Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215526.roa
File:                     AS215526.roa (raw, json)
Hash identifier:          fGztYSr4IKgUDA1X/a29VaKfRzZgXhMFzNgB3sxuvhw=
Subject key identifier:   A5:AA:5F:73:AD:DB:7B:1A:7D:0E:80:09:3E:CE:32:02:8A:0A:4C:32
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       443F77299642872A67598C2F4AFE98784F37F9B8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215526.roa
Signing time:             Tue 17 Sep 2024 04:26:21 +0000
ROA not before:           Tue 17 Sep 2024 04:21:21 +0000
ROA not after:            Tue 16 Sep 2025 04:26:21 +0000
asID:                     215526
IP address blocks:        2a0f:85c1:367::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:3f:77:29:96:42:87:2a:67:59:8c:2f:4a:fe:98:78:4f:37:f9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:21:21 2024 GMT
            Not After : Sep 16 04:26:21 2025 GMT
        Subject: CN=A5AA5F73ADDB7B1A7D0E80093ECE32028A0A4C32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f1:92:0d:6b:2f:d9:98:3b:67:e9:e4:60:41:
                    e7:a0:90:94:e3:91:53:89:47:40:fe:75:0d:bd:6b:
                    d1:62:d7:49:fb:34:db:c3:a7:2c:58:fc:4a:27:75:
                    31:6e:b2:a7:7a:b4:1d:5a:5c:60:46:de:0a:d0:6b:
                    a9:6c:6b:06:ba:97:bf:f8:f4:a6:cf:a9:8f:cf:0c:
                    a6:a2:ec:54:49:67:1e:b4:c9:87:89:7e:e1:cb:9e:
                    62:76:60:60:8f:cc:af:14:3b:3f:97:30:28:b2:75:
                    3c:3e:02:67:25:b2:de:e8:0c:98:b6:e6:1c:a4:9d:
                    84:28:29:05:67:ba:a0:75:46:3a:b4:0b:56:a1:21:
                    37:e2:e2:9a:df:66:ab:ac:89:2b:8e:be:41:7b:5b:
                    8b:c0:1d:5f:9b:29:2e:87:85:54:2d:f0:b4:3f:33:
                    16:bb:0c:cb:86:24:79:90:e4:26:ba:b3:47:46:af:
                    e4:e5:0e:d5:ac:bb:19:63:1b:ea:ba:fd:88:4e:34:
                    f7:fc:54:63:e5:07:9c:48:e6:be:3f:0b:cb:7b:cc:
                    8a:a4:c7:d6:cc:30:a7:27:81:7e:e0:47:d4:53:00:
                    bb:d5:2c:fb:74:91:b8:2d:df:e1:b9:27:52:e4:da:
                    3c:5d:02:0d:05:c8:7c:77:30:3c:37:f2:e4:fe:83:
                    d3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AA:5F:73:AD:DB:7B:1A:7D:0E:80:09:3E:CE:32:02:8A:0A:4C:32
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215526.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:367::/48

    Signature Algorithm: sha256WithRSAEncryption
         dc:2a:cc:5f:ea:1f:61:94:22:d0:9c:52:c2:79:30:19:b2:e9:
         ce:7d:22:c2:95:93:6e:d1:17:83:95:74:47:65:01:b2:ec:3a:
         44:34:51:83:e5:4c:82:21:e7:45:be:3b:3c:7a:3b:aa:37:e4:
         51:7c:be:f7:bb:d5:17:43:bd:c8:d4:a3:b2:86:c0:12:9b:92:
         c9:5e:60:54:66:ca:21:b1:7a:71:c2:54:bc:32:e3:99:ab:66:
         96:3b:68:7f:6d:94:57:09:71:73:57:45:45:ec:ea:6a:ca:1b:
         89:a0:c3:b5:54:b3:b9:ab:c2:7a:c2:9a:dd:e9:c3:32:7a:82:
         ba:89:8f:26:03:43:e9:5f:9f:c7:71:c8:03:7e:46:53:17:6a:
         4d:02:73:ee:f7:0b:12:9e:f9:a0:5a:4a:09:cc:92:83:65:8f:
         e1:58:eb:5e:2f:83:b6:49:0f:a6:c2:ef:c3:fa:db:3d:d1:cd:
         a4:bf:e3:43:27:ee:51:36:03:9d:7e:74:a5:a4:03:0e:95:11:
         b1:d4:84:6a:35:0c:b7:07:5c:f1:1d:1c:07:d5:14:7b:47:fc:
         9f:09:5d:53:2f:0b:39:c8:e2:e5:fe:dd:6c:da:ec:e7:da:0c:
         3d:d3:08:38:25:28:4b:61:91:d6:69:80:94:63:bb:b8:c1:38:
         b2:f3:61:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURD93KZZChypnWYwvSv6YeE83+bgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIxMjFaFw0yNTA5MTYwNDI2MjFaMDMxMTAvBgNV
BAMTKEE1QUE1RjczQUREQjdCMUE3RDBFODAwOTNFQ0UzMjAyOEEwQTRDMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/8ZINay/ZmDtn6eRgQeegkJTj
kVOJR0D+dQ29a9Fi10n7NNvDpyxY/EondTFusqd6tB1aXGBG3grQa6lsawa6l7/4
9KbPqY/PDKai7FRJZx60yYeJfuHLnmJ2YGCPzK8UOz+XMCiydTw+Amclst7oDJi2
5hyknYQoKQVnuqB1Rjq0C1ahITfi4prfZqusiSuOvkF7W4vAHV+bKS6HhVQt8LQ/
Mxa7DMuGJHmQ5Ca6s0dGr+TlDtWsuxljG+q6/YhONPf8VGPlB5xI5r4/C8t7zIqk
x9bMMKcngX7gR9RTALvVLPt0kbgt3+G5J1Lk2jxdAg0FyHx3MDw38uT+g9PDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpapfc63bexp9DoAJPs4yAooKTDIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NTI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNnMA0GCSqGSIb3DQEBCwUAA4IBAQDcKsxf6h9hlCLQnFLCeTAZsunOfSLClZNu
0ReDlXRHZQGy7DpENFGD5UyCIedFvjs8ejuqN+RRfL73u9UXQ73I1KOyhsASm5LJ
XmBUZsohsXpxwlS8MuOZq2aWO2h/bZRXCXFzV0VF7OpqyhuJoMO1VLO5q8J6wprd
6cMyeoK6iY8mA0PpX5/HccgDfkZTF2pNAnPu9wsSnvmgWkoJzJKDZY/hWOteL4O2
SQ+mwu/D+ts90c2kv+NDJ+5RNgOdfnSlpAMOlRGx1IRqNQy3B1zxHRwH1RR7R/yf
CV1TLws5yOLl/t1s2uzn2gw90wg4JShLYZHWaYCUY7u4wTiy82GL
-----END CERTIFICATE-----