Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215105.roa
File:                     AS215105.roa (raw, json)
Hash identifier:          x7xvu56GcW08UlVW+BuTPukFONJPZwTDsTX3fCWUou8=
Subject key identifier:   B4:7D:AA:AB:18:42:AF:44:CC:F2:EE:6A:17:95:AB:13:C8:96:34:7F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1FE260D93197CF19C5307ED8F64E739AED3BFB02
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215105.roa
Signing time:             Fri 23 Aug 2024 08:01:18 +0000
ROA not before:           Fri 23 Aug 2024 07:56:18 +0000
ROA not after:            Fri 22 Aug 2025 08:01:18 +0000
asID:                     215105
IP address blocks:        2a0f:85c1:3b5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:e2:60:d9:31:97:cf:19:c5:30:7e:d8:f6:4e:73:9a:ed:3b:fb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:18 2024 GMT
            Not After : Aug 22 08:01:18 2025 GMT
        Subject: CN=B47DAAAB1842AF44CCF2EE6A1795AB13C896347F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:4b:27:3f:8c:63:31:bd:51:da:df:de:3e:c5:
                    29:9c:f0:ef:c1:34:cf:80:6d:a4:c3:2e:41:e2:57:
                    4b:7f:d4:1f:b6:62:4c:2f:d1:2e:64:66:7d:17:1f:
                    9a:54:c9:3e:2c:1a:33:72:35:18:8a:5a:dc:2c:fb:
                    57:3b:c3:82:cb:8d:0f:d0:73:5e:f3:eb:67:84:c1:
                    ef:79:e3:36:bf:ee:e1:db:cd:87:c5:a9:ed:1f:b7:
                    b8:24:81:e2:15:12:76:5b:14:47:98:52:ff:8b:8b:
                    3c:52:bf:b0:e0:0e:5e:5b:0c:c5:b6:40:1e:d1:1d:
                    33:ac:4b:19:16:13:21:29:f1:01:56:65:f8:9e:b1:
                    8c:d7:23:a3:2c:52:6b:a1:9a:98:2d:11:ee:5a:28:
                    77:74:67:84:72:d4:76:f4:f8:26:5a:0d:f6:c9:c4:
                    b4:f2:39:3c:84:38:d2:85:8c:34:9f:a0:95:5c:a6:
                    d7:8d:66:9f:86:0e:1e:21:40:2b:42:63:96:da:07:
                    c6:f1:81:6c:9b:ed:31:15:f6:f2:55:ac:6f:0d:be:
                    8d:40:a0:b1:04:40:ea:bf:d7:cc:2c:ca:ec:dc:54:
                    6e:b3:75:93:59:18:30:cc:eb:f5:ae:32:a9:f6:a6:
                    dd:f2:d6:d9:bb:6f:28:09:37:6f:4f:71:f7:b0:cd:
                    1b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7D:AA:AB:18:42:AF:44:CC:F2:EE:6A:17:95:AB:13:C8:96:34:7F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215105.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b5::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:47:c6:3f:c8:80:54:84:03:6a:ba:bf:8f:ae:a9:37:d5:1f:
         36:d3:78:b3:37:7d:c2:fd:de:4d:0a:1a:f4:e6:03:2b:d7:83:
         04:51:96:82:8b:48:e5:80:59:53:bc:c6:e8:90:dd:1b:27:da:
         cf:be:8d:07:6c:34:c9:60:da:3b:4a:74:1a:d6:6c:38:d6:e7:
         a6:65:ea:9c:2c:4a:bf:54:03:db:71:be:33:bb:63:97:19:c9:
         2e:95:2c:69:0a:e9:7e:7e:02:aa:aa:f3:2d:1e:8e:1a:cc:d7:
         16:bd:2f:b4:8a:fa:84:68:c2:9e:b3:20:85:73:56:b5:ca:cd:
         42:f6:d2:e9:ef:89:aa:b1:df:9a:65:8c:9b:17:31:ae:a1:4e:
         ce:5b:c9:d5:96:84:01:e6:64:19:6d:0f:c8:2f:ac:b2:94:fc:
         d8:51:46:77:a6:bc:64:b1:99:79:ea:ec:be:2c:c9:30:9e:c9:
         5f:b6:cd:ca:38:ca:b6:80:6d:9c:8f:e1:49:08:b3:b1:94:a0:
         ba:a2:15:91:17:e6:e6:d2:95:f7:5d:11:d0:ea:f7:89:2c:46:
         01:f3:6b:18:f4:a1:a6:0a:35:02:a2:70:cd:cc:d7:f5:8d:3a:
         8b:a1:c6:8d:5d:cc:1f:b7:4e:56:da:89:27:be:5d:24:f7:eb:
         40:dc:88:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH+Jg2TGXzxnFMH7Y9k5zmu07+wIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MThaFw0yNTA4MjIwODAxMThaMDMxMTAvBgNV
BAMTKEI0N0RBQUFCMTg0MkFGNDRDQ0YyRUU2QTE3OTVBQjEzQzg5NjM0N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWSyc/jGMxvVHa394+xSmc8O/B
NM+AbaTDLkHiV0t/1B+2Ykwv0S5kZn0XH5pUyT4sGjNyNRiKWtws+1c7w4LLjQ/Q
c17z62eEwe954za/7uHbzYfFqe0ft7gkgeIVEnZbFEeYUv+LizxSv7DgDl5bDMW2
QB7RHTOsSxkWEyEp8QFWZfiesYzXI6MsUmuhmpgtEe5aKHd0Z4Ry1Hb0+CZaDfbJ
xLTyOTyEONKFjDSfoJVcpteNZp+GDh4hQCtCY5baB8bxgWyb7TEV9vJVrG8Nvo1A
oLEEQOq/18wsyuzcVG6zdZNZGDDM6/WuMqn2pt3y1tm7bygJN29PcfewzRthAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUtH2qqxhCr0TM8u5qF5WrE8iWNH8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO1MA0GCSqGSIb3DQEBCwUAA4IBAQAiR8Y/yIBUhANqur+Prqk31R8203izN33C
/d5NChr05gMr14MEUZaCi0jlgFlTvMbokN0bJ9rPvo0HbDTJYNo7SnQa1mw41uem
ZeqcLEq/VAPbcb4zu2OXGckulSxpCul+fgKqqvMtHo4azNcWvS+0ivqEaMKesyCF
c1a1ys1C9tLp74mqsd+aZYybFzGuoU7OW8nVloQB5mQZbQ/IL6yylPzYUUZ3prxk
sZl56uy+LMkwnslfts3KOMq2gG2cj+FJCLOxlKC6ohWRF+bm0pX3XRHQ6veJLEYB
82sY9KGmCjUConDNzNf1jTqLocaNXcwft05W2oknvl0k9+tA3Iih
-----END CERTIFICATE-----