Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa
File:                     AS215196.roa (raw, json)
Hash identifier:          VcUfWKx4IR/kk++5CQLIsH+oiUYCqgxupodTeQqHfR8=
Subject key identifier:   D9:F9:92:56:A3:E8:A3:79:5A:13:60:1A:35:BD:B0:D3:DE:6E:AB:38
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0BA81D51B9EC94B952EF8676E8D365B4D7A590FE
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa
Signing time:             Wed 16 Oct 2024 03:04:20 +0000
ROA not before:           Wed 16 Oct 2024 02:59:20 +0000
ROA not after:            Wed 15 Oct 2025 03:04:20 +0000
asID:                     215196
IP address blocks:        2a0f:85c1:3ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a8:1d:51:b9:ec:94:b9:52:ef:86:76:e8:d3:65:b4:d7:a5:90:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:59:20 2024 GMT
            Not After : Oct 15 03:04:20 2025 GMT
        Subject: CN=D9F99256A3E8A3795A13601A35BDB0D3DE6EAB38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e7:8a:56:32:c1:19:08:a8:72:0f:37:7a:58:
                    84:b4:0e:c3:1d:48:1a:c1:83:a3:2a:95:b0:4b:5a:
                    55:ae:fd:4e:80:ad:15:32:bc:a9:c3:97:0c:35:80:
                    b4:af:d5:55:53:e9:bc:d5:c0:9b:ce:38:e0:bf:e1:
                    3b:d9:4f:b3:6f:55:03:04:9b:b3:30:c2:81:f3:79:
                    3c:2c:cd:4e:4a:e1:20:6f:1d:82:a0:bb:b1:d5:68:
                    38:57:56:2e:14:62:e6:c3:aa:8c:dd:4f:5a:48:42:
                    c1:be:76:d8:a5:71:34:50:7a:8e:30:20:cd:2d:4b:
                    cb:50:a1:c9:ea:c4:e7:bc:a4:83:7a:ed:f8:c4:f2:
                    5f:23:b3:1d:ec:c4:4c:0d:14:0d:54:77:82:d5:46:
                    c1:82:38:93:93:69:54:d9:80:38:d8:39:74:84:f7:
                    7d:19:f3:56:a5:ca:dd:cc:2b:01:69:6e:22:42:9e:
                    ff:9e:1f:fe:40:de:49:c5:86:a6:92:b2:83:c7:fb:
                    4b:21:cd:7c:5c:08:51:c8:fc:d1:44:9a:e8:cf:74:
                    93:11:e2:2f:e7:d5:18:12:af:dd:ee:32:29:01:84:
                    d8:e2:27:b3:71:8f:7a:9c:2f:38:a2:59:a4:96:aa:
                    ce:d4:f1:4d:ea:d1:3f:fd:13:c7:78:73:08:0b:16:
                    09:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F9:92:56:A3:E8:A3:79:5A:13:60:1A:35:BD:B0:D3:DE:6E:AB:38
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:e8:d8:7f:3b:b9:0c:a9:5e:0c:3a:89:f0:f0:52:0e:31:d7:
         22:4b:65:b5:30:7a:a2:fd:cb:31:cf:26:c6:18:78:dd:09:26:
         bc:89:71:18:d7:bd:1b:e2:6e:b2:23:1e:ed:2e:22:9b:f6:55:
         db:8d:fb:19:12:97:8a:2d:83:db:36:45:a2:82:6c:2b:47:c9:
         fe:b4:c8:79:2c:5e:36:33:cf:a1:49:c5:03:5a:ab:7c:5d:f5:
         f4:5c:31:b1:8a:08:72:6b:a0:5b:c0:58:6e:82:62:b0:eb:4b:
         77:9a:8d:73:fd:3d:1b:5d:ec:2b:2a:ef:aa:93:49:b8:9a:15:
         ae:5b:7a:9c:61:a3:50:ba:cc:43:98:b6:f1:0a:9b:46:e6:f4:
         94:8c:ef:62:56:56:ad:f7:e0:f2:18:cb:92:51:1a:ae:93:4a:
         dc:e5:e2:64:30:b0:da:6c:48:35:4c:85:09:3d:a0:5a:a4:63:
         12:2d:c1:65:50:2b:bc:2a:81:f9:5a:c1:04:1a:74:72:1f:40:
         79:79:85:89:41:63:48:dc:ed:b9:5f:71:85:a7:cb:11:f3:fe:
         41:71:f4:c3:cd:73:0d:53:55:ec:00:3b:fe:09:0b:23:a3:09:
         33:12:5b:7f:1a:77:db:e4:f8:bf:06:db:79:dd:65:ee:75:12:
         68:04:17:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUC6gdUbnslLlS74Z26NNltNelkP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU5MjBaFw0yNTEwMTUwMzA0MjBaMDMxMTAvBgNV
BAMTKEQ5Rjk5MjU2QTNFOEEzNzk1QTEzNjAxQTM1QkRCMEQzREU2RUFCMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC054pWMsEZCKhyDzd6WIS0DsMd
SBrBg6MqlbBLWlWu/U6ArRUyvKnDlww1gLSv1VVT6bzVwJvOOOC/4TvZT7NvVQME
m7MwwoHzeTwszU5K4SBvHYKgu7HVaDhXVi4UYubDqozdT1pIQsG+dtilcTRQeo4w
IM0tS8tQocnqxOe8pIN67fjE8l8jsx3sxEwNFA1Ud4LVRsGCOJOTaVTZgDjYOXSE
930Z81alyt3MKwFpbiJCnv+eH/5A3knFhqaSsoPH+0shzXxcCFHI/NFEmujPdJMR
4i/n1RgSr93uMikBhNjiJ7Nxj3qcLziiWaSWqs7U8U3q0T/9E8d4cwgLFgl9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2fmSVqPoo3laE2AaNb2w095uqzgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOsMA0GCSqGSIb3DQEBCwUAA4IBAQA/6Nh/O7kMqV4MOonw8FIOMdciS2W1MHqi
/csxzybGGHjdCSa8iXEY170b4m6yIx7tLiKb9lXbjfsZEpeKLYPbNkWigmwrR8n+
tMh5LF42M8+hScUDWqt8XfX0XDGxighya6BbwFhugmKw60t3mo1z/T0bXewrKu+q
k0m4mhWuW3qcYaNQusxDmLbxCptG5vSUjO9iVlat9+DyGMuSURquk0rc5eJkMLDa
bEg1TIUJPaBapGMSLcFlUCu8KoH5WsEEGnRyH0B5eYWJQWNI3O25X3GFp8sR8/5B
cfTDzXMNU1XsADv+CQsjowkzElt/Gnfb5Pi/Btt53WXudRJoBBd/
-----END CERTIFICATE-----