Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa
File:                     AS215255.roa (raw, json)
Hash identifier:          AEgRm+DMU6y9kvdAwr/m9k7pBo2ZIdObYUocNu1cUUw=
Subject key identifier:   2D:E9:C2:9E:46:2E:3F:EE:36:B2:82:11:B1:E0:68:08:89:B2:6D:2D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       13AB777FA246B3707AD42094170631FD1BE8618F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa
Signing time:             Fri 23 Aug 2024 08:01:25 +0000
ROA not before:           Fri 23 Aug 2024 07:56:25 +0000
ROA not after:            Fri 22 Aug 2025 08:01:25 +0000
asID:                     215255
IP address blocks:        2a0f:85c1:39f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ab:77:7f:a2:46:b3:70:7a:d4:20:94:17:06:31:fd:1b:e8:61:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:25 2024 GMT
            Not After : Aug 22 08:01:25 2025 GMT
        Subject: CN=2DE9C29E462E3FEE36B28211B1E0680889B26D2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ed:76:61:78:e3:94:07:28:d1:1b:6a:35:a1:
                    b8:27:ca:f1:3f:0e:0a:bd:72:08:ea:77:17:a7:af:
                    43:a6:c4:d0:55:79:82:46:c4:55:9e:3b:62:1d:9d:
                    02:c2:3b:b5:bc:fc:b4:9b:2d:c0:85:f8:9e:f9:fb:
                    5f:97:bd:c7:a7:3b:58:df:f9:08:15:c8:01:e6:92:
                    0d:e8:aa:c9:13:80:67:e3:4a:5e:7d:e7:b8:75:be:
                    d2:00:7f:a9:95:de:97:a2:f7:0e:9f:eb:5c:a9:10:
                    4f:9b:5a:50:3a:e9:7d:7d:28:5d:62:63:23:01:d6:
                    3e:91:6d:1e:8c:a8:01:a0:76:e2:94:8b:3d:b9:b8:
                    9a:a1:f1:0e:a3:76:38:a0:08:33:f8:24:4e:54:f6:
                    ce:f4:8c:13:ad:40:8f:49:83:27:ba:f4:52:0f:eb:
                    24:88:d2:31:43:e5:51:2e:6b:ad:d5:5c:dc:dc:d7:
                    59:8b:23:00:41:3a:6d:db:97:02:ca:a1:19:dd:06:
                    08:1a:af:72:25:f0:43:f3:15:12:7b:9a:92:e1:07:
                    88:ae:6f:6c:37:38:6b:7d:36:99:3d:73:96:ef:2e:
                    3e:85:5b:d7:0f:bf:2a:b7:09:3b:52:00:55:ed:d0:
                    84:b2:72:3a:04:c7:68:ce:46:b7:9e:ff:fa:2f:09:
                    8c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:E9:C2:9E:46:2E:3F:EE:36:B2:82:11:B1:E0:68:08:89:B2:6D:2D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39f::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:bc:21:04:12:bb:7e:21:b1:1e:01:b8:26:d5:bd:fd:51:23:
         c2:12:61:24:25:db:b8:b5:fb:fb:81:39:09:1e:2a:aa:aa:b1:
         12:9b:75:e2:82:d7:56:25:b0:17:b8:2a:10:20:f4:32:f3:10:
         4c:bc:a5:01:1e:82:f2:39:46:f8:f7:e6:ad:44:3a:b9:94:89:
         2e:02:b6:e5:f8:53:52:26:82:f3:0a:9a:57:a9:61:a3:7d:6a:
         78:8d:c1:88:51:6d:98:46:b9:05:49:37:b1:9b:02:4e:f3:83:
         7b:95:1b:96:f8:68:85:a4:ff:c8:20:77:0c:95:44:71:56:9f:
         09:bf:0c:af:68:b0:fd:f5:14:af:fb:12:79:5b:21:db:ec:26:
         b3:8f:1e:31:47:91:d6:b6:b7:43:c2:44:b6:34:3a:68:1a:18:
         13:8e:74:56:fe:ce:63:67:1d:dd:ed:7a:91:66:5a:62:25:63:
         7e:86:5d:73:0a:8a:f9:09:42:dc:47:4a:c2:c1:83:69:dc:cb:
         d2:56:cc:87:36:4a:8c:d6:9c:da:67:54:48:3f:ab:d0:e4:ff:
         7f:6f:9e:1c:12:44:35:52:4a:98:5d:c0:9b:24:39:2d:67:4a:
         d9:8a:3a:2e:8b:3a:6b:a4:c0:e5:e2:cf:2d:69:ed:e9:f8:b2:
         ed:eb:f2:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE6t3f6JGs3B61CCUFwYx/RvoYY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjVaFw0yNTA4MjIwODAxMjVaMDMxMTAvBgNV
BAMTKDJERTlDMjlFNDYyRTNGRUUzNkIyODIxMUIxRTA2ODA4ODlCMjZEMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb7XZheOOUByjRG2o1obgnyvE/
Dgq9cgjqdxenr0OmxNBVeYJGxFWeO2IdnQLCO7W8/LSbLcCF+J75+1+XvcenO1jf
+QgVyAHmkg3oqskTgGfjSl5957h1vtIAf6mV3pei9w6f61ypEE+bWlA66X19KF1i
YyMB1j6RbR6MqAGgduKUiz25uJqh8Q6jdjigCDP4JE5U9s70jBOtQI9Jgye69FIP
6ySI0jFD5VEua63VXNzc11mLIwBBOm3blwLKoRndBggar3Il8EPzFRJ7mpLhB4iu
b2w3OGt9Npk9c5bvLj6FW9cPvyq3CTtSAFXt0ISycjoEx2jORree//ovCYyRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULenCnkYuP+42soIRseBoCImybS0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOfMA0GCSqGSIb3DQEBCwUAA4IBAQDQvCEEErt+IbEeAbgm1b39USPCEmEkJdu4
tfv7gTkJHiqqqrESm3XigtdWJbAXuCoQIPQy8xBMvKUBHoLyOUb49+atRDq5lIku
Arbl+FNSJoLzCppXqWGjfWp4jcGIUW2YRrkFSTexmwJO84N7lRuW+GiFpP/IIHcM
lURxVp8JvwyvaLD99RSv+xJ5WyHb7Cazjx4xR5HWtrdDwkS2NDpoGhgTjnRW/s5j
Zx3d7XqRZlpiJWN+hl1zCor5CULcR0rCwYNp3MvSVsyHNkqM1pzaZ1RIP6vQ5P9/
b54cEkQ1UkqYXcCbJDktZ0rZijouizprpMDl4s8tae3p+LLt6/Ip
-----END CERTIFICATE-----