Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa
File:                     AS215172.roa (raw, json)
Hash identifier:          VGc6/UaXdNny9FBvC72n87Hcn+DrwLyuRYskSLzx848=
Subject key identifier:   CD:78:90:B2:5D:08:3B:14:FD:84:33:80:48:EA:38:FC:FF:66:90:97
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       62A9817EDC0AD1DA9E57A5E02BAEDBFFF5D6FDE6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa
Signing time:             Fri 23 Aug 2024 08:01:22 +0000
ROA not before:           Fri 23 Aug 2024 07:56:22 +0000
ROA not after:            Fri 22 Aug 2025 08:01:22 +0000
asID:                     215172
IP address blocks:        2a0f:85c1:3ad::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:a9:81:7e:dc:0a:d1:da:9e:57:a5:e0:2b:ae:db:ff:f5:d6:fd:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:22 2024 GMT
            Not After : Aug 22 08:01:22 2025 GMT
        Subject: CN=CD7890B25D083B14FD84338048EA38FCFF669097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:84:29:97:73:51:9f:b6:8a:fa:44:a9:4b:30:
                    5d:16:8d:ab:14:45:cd:87:df:39:80:55:3e:37:b1:
                    f7:9c:92:19:5a:57:a1:3a:14:72:b3:23:28:e1:06:
                    75:b1:b4:b3:cf:c1:d9:17:79:8c:60:22:b0:67:82:
                    f1:ae:47:60:c7:02:27:45:fe:29:d4:33:c3:25:18:
                    dd:fb:82:29:63:44:e8:8b:17:bc:0d:ff:89:d3:20:
                    7d:0d:df:57:31:70:ca:70:10:b0:60:de:37:c1:51:
                    87:6d:a0:f0:7f:12:32:03:70:99:71:d7:f0:84:16:
                    0f:be:8e:4c:ae:57:76:b3:7e:16:54:57:72:c5:91:
                    73:4d:82:cd:be:13:55:87:22:6d:29:20:f5:88:de:
                    cc:84:ec:36:e2:a1:ed:70:7b:8b:c3:e5:4e:c9:e1:
                    c7:3b:2d:d9:8c:d9:ab:30:4e:21:ee:b6:c2:c5:9e:
                    26:fa:5e:d9:4d:db:3e:79:eb:a6:c0:58:a0:54:da:
                    f9:82:09:fd:a4:41:bb:d3:75:c2:4c:49:89:ec:76:
                    c2:3d:d2:d5:20:3d:42:51:f0:24:3e:b2:73:86:18:
                    f7:56:98:41:4a:02:ab:e3:49:d2:d9:bd:ef:ba:23:
                    ee:31:c4:53:a0:4d:d0:b8:c3:b8:fc:00:4c:3b:b3:
                    59:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:78:90:B2:5D:08:3B:14:FD:84:33:80:48:EA:38:FC:FF:66:90:97
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:a7:dc:17:02:83:04:e3:a3:39:59:86:63:c8:72:19:6d:2d:
         75:f7:f8:f4:c8:0f:1b:59:25:cc:82:a7:16:00:ed:89:4f:cf:
         57:f3:14:e7:03:d5:44:7a:34:6f:40:99:46:7c:bf:1b:3d:62:
         dc:a5:fa:f2:13:0c:3b:13:f4:e4:b8:93:71:24:a5:08:15:d8:
         a7:7a:e1:64:94:19:2e:c0:1f:84:f4:65:1f:6a:a2:49:6f:33:
         f3:1f:ce:80:3d:83:0e:b8:62:69:76:36:cf:a0:22:75:48:3a:
         84:ff:3e:53:85:f3:16:b3:e2:ab:75:40:f1:a5:b4:91:71:ca:
         e4:20:65:7f:8d:2c:e4:25:3f:f1:7e:d4:5c:cc:93:ac:2f:d8:
         ef:f1:5d:18:bd:7a:ed:cd:7c:65:59:37:73:58:a8:e6:32:ac:
         08:dd:78:10:ec:26:e7:a1:7b:32:da:c3:d4:47:21:34:9a:c7:
         49:05:3f:49:f6:1d:77:10:2e:bc:40:c2:d8:9d:d2:02:ea:0d:
         41:bb:f9:e6:b1:e0:c8:7c:12:7b:ad:63:7d:cf:3d:6c:92:24:
         c2:21:cb:f7:46:05:3f:ec:3d:43:71:8c:b2:cd:7b:d8:22:c3:
         6d:ea:6a:ab:f7:94:78:5a:96:5d:a5:a4:45:db:e6:c8:53:4c:
         2e:38:2a:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYqmBftwK0dqeV6XgK67b//XW/eYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjJaFw0yNTA4MjIwODAxMjJaMDMxMTAvBgNV
BAMTKENENzg5MEIyNUQwODNCMTRGRDg0MzM4MDQ4RUEzOEZDRkY2NjkwOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFhCmXc1Gftor6RKlLMF0WjasU
Rc2H3zmAVT43sfeckhlaV6E6FHKzIyjhBnWxtLPPwdkXeYxgIrBngvGuR2DHAidF
/inUM8MlGN37giljROiLF7wN/4nTIH0N31cxcMpwELBg3jfBUYdtoPB/EjIDcJlx
1/CEFg++jkyuV3azfhZUV3LFkXNNgs2+E1WHIm0pIPWI3syE7Dbioe1we4vD5U7J
4cc7LdmM2aswTiHutsLFnib6XtlN2z5566bAWKBU2vmCCf2kQbvTdcJMSYnsdsI9
0tUgPUJR8CQ+snOGGPdWmEFKAqvjSdLZve+6I+4xxFOgTdC4w7j8AEw7s1npAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUzXiQsl0IOxT9hDOASOo4/P9mkJcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOtMA0GCSqGSIb3DQEBCwUAA4IBAQBsp9wXAoME46M5WYZjyHIZbS119/j0yA8b
WSXMgqcWAO2JT89X8xTnA9VEejRvQJlGfL8bPWLcpfryEww7E/TkuJNxJKUIFdin
euFklBkuwB+E9GUfaqJJbzPzH86APYMOuGJpdjbPoCJ1SDqE/z5ThfMWs+KrdUDx
pbSRccrkIGV/jSzkJT/xftRczJOsL9jv8V0YvXrtzXxlWTdzWKjmMqwI3XgQ7Cbn
oXsy2sPURyE0msdJBT9J9h13EC68QMLYndIC6g1Bu/nmseDIfBJ7rWN9zz1skiTC
Icv3RgU/7D1DcYyyzXvYIsNt6mqr95R4WpZdpaRF2+bIU0wuOCr/
-----END CERTIFICATE-----