Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215513.roa
File:                     AS215513.roa (raw, json)
Hash identifier:          Ywa1YzRQ+zDdWS5IX5I1tBlHe1MjN0bBahUFFd9z/3I=
Subject key identifier:   F5:66:B1:87:40:D9:40:92:58:BF:68:3C:11:AB:95:AD:BB:27:08:E8
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5874D84849DFE9DC25E49B9629A8CC3CABAA86AC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215513.roa
Signing time:             Fri 23 Aug 2024 08:01:16 +0000
ROA not before:           Fri 23 Aug 2024 07:56:16 +0000
ROA not after:            Fri 22 Aug 2025 08:01:16 +0000
asID:                     215513
IP address blocks:        2a0f:85c1:36e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:74:d8:48:49:df:e9:dc:25:e4:9b:96:29:a8:cc:3c:ab:aa:86:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:16 2024 GMT
            Not After : Aug 22 08:01:16 2025 GMT
        Subject: CN=F566B18740D9409258BF683C11AB95ADBB2708E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:26:2c:2e:2b:0f:29:c3:3b:b3:cf:f8:2e:ac:
                    d2:d9:56:18:f8:e4:30:2f:cc:df:89:20:33:e1:27:
                    8a:df:80:62:a0:55:33:83:bd:63:88:18:28:6f:9c:
                    5b:c4:be:ed:49:4c:66:79:0c:12:11:39:4d:4c:1e:
                    11:47:de:85:2a:52:f5:f7:85:ea:6a:6a:24:9c:ba:
                    d3:9d:f3:90:b3:25:dc:22:54:65:0d:ea:97:55:ea:
                    f5:27:96:c6:89:c0:80:05:60:45:52:c5:0b:d0:cf:
                    f3:67:d6:80:93:63:8a:14:18:b2:53:74:e2:ed:d1:
                    cf:30:4d:20:71:f9:87:c8:4c:7c:d0:4f:d0:89:3f:
                    6d:dc:52:b6:b2:b6:3e:2b:e8:3b:8e:e1:5c:ad:45:
                    d7:82:ff:02:e2:65:82:80:57:87:ac:c9:62:f8:a1:
                    9c:a1:08:68:62:d6:61:a4:2c:12:60:e7:72:12:41:
                    fc:9c:33:12:25:fa:7b:08:d9:af:1b:5c:d0:22:f2:
                    10:24:4e:c2:9d:b4:0a:41:ae:7e:be:4e:d2:b5:1f:
                    09:64:0f:c8:1a:fb:f5:65:a0:a7:ec:c5:00:f7:08:
                    5d:e8:6d:40:48:8c:9f:9e:30:0a:3b:cd:7f:0a:15:
                    d6:2c:34:42:9e:2b:a5:bd:91:ce:01:7a:52:54:10:
                    9e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:66:B1:87:40:D9:40:92:58:BF:68:3C:11:AB:95:AD:BB:27:08:E8
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215513.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:36e::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:02:f0:2f:d3:e0:29:9a:20:d4:34:a6:d5:19:34:fc:70:ac:
         a4:26:e2:dd:9f:30:b3:b4:af:7f:bf:e8:c4:6c:5d:77:87:2f:
         46:ee:27:04:79:c2:7b:4b:46:c1:12:43:08:1b:af:29:db:ea:
         bb:83:70:a8:dc:08:ca:95:c1:ec:21:9f:02:dc:a7:2c:b3:57:
         50:7f:5c:a9:27:2c:27:89:87:fa:96:37:e0:89:a2:93:c1:96:
         95:aa:03:00:98:4c:c9:2d:df:6a:19:e7:b7:d3:6f:d4:8d:45:
         21:b4:f4:1d:57:01:26:3d:0a:b5:b6:82:a5:fb:05:50:04:8c:
         06:70:56:08:32:85:4e:b2:4f:1c:49:9a:28:f0:89:1f:da:47:
         d2:09:5d:82:d2:ab:db:7f:83:03:ea:5a:64:25:7d:a0:b5:42:
         3f:83:59:cb:87:c6:15:96:da:7b:b1:06:f4:e9:33:93:71:a7:
         dc:71:e3:77:f2:d1:e0:f2:3b:50:44:7c:02:76:3f:db:49:a0:
         ec:4f:7c:ab:26:9e:29:34:99:91:26:7e:94:11:d6:9c:da:32:
         b9:e9:8a:d3:d2:02:9b:18:6f:ad:68:d8:dc:05:da:22:12:86:
         91:e9:b3:c3:38:6a:8e:f7:15:e5:1a:76:6e:ab:76:a9:6f:78:
         6e:42:f7:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWHTYSEnf6dwl5JuWKajMPKuqhqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTZaFw0yNTA4MjIwODAxMTZaMDMxMTAvBgNV
BAMTKEY1NjZCMTg3NDBEOTQwOTI1OEJGNjgzQzExQUI5NUFEQkIyNzA4RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJiwuKw8pwzuzz/gurNLZVhj4
5DAvzN+JIDPhJ4rfgGKgVTODvWOIGChvnFvEvu1JTGZ5DBIROU1MHhFH3oUqUvX3
hepqaiScutOd85CzJdwiVGUN6pdV6vUnlsaJwIAFYEVSxQvQz/Nn1oCTY4oUGLJT
dOLt0c8wTSBx+YfITHzQT9CJP23cUraytj4r6DuO4VytRdeC/wLiZYKAV4esyWL4
oZyhCGhi1mGkLBJg53ISQfycMxIl+nsI2a8bXNAi8hAkTsKdtApBrn6+TtK1Hwlk
D8ga+/VloKfsxQD3CF3obUBIjJ+eMAo7zX8KFdYsNEKeK6W9kc4BelJUEJ5dAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9Waxh0DZQJJYv2g8EauVrbsnCOgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNuMA0GCSqGSIb3DQEBCwUAA4IBAQCPAvAv0+ApmiDUNKbVGTT8cKykJuLdnzCz
tK9/v+jEbF13hy9G7icEecJ7S0bBEkMIG68p2+q7g3Co3AjKlcHsIZ8C3Kcss1dQ
f1ypJywniYf6ljfgiaKTwZaVqgMAmEzJLd9qGee302/UjUUhtPQdVwEmPQq1toKl
+wVQBIwGcFYIMoVOsk8cSZoo8Ikf2kfSCV2C0qvbf4MD6lpkJX2gtUI/g1nLh8YV
ltp7sQb06TOTcafcceN38tHg8jtQRHwCdj/bSaDsT3yrJp4pNJmRJn6UEdac2jK5
6YrT0gKbGG+taNjcBdoiEoaR6bPDOGqO9xXlGnZuq3apb3huQvep
-----END CERTIFICATE-----