Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa
File:                     AS215470.roa (raw, json)
Hash identifier:          n5kdnf7vbNKsGexk0Y8r6bKiWqILUbpLHTLgeT2bwuo=
Subject key identifier:   87:36:0B:93:5A:B8:4A:47:31:D9:67:33:87:18:15:EC:55:CE:FB:0D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1586F2D037534D082C81C01B2CDA1ABAC8EA7854
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa
Signing time:             Wed 16 Oct 2024 03:02:54 +0000
ROA not before:           Wed 16 Oct 2024 02:57:54 +0000
ROA not after:            Wed 15 Oct 2025 03:02:54 +0000
asID:                     215470
IP address blocks:        2a0f:85c1:390::/48 maxlen: 48
                          2a0f:85c1:8b7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:86:f2:d0:37:53:4d:08:2c:81:c0:1b:2c:da:1a:ba:c8:ea:78:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:57:54 2024 GMT
            Not After : Oct 15 03:02:54 2025 GMT
        Subject: CN=87360B935AB84A4731D96733871815EC55CEFB0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cf:4b:38:14:7e:43:da:e0:bf:9c:62:53:00:
                    02:98:77:cd:04:a9:bf:8f:86:1f:7c:c1:74:c0:f7:
                    86:27:43:cd:0e:91:ef:c4:d1:39:c9:e0:b3:ca:56:
                    65:06:23:3e:0e:82:60:72:e9:a6:99:ef:f3:47:e5:
                    54:9b:e2:f1:4b:70:0e:63:43:6a:5f:b2:4a:a1:1e:
                    93:9d:75:5d:88:41:7c:bc:fe:65:1e:15:5e:f1:96:
                    be:fa:01:99:06:8e:f4:b2:69:c4:ee:23:bb:07:a0:
                    03:33:43:d3:5d:8f:5f:2c:9b:24:20:cb:17:96:18:
                    a9:31:1a:e0:d6:4c:c5:28:e9:e3:27:3f:12:76:a3:
                    66:e2:53:bc:99:cc:f4:99:e7:e5:f4:a4:e8:ef:af:
                    7c:e5:05:a7:45:e5:99:2b:21:88:bc:37:ee:fc:e7:
                    07:73:13:88:46:30:19:86:c1:39:11:0f:16:7c:0f:
                    01:80:4e:20:6b:b0:bc:10:12:15:5b:88:41:00:f6:
                    cf:d3:f3:a0:92:08:77:c7:14:3f:5c:03:4a:6d:a9:
                    c1:ec:85:8a:14:09:3f:e3:ad:6d:75:f0:20:ec:1d:
                    21:fe:93:72:1e:07:b8:31:1a:ca:77:3f:f0:b7:fd:
                    71:71:e9:83:8b:8b:9f:fd:5f:03:83:4b:fe:a8:7b:
                    8b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:36:0B:93:5A:B8:4A:47:31:D9:67:33:87:18:15:EC:55:CE:FB:0D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:390::/48
                  2a0f:85c1:8b7::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:56:80:ed:25:16:e5:e5:85:45:bf:08:70:98:a3:89:52:3a:
         37:9e:20:19:da:4c:42:75:27:59:05:32:08:3e:81:e9:b0:71:
         8d:d6:17:b0:be:ed:82:fb:ac:9d:b8:0e:28:23:4b:69:b9:f7:
         6b:3d:03:66:b9:ad:d9:cf:d5:4c:f4:09:d6:e7:ca:05:91:a4:
         fd:89:18:07:03:73:94:fc:bf:53:42:0f:3b:f1:e6:35:56:4e:
         83:c8:f1:e9:e9:05:d6:fa:13:37:c5:6c:cc:a5:f7:0d:fd:e7:
         fb:14:e7:97:f7:ae:b9:61:9a:24:7e:c2:78:d4:d2:21:aa:eb:
         e2:c2:77:00:e7:48:19:0a:dd:b2:d5:71:66:eb:0e:1c:10:05:
         04:09:44:85:d0:63:99:33:ae:8b:07:f3:4a:bd:11:ee:97:ee:
         b3:d1:91:d4:df:0d:fe:2b:ca:ae:87:e1:e0:20:65:b7:d2:35:
         10:e0:96:38:67:7a:e9:13:c5:38:86:f2:28:f5:0e:e0:6f:e8:
         d0:72:15:c5:cf:62:96:f6:4f:97:b6:78:83:6b:ff:e2:18:c4:
         16:1f:4f:ec:4f:85:ec:8c:6a:d7:ec:b0:82:27:9f:f7:06:33:
         c8:57:1a:d7:2f:3b:81:bd:5e:52:ec:58:9e:3a:b5:ec:8c:cf:
         40:29:01:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUFYby0DdTTQgsgcAbLNoausjqeFQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU3NTRaFw0yNTEwMTUwMzAyNTRaMDMxMTAvBgNV
BAMTKDg3MzYwQjkzNUFCODRBNDczMUQ5NjczMzg3MTgxNUVDNTVDRUZCMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzz0s4FH5D2uC/nGJTAAKYd80E
qb+Phh98wXTA94YnQ80Oke/E0TnJ4LPKVmUGIz4OgmBy6aaZ7/NH5VSb4vFLcA5j
Q2pfskqhHpOddV2IQXy8/mUeFV7xlr76AZkGjvSyacTuI7sHoAMzQ9Ndj18smyQg
yxeWGKkxGuDWTMUo6eMnPxJ2o2biU7yZzPSZ5+X0pOjvr3zlBadF5ZkrIYi8N+78
5wdzE4hGMBmGwTkRDxZ8DwGATiBrsLwQEhVbiEEA9s/T86CSCHfHFD9cA0ptqcHs
hYoUCT/jrW118CDsHSH+k3IeB7gxGsp3P/C3/XFx6YOLi5/9XwODS/6oe4tzAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUhzYLk1q4Skcx2WczhxgV7FXO+w0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQOQAwcAKg+FwQi3MA0GCSqGSIb3DQEBCwUAA4IBAQBKVoDtJRbl5YVFvwhwmKOJ
Ujo3niAZ2kxCdSdZBTIIPoHpsHGN1hewvu2C+6yduA4oI0tpufdrPQNmua3Zz9VM
9AnW58oFkaT9iRgHA3OU/L9TQg878eY1Vk6DyPHp6QXW+hM3xWzMpfcN/ef7FOeX
9665YZokfsJ41NIhquviwncA50gZCt2y1XFm6w4cEAUECUSF0GOZM66LB/NKvRHu
l+6z0ZHU3w3+K8quh+HgIGW30jUQ4JY4Z3rpE8U4hvIo9Q7gb+jQchXFz2KW9k+X
tniDa//iGMQWH0/sT4XsjGrX7LCCJ5/3BjPIVxrXLzuBvV5S7FieOrXsjM9AKQHl
-----END CERTIFICATE-----