Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa
File:                     AS215470.roa (raw, json)
Hash identifier:          8Jxyvoa95e7MFJ9DZFY+BOIJbk6C9pfOSIOrrxMaDqw=
Subject key identifier:   3D:4B:39:48:8A:D1:3A:E5:61:76:5F:2B:6E:3C:95:CA:39:D5:9B:28
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       18C13972A0A542EDC4542F56253914CAEACCE3C5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa
Signing time:             Fri 23 Aug 2024 08:01:22 +0000
ROA not before:           Fri 23 Aug 2024 07:56:22 +0000
ROA not after:            Fri 22 Aug 2025 08:01:22 +0000
asID:                     215470
IP address blocks:        2a0f:85c1:390::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c1:39:72:a0:a5:42:ed:c4:54:2f:56:25:39:14:ca:ea:cc:e3:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:22 2024 GMT
            Not After : Aug 22 08:01:22 2025 GMT
        Subject: CN=3D4B39488AD13AE561765F2B6E3C95CA39D59B28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:97:8c:8d:66:f7:18:b6:c6:1b:4a:83:b0:3a:
                    d0:4f:10:97:3b:e2:3d:57:22:11:ba:3d:1b:f5:94:
                    a2:ed:2b:65:1a:eb:a1:0f:f7:30:bf:6c:2f:4d:a8:
                    15:ac:a7:4d:4b:dd:8d:98:d6:d6:2e:1e:0e:f7:23:
                    11:9e:77:d0:e1:e0:10:b6:01:91:51:6f:63:3e:89:
                    e5:0f:1e:46:1a:ae:e4:09:11:16:aa:1c:fb:d4:65:
                    11:d0:ca:2f:aa:26:3a:8b:51:1d:d2:61:e5:e7:b5:
                    ce:86:dd:ee:40:27:3b:46:b3:18:08:7b:a1:0c:0e:
                    7c:1b:73:c3:c0:bc:b7:42:3d:a7:97:33:93:89:0d:
                    51:ae:e4:01:c3:54:00:bb:f7:e1:e7:99:8b:62:c3:
                    81:56:69:5a:ec:5b:cc:40:98:2c:d1:81:91:e9:50:
                    42:80:87:1a:4f:0c:60:6e:12:07:d1:18:61:eb:67:
                    21:94:4b:b2:77:c8:a6:3c:ea:c3:b9:ca:00:16:2e:
                    e8:74:da:9e:9a:e4:53:25:18:5c:5b:f5:43:9c:d7:
                    96:ca:fc:d9:67:fd:56:23:3e:54:bb:71:99:f1:92:
                    1b:04:04:ac:7a:59:ec:c4:62:da:8b:d8:68:73:1d:
                    5c:d6:41:6f:c7:d3:36:c0:41:cf:fb:9a:3d:fe:c4:
                    e3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4B:39:48:8A:D1:3A:E5:61:76:5F:2B:6E:3C:95:CA:39:D5:9B:28
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:390::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:d8:5b:0d:23:08:f9:8a:4f:02:50:f0:f3:38:20:88:f7:e1:
         ea:0f:a2:cd:f2:38:72:29:44:8c:f1:ca:c6:81:cd:d9:9b:d1:
         7b:ce:f7:66:10:24:ad:ec:40:50:5b:61:18:a6:f1:46:18:31:
         13:71:12:ce:16:af:b3:f2:07:ad:37:37:eb:09:f8:51:4a:05:
         d9:8e:2d:6a:57:e3:c8:ea:72:5a:74:db:0a:fd:7a:90:dc:2d:
         91:7f:66:f5:ce:5a:36:e9:c5:38:29:76:69:33:db:fc:a1:12:
         fc:92:9d:83:a1:25:54:46:8e:17:ed:5f:e4:f9:7f:7b:ac:21:
         45:19:45:9d:47:b7:06:53:67:0b:17:1c:d4:dc:c7:a5:df:c3:
         00:8d:6b:b8:5e:bb:a9:dd:78:d1:1c:ce:49:b9:19:6a:66:ba:
         4c:bd:0f:6b:e4:ba:be:e2:0d:37:56:f2:ab:9e:61:64:53:8c:
         bb:55:c4:9b:fa:5a:d7:f6:37:b6:e5:b6:a0:ad:0c:4a:cf:d3:
         e3:ae:71:53:6d:08:1f:a8:c0:e6:99:34:8f:8c:4d:01:88:d8:
         61:31:99:79:68:bd:ec:ca:ad:5c:46:bb:f6:e1:6d:39:3e:2d:
         ec:7e:6d:04:19:82:f4:77:0e:ad:2b:c4:7a:c3:ac:2d:d9:89:
         f0:b6:e1:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGME5cqClQu3EVC9WJTkUyurM48UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjJaFw0yNTA4MjIwODAxMjJaMDMxMTAvBgNV
BAMTKDNENEIzOTQ4OEFEMTNBRTU2MTc2NUYyQjZFM0M5NUNBMzlENTlCMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4l4yNZvcYtsYbSoOwOtBPEJc7
4j1XIhG6PRv1lKLtK2Ua66EP9zC/bC9NqBWsp01L3Y2Y1tYuHg73IxGed9Dh4BC2
AZFRb2M+ieUPHkYaruQJERaqHPvUZRHQyi+qJjqLUR3SYeXntc6G3e5AJztGsxgI
e6EMDnwbc8PAvLdCPaeXM5OJDVGu5AHDVAC79+HnmYtiw4FWaVrsW8xAmCzRgZHp
UEKAhxpPDGBuEgfRGGHrZyGUS7J3yKY86sO5ygAWLuh02p6a5FMlGFxb9UOc15bK
/Nln/VYjPlS7cZnxkhsEBKx6WezEYtqL2GhzHVzWQW/H0zbAQc/7mj3+xOOZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPUs5SIrROuVhdl8rbjyVyjnVmygwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOQMA0GCSqGSIb3DQEBCwUAA4IBAQBd2FsNIwj5ik8CUPDzOCCI9+HqD6LN8jhy
KUSM8crGgc3Zm9F7zvdmECSt7EBQW2EYpvFGGDETcRLOFq+z8getNzfrCfhRSgXZ
ji1qV+PI6nJadNsK/XqQ3C2Rf2b1zlo26cU4KXZpM9v8oRL8kp2DoSVURo4X7V/k
+X97rCFFGUWdR7cGU2cLFxzU3Mel38MAjWu4Xrup3XjRHM5JuRlqZrpMvQ9r5Lq+
4g03VvKrnmFkU4y7VcSb+lrX9je25bagrQxKz9PjrnFTbQgfqMDmmTSPjE0BiNhh
MZl5aL3syq1cRrv24W05Pi3sfm0EGYL0dw6tK8R6w6wt2YnwtuGI
-----END CERTIFICATE-----