Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215520.roa
File:                     AS215520.roa (raw, json)
Hash identifier:          sl3Cb5M14UQi+jx7IE17v3ykov4ShGzoBcho4NYxXew=
Subject key identifier:   A0:0A:FE:83:B0:F2:20:69:7B:63:38:AD:38:E2:6B:7D:95:C3:E7:BC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       43274FA40D2AA0B268891AB466CEFE8AE386E873
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215520.roa
Signing time:             Fri 23 Aug 2024 08:01:26 +0000
ROA not before:           Fri 23 Aug 2024 07:56:26 +0000
ROA not after:            Fri 22 Aug 2025 08:01:26 +0000
asID:                     215520
IP address blocks:        2a0f:85c1:368::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:27:4f:a4:0d:2a:a0:b2:68:89:1a:b4:66:ce:fe:8a:e3:86:e8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:26 2024 GMT
            Not After : Aug 22 08:01:26 2025 GMT
        Subject: CN=A00AFE83B0F220697B6338AD38E26B7D95C3E7BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6f:5b:a1:96:b1:32:f9:41:c2:60:02:7c:65:
                    25:ac:b9:44:47:66:7c:71:87:3e:79:5d:4d:73:56:
                    1b:40:bb:6d:14:c6:9e:e9:5d:1f:60:f9:5d:b2:d6:
                    24:46:37:ec:e7:34:79:43:11:fb:c5:10:13:df:2c:
                    a0:2a:88:12:fd:7f:50:39:b4:63:a0:4d:dc:7e:71:
                    ad:bb:f1:bf:b8:fe:15:46:43:41:81:c5:54:9e:04:
                    7c:f3:d6:42:da:e5:84:7a:16:57:9b:44:22:94:53:
                    e9:14:62:a4:08:f4:b0:ac:72:bf:b4:8a:7e:91:cb:
                    8a:dd:06:1f:c6:fb:80:e4:a8:38:46:ac:e0:d4:ec:
                    ab:f1:29:bd:2f:42:8a:57:11:0b:43:ca:d9:d1:6a:
                    89:ce:ba:70:dc:13:ff:b5:c0:b7:f9:14:4c:f1:4a:
                    47:59:23:29:48:62:70:89:b2:69:b9:08:a3:bf:59:
                    4a:22:cd:b0:ff:81:24:40:38:f2:e5:78:0a:c8:f3:
                    2c:05:eb:0b:d8:24:98:22:71:8b:42:67:8c:81:de:
                    1f:6e:9e:a1:82:4c:d1:bb:b5:a9:1b:0f:3e:44:30:
                    d6:a7:10:37:e3:eb:22:09:8a:72:b5:be:df:01:cd:
                    e0:b4:f3:6f:4d:32:22:18:e9:e8:44:e4:a1:b9:9e:
                    85:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:0A:FE:83:B0:F2:20:69:7B:63:38:AD:38:E2:6B:7D:95:C3:E7:BC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215520.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:368::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:ac:52:87:60:29:65:fc:ab:4f:17:86:12:5b:ab:46:a0:b1:
         4a:cf:8c:92:c5:35:a8:5c:0f:20:c3:ca:13:d7:06:b0:03:ae:
         e9:44:89:03:6e:e3:2c:59:62:15:40:0a:84:cd:35:5c:37:aa:
         2e:b0:7d:c5:72:43:d0:ed:e7:17:cc:14:d1:1f:03:b9:bd:0d:
         13:c0:35:2b:fa:22:fb:47:25:b3:9b:bc:94:2c:7b:e6:3b:20:
         cf:d3:d8:76:1d:e2:32:81:5a:7a:62:e4:93:e1:b1:fd:fe:db:
         1d:1c:ce:2b:07:f9:ee:93:6e:29:2b:2e:f8:fc:2f:43:7c:6f:
         da:fb:bf:16:56:71:86:86:c0:56:10:3b:8a:d7:51:0d:f2:28:
         a1:a2:f1:1d:87:31:64:43:98:44:6f:bf:67:7f:46:dd:09:d6:
         f5:de:8f:5a:5f:74:9a:fb:95:c9:ce:3c:80:73:c0:19:a9:1b:
         65:b5:3a:38:6d:69:2f:32:40:a9:e3:54:b3:42:1a:81:83:f2:
         30:32:cd:29:45:f8:07:a4:00:77:69:a1:59:2d:82:6a:67:da:
         34:81:74:de:ef:99:3c:97:ed:d0:43:2e:ee:95:32:cf:42:4f:
         02:26:af:53:ed:29:33:a7:17:a9:9b:b3:81:83:ea:63:9e:9c:
         cf:ed:9b:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQydPpA0qoLJoiRq0Zs7+iuOG6HMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjZaFw0yNTA4MjIwODAxMjZaMDMxMTAvBgNV
BAMTKEEwMEFGRTgzQjBGMjIwNjk3QjYzMzhBRDM4RTI2QjdEOTVDM0U3QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4b1uhlrEy+UHCYAJ8ZSWsuURH
Znxxhz55XU1zVhtAu20Uxp7pXR9g+V2y1iRGN+znNHlDEfvFEBPfLKAqiBL9f1A5
tGOgTdx+ca278b+4/hVGQ0GBxVSeBHzz1kLa5YR6FlebRCKUU+kUYqQI9LCscr+0
in6Ry4rdBh/G+4DkqDhGrODU7KvxKb0vQopXEQtDytnRaonOunDcE/+1wLf5FEzx
SkdZIylIYnCJsmm5CKO/WUoizbD/gSRAOPLleArI8ywF6wvYJJgicYtCZ4yB3h9u
nqGCTNG7takbDz5EMNanEDfj6yIJinK1vt8BzeC0829NMiIY6ehE5KG5noWHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUoAr+g7DyIGl7YzitOOJrfZXD57wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNoMA0GCSqGSIb3DQEBCwUAA4IBAQBOrFKHYCll/KtPF4YSW6tGoLFKz4ySxTWo
XA8gw8oT1wawA67pRIkDbuMsWWIVQAqEzTVcN6ousH3FckPQ7ecXzBTRHwO5vQ0T
wDUr+iL7RyWzm7yULHvmOyDP09h2HeIygVp6YuST4bH9/tsdHM4rB/nuk24pKy74
/C9DfG/a+78WVnGGhsBWEDuK11EN8iihovEdhzFkQ5hEb79nf0bdCdb13o9aX3Sa
+5XJzjyAc8AZqRtltTo4bWkvMkCp41SzQhqBg/IwMs0pRfgHpAB3aaFZLYJqZ9o0
gXTe75k8l+3QQy7ulTLPQk8CJq9T7Skzpxepm7OBg+pjnpzP7Ztp
-----END CERTIFICATE-----