Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215379.roa
File:                     AS215379.roa (raw, json)
Hash identifier:          XmySPIX93qmq+gvjasJpTijJ+A1xGw+gUA24YxFEmiM=
Subject key identifier:   49:DE:B2:AD:F4:6A:3B:EB:66:B0:FB:E5:0B:D6:B4:F2:17:3A:00:27
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4DB4558856BF1BF4770EBC117CA7B62AFA640917
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215379.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     215379
IP address blocks:        2a0f:85c1:396::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:b4:55:88:56:bf:1b:f4:77:0e:bc:11:7c:a7:b6:2a:fa:64:09:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=49DEB2ADF46A3BEB66B0FBE50BD6B4F2173A0027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:45:43:bd:40:9e:d2:46:1c:de:5b:6f:6a:
                    1e:ad:d5:c0:e1:c9:9e:49:fd:1a:67:30:ef:da:37:
                    1d:6d:06:fc:37:a9:11:ae:81:52:cc:b1:4a:2f:c3:
                    2e:bc:d7:80:26:cd:c5:34:88:a4:4e:9e:85:79:95:
                    de:f2:7c:75:7c:52:c3:30:fb:a8:a1:1e:d3:32:df:
                    d0:58:ae:17:23:a2:f1:bc:db:66:00:05:65:7f:74:
                    ca:49:c3:c1:f0:16:04:ce:ab:23:98:d5:ea:cc:f7:
                    a2:ce:fd:02:07:25:82:1a:df:54:07:9e:c7:35:a6:
                    f0:34:fa:8a:c1:ae:e4:9d:5b:0f:49:20:18:05:38:
                    91:ad:bb:d7:77:bd:1b:48:1c:af:b0:60:67:61:eb:
                    ec:aa:e5:18:54:31:4d:4a:de:80:3c:e2:6c:7e:22:
                    ad:78:2d:08:5a:53:66:3e:08:b4:6f:06:c0:2b:a0:
                    73:79:4f:ab:fb:40:16:92:ef:8d:14:b9:92:b3:ad:
                    98:02:22:ee:b8:2d:f6:5b:a5:67:7f:c8:d5:67:74:
                    88:6c:57:0f:94:98:9b:3d:14:cb:2d:16:a1:ad:5b:
                    29:97:24:27:46:dc:45:66:c9:df:95:cb:98:dc:b9:
                    be:2e:94:45:61:70:06:80:b0:09:6e:f2:6c:a4:9a:
                    8e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:DE:B2:AD:F4:6A:3B:EB:66:B0:FB:E5:0B:D6:B4:F2:17:3A:00:27
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215379.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:396::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:fa:4d:b1:9c:bd:4b:f3:de:ab:77:ba:64:d3:fc:98:97:04:
         d5:f7:f6:f8:39:9b:1a:5c:10:e7:22:61:90:81:57:4b:c4:85:
         17:94:f5:45:d7:52:8a:16:d7:9c:d6:24:f3:d9:9f:71:d2:89:
         ce:f7:c5:bd:7a:d5:81:bd:f6:c7:94:83:f2:c6:6b:ce:29:23:
         bb:42:29:61:78:da:a4:0f:f7:ab:ee:c3:71:a4:1c:f7:73:25:
         d2:38:45:5c:2d:92:3e:68:cc:15:53:e2:ab:3d:4f:3e:17:24:
         8f:09:a7:f8:06:68:2a:37:04:f0:7f:ac:51:3e:7d:f4:03:e5:
         41:4e:dc:d2:fc:a4:52:9a:93:35:61:b9:43:28:34:bc:65:8f:
         93:67:26:66:9e:f1:79:bd:c7:37:e8:04:9f:18:5d:ec:15:cd:
         3f:49:20:66:e4:a4:de:e3:07:ff:89:92:64:2a:16:20:d6:46:
         d1:fa:e7:2d:64:3e:1a:2a:57:05:f7:b7:d9:12:9e:42:15:be:
         91:09:b5:db:96:42:0b:8f:88:aa:e5:53:57:92:9c:d4:ec:9b:
         a8:9f:89:b7:c9:21:db:ca:50:f7:9d:09:aa:77:fc:7c:f1:76:
         11:51:23:87:41:ed:e1:e8:05:9a:0b:89:e8:e9:59:d8:ff:ea:
         32:ee:14:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTbRViFa/G/R3DrwRfKe2KvpkCRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKDQ5REVCMkFERjQ2QTNCRUI2NkIwRkJFNTBCRDZCNEYyMTczQTAwMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKt0VDvUCe0kYc3ltvah6t1cDh
yZ5J/RpnMO/aNx1tBvw3qRGugVLMsUovwy6814AmzcU0iKROnoV5ld7yfHV8UsMw
+6ihHtMy39BYrhcjovG822YABWV/dMpJw8HwFgTOqyOY1erM96LO/QIHJYIa31QH
nsc1pvA0+orBruSdWw9JIBgFOJGtu9d3vRtIHK+wYGdh6+yq5RhUMU1K3oA84mx+
Iq14LQhaU2Y+CLRvBsAroHN5T6v7QBaS740UuZKzrZgCIu64LfZbpWd/yNVndIhs
Vw+UmJs9FMstFqGtWymXJCdG3EVmyd+Vy5jcub4ulEVhcAaAsAlu8mykmo63AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUSd6yrfRqO+tmsPvlC9a08hc6ACcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Mzc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOWMA0GCSqGSIb3DQEBCwUAA4IBAQAp+k2xnL1L896rd7pk0/yYlwTV9/b4OZsa
XBDnImGQgVdLxIUXlPVF11KKFtec1iTz2Z9x0onO98W9etWBvfbHlIPyxmvOKSO7
QilheNqkD/er7sNxpBz3cyXSOEVcLZI+aMwVU+KrPU8+FySPCaf4BmgqNwTwf6xR
Pn30A+VBTtzS/KRSmpM1YblDKDS8ZY+TZyZmnvF5vcc36ASfGF3sFc0/SSBm5KTe
4wf/iZJkKhYg1kbR+uctZD4aKlcF97fZEp5CFb6RCbXblkILj4iq5VNXkpzU7Juo
n4m3ySHbylD3nQmqd/x88XYRUSOHQe3h6AWaC4no6VnY/+oy7hSl
-----END CERTIFICATE-----