Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa
File:                     AS215382.roa (raw, json)
Hash identifier:          YiL6ZTNtmevBKcQnGnaYHAr7/jbaT0CVQ9WW0PoE61c=
Subject key identifier:   2A:BE:51:F7:0B:24:C3:FD:61:57:0A:C1:73:A8:7F:D8:F1:BC:6C:32
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       12AD86E70993AAB4560DD30BDD3754D1C30B5ABA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa
Signing time:             Fri 23 Aug 2024 08:01:25 +0000
ROA not before:           Fri 23 Aug 2024 07:56:25 +0000
ROA not after:            Fri 22 Aug 2025 08:01:25 +0000
asID:                     215382
IP address blocks:        2a0f:85c1:395::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ad:86:e7:09:93:aa:b4:56:0d:d3:0b:dd:37:54:d1:c3:0b:5a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:25 2024 GMT
            Not After : Aug 22 08:01:25 2025 GMT
        Subject: CN=2ABE51F70B24C3FD61570AC173A87FD8F1BC6C32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:28:fe:7e:ad:c9:cc:4e:e7:e7:17:a1:20:1f:
                    5e:74:d5:fe:4b:5b:f4:8f:fb:82:f0:f4:fc:b7:12:
                    58:23:e4:f5:88:7c:06:49:05:05:c4:32:6e:e2:cf:
                    42:03:1b:7b:f0:87:d0:d0:2e:24:5a:1a:5b:2b:af:
                    e3:77:41:6f:e2:51:7c:fc:b1:17:33:4c:a7:ec:24:
                    2a:46:24:6d:df:7b:0b:46:97:34:61:21:14:e7:79:
                    b9:d4:a5:7c:28:51:04:da:b1:f3:7b:6e:e5:4e:54:
                    0d:c0:3c:7e:5a:c1:2a:f0:63:0a:ff:e8:53:f0:84:
                    79:64:69:27:5b:94:58:db:37:f2:24:22:a5:4b:04:
                    0e:ea:5d:d0:ed:1f:cf:fc:36:c9:da:1e:43:48:70:
                    ce:8b:c4:88:95:72:32:8c:85:d3:60:87:e9:a7:25:
                    e8:7e:38:70:68:be:8c:9e:cb:88:97:98:66:10:22:
                    90:b1:cc:14:f4:ef:70:67:40:a8:36:64:94:d4:0b:
                    53:a0:94:5a:56:d9:5f:7b:e8:58:5d:bb:93:f7:2c:
                    b3:5f:d4:20:99:35:b2:54:e8:b4:52:d2:fa:58:7b:
                    ef:5f:b5:ed:d8:57:f9:7a:93:77:af:a3:eb:56:a7:
                    4e:bc:00:85:03:5f:99:60:0a:73:e4:0a:9d:d0:50:
                    f8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BE:51:F7:0B:24:C3:FD:61:57:0A:C1:73:A8:7F:D8:F1:BC:6C:32
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:395::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:53:94:d1:3d:f1:b4:fa:75:a8:d8:8a:98:6b:15:14:74:26:
         d3:4e:a0:4d:2e:ec:7a:4c:2b:2e:92:48:2b:05:8c:10:9b:68:
         6b:53:57:ad:eb:b2:ab:07:ff:d5:1e:24:aa:ea:37:ce:ad:30:
         32:9c:18:bb:12:29:a7:58:cb:43:5f:cc:80:ca:7e:ca:7d:4a:
         e9:14:3d:59:a3:fa:af:97:f0:da:3e:06:50:8a:a4:b3:d8:21:
         0c:0a:99:fd:64:e4:7b:fa:cb:59:cc:4e:67:93:cb:59:9d:2a:
         b7:d6:df:c9:88:97:6e:85:a8:99:cf:38:1f:36:00:9b:b4:8d:
         b1:e0:85:e8:7f:20:75:15:07:78:02:2e:d0:ee:a6:a4:3e:f6:
         38:c0:c0:45:22:2c:10:4f:b8:65:29:b9:a1:6b:dc:24:3a:47:
         43:35:36:9a:b2:eb:f5:ac:d5:32:9e:f6:dd:97:dc:b3:d0:04:
         cc:97:9d:82:38:2c:5e:1f:1a:e1:b0:0c:cd:57:34:2d:05:28:
         8e:c2:3d:45:de:d7:b5:9f:2e:f1:bf:6a:c7:a9:c0:da:b8:f4:
         d2:2e:f7:4d:0e:01:00:02:97:18:06:0b:93:c0:e0:ea:ac:54:
         e9:0a:93:b0:a8:6c:fe:98:8a:e4:84:a9:a6:bf:4b:9b:9c:95:
         c9:31:58:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEq2G5wmTqrRWDdML3TdU0cMLWrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjVaFw0yNTA4MjIwODAxMjVaMDMxMTAvBgNV
BAMTKDJBQkU1MUY3MEIyNEMzRkQ2MTU3MEFDMTczQTg3RkQ4RjFCQzZDMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeKP5+rcnMTufnF6EgH1501f5L
W/SP+4Lw9Py3Elgj5PWIfAZJBQXEMm7iz0IDG3vwh9DQLiRaGlsrr+N3QW/iUXz8
sRczTKfsJCpGJG3fewtGlzRhIRTnebnUpXwoUQTasfN7buVOVA3APH5awSrwYwr/
6FPwhHlkaSdblFjbN/IkIqVLBA7qXdDtH8/8NsnaHkNIcM6LxIiVcjKMhdNgh+mn
Jeh+OHBovoyey4iXmGYQIpCxzBT073BnQKg2ZJTUC1OglFpW2V976Fhdu5P3LLNf
1CCZNbJU6LRS0vpYe+9fte3YV/l6k3evo+tWp068AIUDX5lgCnPkCp3QUPgPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUKr5R9wskw/1hVwrBc6h/2PG8bDIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MzgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOVMA0GCSqGSIb3DQEBCwUAA4IBAQCwU5TRPfG0+nWo2IqYaxUUdCbTTqBNLux6
TCsukkgrBYwQm2hrU1et67KrB//VHiSq6jfOrTAynBi7EimnWMtDX8yAyn7KfUrp
FD1Zo/qvl/DaPgZQiqSz2CEMCpn9ZOR7+stZzE5nk8tZnSq31t/JiJduhaiZzzgf
NgCbtI2x4IXofyB1FQd4Ai7Q7qakPvY4wMBFIiwQT7hlKbmha9wkOkdDNTaasuv1
rNUynvbdl9yz0ATMl52COCxeHxrhsAzNVzQtBSiOwj1F3te1ny7xv2rHqcDauPTS
LvdNDgEAApcYBguTwODqrFTpCpOwqGz+mIrkhKmmv0ubnJXJMVih
-----END CERTIFICATE-----