Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215221.roa
File:                     AS215221.roa (raw, json)
Hash identifier:          XdDcDU1HGiaF9LV4Nj+XKZZAngNyiGx+0FyRzR32JVw=
Subject key identifier:   16:FB:61:8D:F3:A1:7D:6C:91:99:80:8A:CF:AA:2B:AD:0F:D0:D3:F4
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6A9B514DF0223C1330DFF75037F90F00CCCE2E9E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215221.roa
Signing time:             Fri 23 Aug 2024 08:01:15 +0000
ROA not before:           Fri 23 Aug 2024 07:56:15 +0000
ROA not after:            Fri 22 Aug 2025 08:01:15 +0000
asID:                     215221
IP address blocks:        2a0f:85c1:3a7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:9b:51:4d:f0:22:3c:13:30:df:f7:50:37:f9:0f:00:cc:ce:2e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:15 2024 GMT
            Not After : Aug 22 08:01:15 2025 GMT
        Subject: CN=16FB618DF3A17D6C9199808ACFAA2BAD0FD0D3F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:27:a5:b3:09:c7:b6:15:c7:5f:fa:58:99:06:
                    eb:ed:81:b4:73:9c:fd:52:30:cc:61:f9:0d:5c:f8:
                    03:33:d3:82:8e:b2:f2:fc:36:ac:e8:c5:6e:52:fc:
                    91:5b:ac:3f:3d:9a:88:0a:3c:7d:6e:64:46:c3:87:
                    0a:de:7f:34:84:8c:92:84:af:ea:56:1a:2e:bb:a5:
                    e9:ef:fd:8f:1d:78:62:ff:84:d6:ad:43:8e:35:0a:
                    e3:0b:05:b6:77:3a:5c:4f:a6:cc:b7:01:c3:25:6a:
                    22:73:ca:e2:de:75:13:61:3e:69:80:07:2f:e9:12:
                    37:07:92:c4:92:2a:12:18:f3:f3:c9:ad:00:7e:46:
                    37:f9:6d:e0:8d:81:6d:c8:fb:a9:b2:30:cc:30:e9:
                    84:21:03:c8:16:64:81:d2:56:40:d8:2e:a1:46:76:
                    72:29:e5:8c:43:b7:6b:92:d9:b4:c1:a4:a8:24:92:
                    5b:53:a8:bf:31:78:3e:9e:8f:ac:cc:cb:60:11:b2:
                    b4:12:25:ec:b8:18:4f:09:86:b6:8b:96:2e:11:4c:
                    eb:05:43:3f:88:09:0a:d4:1f:a9:23:b2:52:26:23:
                    bd:9c:7d:b3:98:fe:b0:aa:10:9f:52:48:b9:1e:25:
                    13:8e:b4:c4:69:fd:fd:60:c0:18:5b:c4:34:19:03:
                    23:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FB:61:8D:F3:A1:7D:6C:91:99:80:8A:CF:AA:2B:AD:0F:D0:D3:F4
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:ce:06:6f:58:52:6f:1f:a9:4f:15:0a:9e:81:a1:80:c9:cf:
         a1:db:03:c8:49:10:08:64:bc:2e:dc:31:f7:d9:08:ff:ef:b1:
         24:72:2e:cf:ce:f3:eb:78:e0:85:2b:72:32:8f:a3:e8:ac:6a:
         98:17:87:d3:75:a8:36:ce:83:98:19:a9:39:18:6f:d7:da:3d:
         03:90:f5:8b:3a:af:42:97:49:00:23:da:36:84:57:a1:7a:b4:
         37:d4:cb:42:fb:be:4d:6a:81:b1:5c:52:b0:59:7e:dc:94:bd:
         41:17:a8:30:77:d6:81:b3:af:02:a9:be:bd:3a:d9:9b:27:64:
         26:7a:ef:cd:d7:65:f4:01:28:66:b5:60:5e:fa:bb:45:67:0f:
         70:e4:ef:68:7d:95:2d:b7:b6:25:de:22:1b:ee:e7:89:a2:4f:
         de:99:08:64:69:86:74:c2:70:b9:55:32:23:cd:60:8c:93:49:
         f6:29:41:12:e1:ef:c3:e4:7d:f5:0b:e7:4a:57:e7:e9:b1:70:
         c9:9a:5f:4a:42:41:99:5f:a4:e6:b9:f3:5d:78:9d:c8:c3:b8:
         f0:7d:a1:17:f2:cb:7e:ee:12:65:68:bc:6c:5f:86:73:bf:29:
         0a:50:68:b8:b8:54:4e:d1:a4:72:5e:66:4c:78:64:19:68:71:
         54:12:d7:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaptRTfAiPBMw3/dQN/kPAMzOLp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTVaFw0yNTA4MjIwODAxMTVaMDMxMTAvBgNV
BAMTKDE2RkI2MThERjNBMTdENkM5MTk5ODA4QUNGQUEyQkFEMEZEMEQzRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClJ6WzCce2Fcdf+liZBuvtgbRz
nP1SMMxh+Q1c+AMz04KOsvL8NqzoxW5S/JFbrD89mogKPH1uZEbDhwrefzSEjJKE
r+pWGi67penv/Y8deGL/hNatQ441CuMLBbZ3OlxPpsy3AcMlaiJzyuLedRNhPmmA
By/pEjcHksSSKhIY8/PJrQB+Rjf5beCNgW3I+6myMMww6YQhA8gWZIHSVkDYLqFG
dnIp5YxDt2uS2bTBpKgkkltTqL8xeD6ej6zMy2ARsrQSJey4GE8JhraLli4RTOsF
Qz+ICQrUH6kjslImI72cfbOY/rCqEJ9SSLkeJROOtMRp/f1gwBhbxDQZAyOvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUFvthjfOhfWyRmYCKz6orrQ/Q0/QwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOnMA0GCSqGSIb3DQEBCwUAA4IBAQCFzgZvWFJvH6lPFQqegaGAyc+h2wPISRAI
ZLwu3DH32Qj/77Ekci7PzvPreOCFK3Iyj6PorGqYF4fTdag2zoOYGak5GG/X2j0D
kPWLOq9Cl0kAI9o2hFeherQ31MtC+75NaoGxXFKwWX7clL1BF6gwd9aBs68Cqb69
OtmbJ2Qmeu/N12X0AShmtWBe+rtFZw9w5O9ofZUtt7Yl3iIb7ueJok/emQhkaYZ0
wnC5VTIjzWCMk0n2KUES4e/D5H31C+dKV+fpsXDJml9KQkGZX6TmufNdeJ3Iw7jw
faEX8st+7hJlaLxsX4ZzvykKUGi4uFRO0aRyXmZMeGQZaHFUEtev
-----END CERTIFICATE-----