Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215111.roa
File:                     AS215111.roa (raw, json)
Hash identifier:          TVnlFUDBWa2UXMGNfXOdUA/m87qwjuOe+o9JojfIdRQ=
Subject key identifier:   76:B3:70:F6:1F:09:D7:C1:2E:2D:45:5E:8D:71:D0:03:91:4B:68:79
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4AFEC0604E39CD45FD872CB61ED788A74FD909AF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215111.roa
Signing time:             Fri 23 Aug 2024 08:01:15 +0000
ROA not before:           Fri 23 Aug 2024 07:56:15 +0000
ROA not after:            Fri 22 Aug 2025 08:01:15 +0000
asID:                     215111
IP address blocks:        2a0f:85c1:3be::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:fe:c0:60:4e:39:cd:45:fd:87:2c:b6:1e:d7:88:a7:4f:d9:09:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:15 2024 GMT
            Not After : Aug 22 08:01:15 2025 GMT
        Subject: CN=76B370F61F09D7C12E2D455E8D71D003914B6879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3c:30:71:44:65:a9:4f:3a:ec:0c:f5:d0:3f:
                    41:ff:1c:52:79:f8:f0:fb:bf:8f:d5:94:49:65:1d:
                    7f:8e:a6:89:82:da:c8:fb:3c:d3:6b:0b:cc:9f:58:
                    d7:06:5e:ae:f8:47:32:60:3f:5d:9d:47:08:c7:02:
                    ad:89:d8:b6:39:f3:66:07:bf:81:54:09:47:41:b0:
                    a5:e8:60:64:bc:c5:7b:40:d5:63:36:4f:ae:ae:39:
                    5b:d3:28:b7:bc:10:d8:47:1b:94:c2:c9:b4:db:b5:
                    a1:96:c0:c5:0e:dc:9c:b0:8a:94:d6:dc:5f:a4:41:
                    59:2a:7f:71:b8:6a:33:9b:59:19:c9:bf:66:c3:c3:
                    30:78:e3:ac:b5:92:12:35:91:9e:0b:ab:50:96:13:
                    25:ff:9d:45:e0:ce:32:bd:b4:6c:64:a4:1c:98:aa:
                    e5:3c:eb:05:41:f8:0b:36:37:95:b7:9b:5a:ac:3f:
                    d2:f2:66:bc:d7:0b:79:5b:fb:8b:a7:a0:37:03:f9:
                    60:78:ec:f4:46:79:a2:a3:a5:97:84:5d:95:bc:39:
                    c7:ef:91:b1:48:27:5f:0f:c7:d9:0c:75:81:f6:68:
                    0e:79:62:33:61:2d:06:2a:05:1b:83:20:94:9f:39:
                    d1:8e:4e:00:93:ae:c1:2f:91:a1:7a:49:7a:b4:23:
                    47:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B3:70:F6:1F:09:D7:C1:2E:2D:45:5E:8D:71:D0:03:91:4B:68:79
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3be::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:f6:2d:9b:b9:e7:40:93:bb:c9:e4:c4:b0:50:11:15:22:81:
         c3:93:21:bd:64:d3:10:fe:c6:f1:ca:75:17:e2:82:5d:54:3e:
         54:f0:60:56:9c:d8:c0:1a:9b:c4:6c:6a:a2:d9:67:5d:a7:d4:
         f5:38:9e:ee:97:57:0f:ab:09:22:6e:72:5d:51:d9:23:b0:51:
         04:e1:c9:31:e0:ee:65:80:64:cc:aa:02:5f:73:76:cd:6b:d1:
         6c:65:d3:f3:6a:45:db:fc:d4:69:c4:97:f5:b7:d9:5c:8b:5a:
         a6:a6:c1:f6:d9:2c:a2:b7:70:c2:c5:e3:62:66:ea:58:27:1e:
         89:41:40:af:f0:a4:81:29:b8:7c:c9:91:a7:5d:7f:eb:3a:d3:
         f9:f2:16:be:11:ae:32:e6:64:ef:a1:d6:7a:16:80:fb:d6:d8:
         bf:9d:7d:91:04:53:eb:ed:aa:41:a2:0b:32:d7:9c:87:1c:ab:
         18:68:f2:8b:d2:be:10:b6:cf:ea:57:29:11:57:36:34:2a:03:
         5b:4c:f8:25:b8:82:69:db:fe:ee:45:f9:e0:66:02:04:78:73:
         d0:68:9c:88:db:e5:e9:bc:72:bd:b4:ba:06:d9:18:06:88:eb:
         5b:24:5f:a4:32:40:06:6c:a7:9a:b4:52:74:89:33:03:0c:c4:
         00:0b:6e:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSv7AYE45zUX9hyy2HteIp0/ZCa8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTVaFw0yNTA4MjIwODAxMTVaMDMxMTAvBgNV
BAMTKDc2QjM3MEY2MUYwOUQ3QzEyRTJENDU1RThENzFEMDAzOTE0QjY4NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSPDBxRGWpTzrsDPXQP0H/HFJ5
+PD7v4/VlEllHX+OpomC2sj7PNNrC8yfWNcGXq74RzJgP12dRwjHAq2J2LY582YH
v4FUCUdBsKXoYGS8xXtA1WM2T66uOVvTKLe8ENhHG5TCybTbtaGWwMUO3JywipTW
3F+kQVkqf3G4ajObWRnJv2bDwzB446y1khI1kZ4Lq1CWEyX/nUXgzjK9tGxkpByY
quU86wVB+As2N5W3m1qsP9LyZrzXC3lb+4unoDcD+WB47PRGeaKjpZeEXZW8Ocfv
kbFIJ18Px9kMdYH2aA55YjNhLQYqBRuDIJSfOdGOTgCTrsEvkaF6SXq0I0cNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUdrNw9h8J18EuLUVejXHQA5FLaHkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO+MA0GCSqGSIb3DQEBCwUAA4IBAQBH9i2buedAk7vJ5MSwUBEVIoHDkyG9ZNMQ
/sbxynUX4oJdVD5U8GBWnNjAGpvEbGqi2Wddp9T1OJ7ul1cPqwkibnJdUdkjsFEE
4ckx4O5lgGTMqgJfc3bNa9FsZdPzakXb/NRpxJf1t9lci1qmpsH22Syit3DCxeNi
ZupYJx6JQUCv8KSBKbh8yZGnXX/rOtP58ha+Ea4y5mTvodZ6FoD71ti/nX2RBFPr
7apBogsy15yHHKsYaPKL0r4Qts/qVykRVzY0KgNbTPgluIJp2/7uRfngZgIEeHPQ
aJyI2+XpvHK9tLoG2RgGiOtbJF+kMkAGbKeatFJ0iTMDDMQAC27n
-----END CERTIFICATE-----