Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215150.roa
File:                     AS215150.roa (raw, json)
Hash identifier:          vfjQpUziZ5eKIENe5omOTk18vtN7r98XnatUxU6kMxQ=
Subject key identifier:   19:14:DD:D8:92:47:AD:CD:23:92:D4:5B:A0:9E:EE:0C:97:ED:6F:DC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       699CC806CE3BBC61FE5EDB4C48B7A333543F9C91
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215150.roa
Signing time:             Fri 23 Aug 2024 08:01:21 +0000
ROA not before:           Fri 23 Aug 2024 07:56:21 +0000
ROA not after:            Fri 22 Aug 2025 08:01:21 +0000
asID:                     215150
IP address blocks:        2a0f:85c1:3b2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:9c:c8:06:ce:3b:bc:61:fe:5e:db:4c:48:b7:a3:33:54:3f:9c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:21 2024 GMT
            Not After : Aug 22 08:01:21 2025 GMT
        Subject: CN=1914DDD89247ADCD2392D45BA09EEE0C97ED6FDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ef:f6:ea:2d:2e:9d:e5:57:30:fc:10:52:9b:
                    b0:19:44:2f:2d:a8:54:91:e8:ab:a7:8f:c2:e1:5d:
                    01:06:cf:66:15:0f:6f:0c:d6:be:5f:3d:3a:49:59:
                    d8:fc:92:c7:3c:3b:ee:05:23:32:d2:98:c9:85:f7:
                    59:b7:2e:44:eb:42:2e:52:7f:33:62:72:78:ca:b3:
                    29:9d:9f:33:d7:cd:0b:3c:d4:85:81:53:61:02:6f:
                    38:8f:e3:81:89:7d:46:1a:38:fb:69:6a:c8:28:10:
                    1a:f9:4e:37:00:23:cc:83:7d:b0:a1:6a:75:25:15:
                    7e:da:b8:df:98:40:05:ed:f4:c8:fd:29:8e:4d:03:
                    95:9f:5a:d5:ef:11:96:85:05:aa:ef:e6:06:6f:84:
                    bb:5f:3b:2e:ec:51:0c:a4:3f:3e:3b:70:b2:52:ec:
                    c8:ee:11:ef:19:69:45:5e:47:7a:eb:71:ae:25:93:
                    40:ae:2b:5d:f1:43:bc:d7:cb:b3:4b:75:2d:0f:6a:
                    3a:1c:39:ba:05:91:ee:4c:70:e2:d3:0c:50:0a:6b:
                    59:cf:ae:61:f9:8a:36:f7:90:eb:74:fc:30:67:ff:
                    b7:58:70:0d:34:ea:33:19:9e:b3:03:07:61:a0:13:
                    21:cd:8d:00:2a:f4:d3:af:78:a0:de:c9:65:30:ab:
                    0b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:14:DD:D8:92:47:AD:CD:23:92:D4:5B:A0:9E:EE:0C:97:ED:6F:DC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b2::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:ab:66:c7:9a:61:32:97:b4:ee:70:cf:30:00:2d:4c:61:cd:
         0b:38:05:0f:e6:48:99:96:d7:17:3a:bb:c5:98:19:32:83:8d:
         ed:52:48:71:84:88:4f:ca:31:07:b4:2f:15:14:e6:00:e6:61:
         78:fc:4f:d3:6f:85:24:1d:15:a2:a1:4d:b2:56:62:09:8e:94:
         d1:09:f2:de:97:70:a4:7a:b7:92:7f:ea:73:99:1a:cc:a8:a7:
         f4:43:f0:8a:67:13:1e:f2:d4:a6:ac:a6:54:c1:ec:8e:56:69:
         46:06:85:7b:39:a6:13:d0:ac:97:3f:37:2c:e7:02:e2:81:6e:
         cb:bc:c0:db:97:3c:bb:bf:a1:7c:fb:4e:e5:5c:d1:da:95:b1:
         aa:fe:45:f5:dd:2b:f4:c5:d5:d2:82:c8:f0:b0:49:a5:af:c1:
         1e:0f:43:7b:7e:41:9f:57:65:e9:6f:10:fd:e2:89:2c:4a:8e:
         10:cd:43:80:46:aa:3f:ab:9b:ed:b4:a5:7d:4f:9d:cb:22:6a:
         e3:e7:68:34:54:bb:09:09:f9:4c:b4:0c:af:3d:fe:a6:56:c3:
         25:8a:ef:f0:e5:e6:f3:77:40:ec:aa:f9:f5:02:1a:8a:82:65:
         9b:08:9f:02:47:6c:15:e6:59:c5:fd:81:81:a5:68:c1:a7:dc:
         9f:63:d1:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaZzIBs47vGH+XttMSLejM1Q/nJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjFaFw0yNTA4MjIwODAxMjFaMDMxMTAvBgNV
BAMTKDE5MTREREQ4OTI0N0FEQ0QyMzkyRDQ1QkEwOUVFRTBDOTdFRDZGREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf7/bqLS6d5Vcw/BBSm7AZRC8t
qFSR6Kunj8LhXQEGz2YVD28M1r5fPTpJWdj8ksc8O+4FIzLSmMmF91m3LkTrQi5S
fzNicnjKsymdnzPXzQs81IWBU2ECbziP44GJfUYaOPtpasgoEBr5TjcAI8yDfbCh
anUlFX7auN+YQAXt9Mj9KY5NA5WfWtXvEZaFBarv5gZvhLtfOy7sUQykPz47cLJS
7MjuEe8ZaUVeR3rrca4lk0CuK13xQ7zXy7NLdS0PajocOboFke5McOLTDFAKa1nP
rmH5ijb3kOt0/DBn/7dYcA006jMZnrMDB2GgEyHNjQAq9NOveKDeyWUwqwvtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUGRTd2JJHrc0jktRboJ7uDJftb9wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOyMA0GCSqGSIb3DQEBCwUAA4IBAQDBq2bHmmEyl7TucM8wAC1MYc0LOAUP5kiZ
ltcXOrvFmBkyg43tUkhxhIhPyjEHtC8VFOYA5mF4/E/Tb4UkHRWioU2yVmIJjpTR
CfLel3CkereSf+pzmRrMqKf0Q/CKZxMe8tSmrKZUweyOVmlGBoV7OaYT0KyXPzcs
5wLigW7LvMDblzy7v6F8+07lXNHalbGq/kX13Sv0xdXSgsjwsEmlr8EeD0N7fkGf
V2XpbxD94oksSo4QzUOARqo/q5vttKV9T53LImrj52g0VLsJCflMtAyvPf6mVsMl
iu/w5ebzd0Dsqvn1AhqKgmWbCJ8CR2wV5lnF/YGBpWjBp9yfY9H9
-----END CERTIFICATE-----