Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa
File:                     AS215280.roa (raw, json)
Hash identifier:          HZIJUCGaqhXgdHhzdP/erhj+1BDMwq0Bc7rff8p14Tw=
Subject key identifier:   D3:88:33:7E:2D:57:4C:0D:38:E2:4C:92:01:AB:58:6A:62:21:D8:17
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7465FC8E69BE5FA1FCFB64FBD7024CD1210A7B0A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa
Signing time:             Fri 23 Aug 2024 08:01:21 +0000
ROA not before:           Fri 23 Aug 2024 07:56:21 +0000
ROA not after:            Fri 22 Aug 2025 08:01:21 +0000
asID:                     215280
IP address blocks:        2a0f:85c1:39d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:65:fc:8e:69:be:5f:a1:fc:fb:64:fb:d7:02:4c:d1:21:0a:7b:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:21 2024 GMT
            Not After : Aug 22 08:01:21 2025 GMT
        Subject: CN=D388337E2D574C0D38E24C9201AB586A6221D817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:c6:88:c9:41:b3:c7:9b:44:00:37:e2:3a:
                    b1:0c:e0:29:4a:c1:61:5b:9e:2f:f1:58:b1:73:ce:
                    82:29:37:30:43:e6:01:ac:e1:67:a5:3c:9a:2d:35:
                    6d:23:17:77:42:ce:6f:f1:77:ff:ce:42:2b:74:ee:
                    2d:e6:5f:d4:4f:7b:74:ae:5d:89:f7:93:71:e0:6f:
                    70:18:d7:02:81:cd:35:2d:ce:76:62:4e:71:09:0d:
                    5e:97:14:42:82:c2:59:dc:dd:6c:f8:dd:f7:80:4d:
                    29:6b:d8:1a:11:16:a3:57:6e:2a:6a:ca:46:78:f2:
                    91:ce:1c:97:4d:30:e2:d3:56:b6:ec:64:a2:c9:53:
                    81:ca:d9:47:e5:30:71:43:e1:7e:2e:78:1c:0c:2a:
                    f0:43:08:9b:14:9a:ce:e5:3b:76:21:90:a4:b7:f5:
                    13:93:c9:4d:1e:cc:74:b2:e7:30:86:53:5d:6d:be:
                    c8:c9:59:87:55:66:c1:36:94:bf:34:82:a6:ea:6b:
                    da:8b:d3:78:d9:e0:64:fd:73:e4:2d:87:b7:f3:e0:
                    77:ee:8e:6b:f7:88:d0:83:7c:8b:a9:98:0f:5a:94:
                    15:85:05:06:9b:c4:0b:66:1b:c1:ad:2e:70:09:1d:
                    9d:83:fd:44:00:77:7e:d8:53:b4:be:43:05:cf:14:
                    81:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:88:33:7E:2D:57:4C:0D:38:E2:4C:92:01:AB:58:6A:62:21:D8:17
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39d::/48

    Signature Algorithm: sha256WithRSAEncryption
         dc:b4:7d:95:bf:7c:f3:71:29:c4:87:4b:fe:8f:1a:5e:55:f6:
         c3:5b:07:b1:97:d4:d3:44:21:d9:07:8d:e6:3b:b9:e6:71:79:
         1a:9f:92:4f:bb:b3:1d:35:41:55:68:db:36:db:14:15:c2:96:
         77:73:57:9c:d0:f4:93:18:a4:ef:d7:e8:e5:65:85:72:c2:f7:
         7c:f8:ad:88:6d:0b:61:4a:aa:34:96:99:c6:4e:17:7d:53:eb:
         8f:90:0a:94:07:77:34:e4:cd:00:14:ab:b8:73:38:75:dd:02:
         4f:b4:aa:82:c3:61:f2:8c:5c:78:24:79:b2:1f:80:7c:82:53:
         98:2e:3a:3f:b8:d3:9c:b1:53:06:39:1f:ab:d4:69:d7:a2:70:
         02:be:ad:e0:7c:2a:4a:bb:49:fe:27:f2:39:4d:a3:18:a1:71:
         c4:53:e5:08:fd:5d:ec:31:3f:cf:17:f8:a8:15:3e:93:53:39:
         a8:d7:67:bf:d4:e2:a6:fe:5a:00:06:a2:dd:93:d1:ac:60:fc:
         bb:27:f9:18:8f:1b:06:62:26:61:58:0c:9e:38:b1:f9:90:c3:
         48:28:0e:7e:c2:4e:9d:e3:48:e0:23:da:bf:dd:3d:95:f5:82:
         2f:1f:97:8f:8e:15:0c:f8:08:84:67:b5:83:1d:83:fe:3b:1c:
         74:29:10:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdGX8jmm+X6H8+2T71wJM0SEKewowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjFaFw0yNTA4MjIwODAxMjFaMDMxMTAvBgNV
BAMTKEQzODgzMzdFMkQ1NzRDMEQzOEUyNEM5MjAxQUI1ODZBNjIyMUQ4MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkUcaIyUGzx5tEADfiOrEM4ClK
wWFbni/xWLFzzoIpNzBD5gGs4WelPJotNW0jF3dCzm/xd//OQit07i3mX9RPe3Su
XYn3k3Hgb3AY1wKBzTUtznZiTnEJDV6XFEKCwlnc3Wz43feATSlr2BoRFqNXbipq
ykZ48pHOHJdNMOLTVrbsZKLJU4HK2UflMHFD4X4ueBwMKvBDCJsUms7lO3YhkKS3
9ROTyU0ezHSy5zCGU11tvsjJWYdVZsE2lL80gqbqa9qL03jZ4GT9c+Qth7fz4Hfu
jmv3iNCDfIupmA9alBWFBQabxAtmG8GtLnAJHZ2D/UQAd37YU7S+QwXPFIE3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU04gzfi1XTA044kySAatYamIh2BcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOdMA0GCSqGSIb3DQEBCwUAA4IBAQDctH2Vv3zzcSnEh0v+jxpeVfbDWwexl9TT
RCHZB43mO7nmcXkan5JPu7MdNUFVaNs22xQVwpZ3c1ec0PSTGKTv1+jlZYVywvd8
+K2IbQthSqo0lpnGThd9U+uPkAqUB3c05M0AFKu4czh13QJPtKqCw2HyjFx4JHmy
H4B8glOYLjo/uNOcsVMGOR+r1GnXonACvq3gfCpKu0n+J/I5TaMYoXHEU+UI/V3s
MT/PF/ioFT6TUzmo12e/1OKm/loABqLdk9GsYPy7J/kYjxsGYiZhWAyeOLH5kMNI
KA5+wk6d40jgI9q/3T2V9YIvH5ePjhUM+AiEZ7WDHYP+Oxx0KRDA
-----END CERTIFICATE-----