             Fri 23 Aug 2024 08:01:16 +0000
ROA not before:           Fri 23 Aug 2024 07:56:16 +0000
ROA not after:            Fri 22 Aug 2025 08:01:16 +0000
asID:                     215084
IP address blocks:        2a0f:85c1:3c4::/48 maxlen: 48
                          2a0f:85c1:80f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:aa:06:41:ad:92:0e:2f:b3:2e:8f:8d:40:33:14:cf:e1:0d:03:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:16 2024 GMT
            Not After : Aug 22 08:01:16 2025 GMT
        Subject: CN=6C0C0187143385D4373B02D3A44452C927AF9636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d4:28:7d:77:c8:c4:dc:b7:d3:2e:5c:28:17:
                    78:cc:94:4c:48:58:82:95:69:1a:50:38:9b:b4:10:
                    33:bb:6c:a7:9b:2c:41:e1:eb:33:4d:f0:98:b0:0b:
                    6e:c7:02:92:7f:fb:d6:4c:ab:8a:ed:5c:6c:0d:ab:
                    61:1f:22:60:d3:be:94:24:3e:fa:cc:af:95:4c:16:
                    6e:71:49:d1:72:82:a0:0b:17:47:87:d7:7a:f5:04:
                    2b:49:f7:b5:3e:48:d9:f5:d2:14:11:12:a9:72:9d:
                    ca:cf:22:88:df:e4:b8:1d:4e:e8:8c:74:0b:5a:9e:
                    95:72:2c:f3:e9:7f:b0:d8:04:7d:35:0e:ef:1f:95:
                    56:18:32:69:c9:84:14:0e:d7:b1:d5:f4:66:27:fd:
                    dd:50:9b:26:ec:c2:55:e9:58:bb:b7:83:f7:f9:62:
                    b0:33:3d:0a:0e:81:3f:90:77:0f:65:ab:e3:8b:ec:
                    ff:dc:25:9d:b8:6c:6c:ae:27:e5:a1:b3:14:e7:c9:
                    dc:eb:10:08:93:63:bc:7b:a1:2f:d4:4d:49:96:89:
                    38:b3:3f:9a:98:3e:7b:dd:4c:2b:6f:8d:ce:30:08:
                    d8:f0:30:b9:b2:06:36:60:3f:f1:b0:36:ff:5c:82:
                    e0:1b:36:9e:96:c3:a3:da:2b:74:54:9b:ed:30:f1:
                    8f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:0C:01:87:14:33:85:D4:37:3B:02:D3:A4:44:52:C9:27:AF:96:36
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215084.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3c4::/48
                  2a0f:85c1:80f::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:15:eb:ff:1a:f8:c0:0d:03:2b:f7:f5:7b:6b:b4:d0:05:1c:
         d7:27:cc:45:9d:0d:c4:31:91:8e:69:2c:67:32:f4:45:ed:45:
         35:32:dd:90:df:64:38:00:1c:f9:d7:9e:96:85:23:54:61:be:
         c7:8e:4b:ee:39:16:60:7c:6e:e1:1e:73:0c:6a:66:bb:6e:9c:
         04:72:11:2b:37:92:e6:8e:02:04:15:92:c1:88:58:10:de:c5:
         a1:01:a0:21:cd:f5:37:cd:0c:51:c5:cf:88:c0:ee:00:0d:6f:
         72:69:c0:36:15:d0:9f:cd:92:e4:89:58:d3:e4:c0:f0:26:bd:
         93:5e:b4:75:2d:db:c3:14:6d:29:a7:66:f4:3d:d7:a1:b9:dc:
         3d:2c:d2:f6:10:69:9b:fc:6f:2b:d3:a0:cb:b4:ef:0c:62:5d:
         b9:a7:e8:f2:a3:da:87:8d:9d:ef:d6:67:0a:f7:7c:ef:bc:df:
         0a:ef:99:19:68:2f:51:87:78:02:ff:6e:fe:ef:40:77:28:0b:
         1e:36:b1:55:01:97:c3:8d:06:17:5c:dd:16:3f:cd:86:57:02:
         cb:35:21:6a:9d:36:8c:0e:9e:eb:e2:90:8e:d1:57:e8:fc:dd:
         62:92:f3:bb:68:70:c6:7a:b8:a8:41:b8:9e:d1:56:c6:98:02:
         e2:8d:8c:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUPKoGQa2SDi+zLo+NQDMUz+ENA+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTZaFw0yNTA4MjIwODAxMTZaMDMxMTAvBgNV
BAMTKDZDMEMwMTg3MTQzMzg1RDQzNzNCMDJEM0E0NDQ1MkM5MjdBRjk2MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr1Ch9d8jE3LfTLlwoF3jMlExI
WIKVaRpQOJu0EDO7bKebLEHh6zNN8JiwC27HApJ/+9ZMq4rtXGwNq2EfImDTvpQk
PvrMr5VMFm5xSdFygqALF0eH13r1BCtJ97U+SNn10hQREqlyncrPIojf5LgdTuiM
dAtanpVyLPPpf7DYBH01Du8flVYYMmnJhBQO17HV9GYn/d1QmybswlXpWLu3g/f5
YrAzPQoOgT+Qdw9lq+OL7P/cJZ24bGyuJ+WhsxTnydzrEAiTY7x7oS/UTUmWiTiz
P5qYPnvdTCtvjc4wCNjwMLmyBjZgP/GwNv9cguAbNp6Ww6PaK3RUm+0w8Y8rAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUbAwBhxQzhdQ3OwLTpERSySevljYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQPEAwcAKg+FwQgPMA0GCSqGSIb3DQEBCwUAA4IBAQAJFev/GvjADQMr9/V7a7TQ
BRzXJ8xFnQ3EMZGOaSxnMvRF7UU1Mt2Q32Q4ABz5156WhSNUYb7HjkvuORZgfG7h
HnMMama7bpwEchErN5LmjgIEFZLBiFgQ3sWhAaAhzfU3zQxRxc+IwO4ADW9yacA2
FdCfzZLkiVjT5MDwJr2TXrR1LdvDFG0pp2b0Pdehudw9LNL2EGmb/G8r06DLtO8M
Yl25p+jyo9qHjZ3v1mcK93zvvN8K75kZaC9Rh3gC/27+70B3KAseNrFVAZfDjQYX
XN0WP82GVwLLNSFqnTaMDp7r4pCO0Vfo/N1ikvO7aHDGerioQbie0VbGmALijYzX
-----END CERTIFICATE-----