Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa
File:                     AS215368.roa (raw, json)
Hash identifier:          /FPAE6oxJ+c0WsIyKNe/7k53w7u+IgHGMKXkafV9kpE=
Subject key identifier:   11:AA:60:40:E3:4D:0D:5D:38:B7:04:C3:89:04:3B:99:5F:BF:91:AF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       470E7025D06FF19410AB38D63AD45E77B60B4A66
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa
Signing time:             Fri 23 Aug 2024 08:01:25 +0000
ROA not before:           Fri 23 Aug 2024 07:56:25 +0000
ROA not after:            Fri 22 Aug 2025 08:01:25 +0000
asID:                     215368
IP address blocks:        2a0f:85c1:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:0e:70:25:d0:6f:f1:94:10:ab:38:d6:3a:d4:5e:77:b6:0b:4a:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:25 2024 GMT
            Not After : Aug 22 08:01:25 2025 GMT
        Subject: CN=11AA6040E34D0D5D38B704C389043B995FBF91AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:44:06:2d:ea:1e:94:c5:21:f5:18:7a:25:d2:
                    0e:1a:76:04:95:af:d7:ba:c3:17:f3:f8:d7:27:a9:
                    2b:d5:bd:31:6f:17:b9:9b:39:c7:e4:61:95:42:eb:
                    6b:72:4c:1e:da:d4:7d:b0:f8:95:07:a5:99:e1:3d:
                    6b:22:ea:20:36:37:73:c8:d1:4c:29:00:73:14:c3:
                    b1:6e:e2:36:17:70:ee:67:66:fe:d0:b9:63:dc:62:
                    65:7f:2f:f5:37:30:fc:d8:b7:26:08:ab:b0:a4:74:
                    88:90:f9:da:df:fe:3c:25:11:a3:e0:e6:d9:c8:2b:
                    8f:6b:b4:79:28:19:6d:1e:25:ac:de:f0:b9:7f:7c:
                    80:7f:fd:7b:6f:3f:fe:de:e4:ad:8a:a3:b7:80:62:
                    d9:8c:7d:b4:10:76:38:7f:31:5d:1e:e7:26:f2:c5:
                    ef:be:4f:45:04:51:23:99:91:88:9a:ca:71:c9:75:
                    72:1a:fe:12:06:b3:39:89:24:a2:db:d7:68:e9:97:
                    42:33:2d:0e:33:b1:06:1f:0f:ec:2b:32:85:d2:f9:
                    50:ec:a5:db:c7:b0:34:41:c9:dd:c5:e2:b0:1a:05:
                    0b:e9:96:ae:c3:83:f1:f3:76:b2:1c:63:78:8f:47:
                    83:14:ab:41:17:f5:c2:12:fe:af:92:c4:0e:3e:4f:
                    5a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AA:60:40:E3:4D:0D:5D:38:B7:04:C3:89:04:3B:99:5F:BF:91:AF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:18:80:d9:43:d8:e7:ba:51:61:9a:a9:da:94:8e:96:35:16:
         86:41:f9:40:0d:ee:44:7d:8f:fc:9b:0e:e1:be:ce:92:d1:d6:
         8a:df:47:ec:63:30:b2:35:ab:bb:25:b8:d4:26:df:38:7e:db:
         33:da:76:c3:6f:4f:43:9b:3b:60:2f:1b:f5:12:d3:22:0b:e9:
         eb:5b:ad:21:9c:d7:eb:5c:79:2c:7a:3d:93:ee:85:29:b5:af:
         0d:0c:bd:3a:4c:59:fb:8b:f9:ed:c7:c8:38:78:d4:57:61:72:
         b2:28:de:05:cf:0d:1e:19:57:13:25:41:66:a1:a5:5c:c0:13:
         8e:9f:47:d1:e7:c3:3f:d4:1a:a6:c4:6b:8d:37:90:e3:58:7b:
         dc:60:4d:1e:fe:8f:7d:fd:10:e6:a4:10:05:e3:e1:2f:2d:9b:
         fb:8c:fa:38:8e:ae:32:b3:f9:f1:c8:69:54:6d:46:96:60:3b:
         bd:4e:0a:d3:91:6e:5c:7b:91:0b:f3:b2:05:1c:3a:c5:e4:d6:
         5e:b1:0b:a2:8b:b1:9d:61:f2:d8:ad:15:fc:81:16:da:2e:27:
         d0:94:f3:f3:6b:58:e5:c3:94:e2:fa:07:6d:16:db:e5:7a:0a:
         c9:5b:df:74:da:97:8b:80:d9:a8:d5:5b:4a:a1:97:93:e8:78:
         25:7d:84:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURw5wJdBv8ZQQqzjWOtRed7YLSmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjVaFw0yNTA4MjIwODAxMjVaMDMxMTAvBgNV
BAMTKDExQUE2MDQwRTM0RDBENUQzOEI3MDRDMzg5MDQzQjk5NUZCRjkxQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFRAYt6h6UxSH1GHol0g4adgSV
r9e6wxfz+NcnqSvVvTFvF7mbOcfkYZVC62tyTB7a1H2w+JUHpZnhPWsi6iA2N3PI
0UwpAHMUw7Fu4jYXcO5nZv7QuWPcYmV/L/U3MPzYtyYIq7CkdIiQ+drf/jwlEaPg
5tnIK49rtHkoGW0eJaze8Ll/fIB//XtvP/7e5K2Ko7eAYtmMfbQQdjh/MV0e5yby
xe++T0UEUSOZkYiaynHJdXIa/hIGszmJJKLb12jpl0IzLQ4zsQYfD+wrMoXS+VDs
pdvHsDRByd3F4rAaBQvplq7Dg/HzdrIcY3iPR4MUq0EX9cIS/q+SxA4+T1p7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUEapgQONNDV04twTDiQQ7mV+/ka8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQABMA0GCSqGSIb3DQEBCwUAA4IBAQBCGIDZQ9jnulFhmqnalI6WNRaGQflADe5E
fY/8mw7hvs6S0daK30fsYzCyNau7JbjUJt84ftsz2nbDb09DmztgLxv1EtMiC+nr
W60hnNfrXHksej2T7oUpta8NDL06TFn7i/ntx8g4eNRXYXKyKN4Fzw0eGVcTJUFm
oaVcwBOOn0fR58M/1BqmxGuNN5DjWHvcYE0e/o99/RDmpBAF4+EvLZv7jPo4jq4y
s/nxyGlUbUaWYDu9TgrTkW5ce5EL87IFHDrF5NZesQuii7GdYfLYrRX8gRbaLifQ
lPPza1jlw5Ti+gdtFtvlegrJW9902peLgNmo1VtKoZeT6HglfYT+
-----END CERTIFICATE-----