Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215659.roa
File:                     AS215659.roa (raw, json)
Hash identifier:          9hAo17iNhgDK3BnGYCVXj65vqX7XtNQiuENRI3nIbaA=
Subject key identifier:   6F:70:E3:88:E7:C1:2D:4A:5B:1D:F0:10:B9:A0:EC:E6:6A:7D:F1:96
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       75A68D77F7FA9E1B60679CDD7326DBAF7875A694
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215659.roa
Signing time:             Wed 16 Oct 2024 03:04:08 +0000
ROA not before:           Wed 16 Oct 2024 02:59:08 +0000
ROA not after:            Wed 15 Oct 2025 03:04:08 +0000
asID:                     215659
IP address blocks:        2a0f:85c1:356::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:a6:8d:77:f7:fa:9e:1b:60:67:9c:dd:73:26:db:af:78:75:a6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:59:08 2024 GMT
            Not After : Oct 15 03:04:08 2025 GMT
        Subject: CN=6F70E388E7C12D4A5B1DF010B9A0ECE66A7DF196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:98:b9:47:c8:fe:5c:7f:e7:fa:4c:26:d5:1a:
                    e9:1e:45:85:51:02:5a:22:38:7a:fe:f0:25:ac:80:
                    2c:64:5e:f1:e2:fc:c4:7a:8f:d8:9a:5f:e0:cc:84:
                    73:51:ea:9a:ef:bf:c4:ea:8a:9e:0f:58:f0:a9:f9:
                    3a:74:36:85:21:51:7c:d5:af:10:84:4d:fa:3b:7d:
                    c2:99:81:fa:54:83:c3:7e:e0:0a:54:3c:d6:11:83:
                    35:1f:c0:ce:17:20:09:13:77:5c:e1:68:37:95:22:
                    51:51:f3:c8:91:6b:45:dc:13:40:22:db:2e:cc:bf:
                    9f:ba:d6:a4:73:e3:eb:b4:ea:83:60:6a:8f:f8:c6:
                    60:17:24:90:fd:1d:5e:c7:4c:be:a6:ad:f6:cb:58:
                    25:50:88:69:ba:aa:67:38:4f:7e:cc:ca:2b:2d:f2:
                    38:95:46:ff:32:6c:a0:25:52:15:3c:e3:82:d4:f4:
                    f5:28:31:b5:dd:68:70:af:0d:ca:47:c5:d6:2a:ce:
                    7b:7e:0f:88:2e:a1:c1:0d:b8:22:ce:9f:e1:03:93:
                    e3:cf:02:a9:0f:7d:ab:38:bc:46:2f:40:1c:11:0e:
                    82:50:20:df:94:94:13:1b:37:34:c5:2e:e4:da:28:
                    94:fb:07:ff:c8:ca:b3:b8:00:03:3f:5a:0c:55:96:
                    94:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:70:E3:88:E7:C1:2D:4A:5B:1D:F0:10:B9:A0:EC:E6:6A:7D:F1:96
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:356::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:8e:1f:31:69:7c:52:9b:b5:45:5b:fe:a8:90:9a:36:a7:d0:
         91:80:59:11:44:b1:22:3d:06:f3:3f:b1:e5:0c:f5:b3:4a:51:
         f2:83:37:74:e1:4a:2d:24:5c:a8:de:40:ca:10:b2:71:b5:0f:
         91:f0:63:14:a7:c2:6e:c0:68:68:4b:33:72:51:8a:b7:d7:79:
         23:10:bc:41:66:00:ce:37:af:b3:7e:54:f8:f3:03:c0:98:47:
         5b:a5:bc:2e:73:e6:ac:49:50:23:a7:71:ba:50:96:06:34:e4:
         00:7b:c6:73:e9:0a:1f:76:91:c9:4f:61:33:13:dd:bf:da:90:
         6c:b9:f4:ea:74:48:13:73:b7:a3:4b:7d:f2:b5:45:63:58:f1:
         a0:f2:d6:94:37:7c:8a:a6:ac:e0:52:f9:56:bd:11:a8:e8:8d:
         11:29:9e:99:78:df:b6:58:c6:0c:88:c6:d0:31:2b:e6:1a:f0:
         18:f6:ca:a5:64:12:64:dc:bd:06:e5:d2:0e:6c:4f:47:24:c5:
         cd:86:52:68:11:ff:b9:9e:e6:2d:32:49:ce:04:87:2e:be:c5:
         6f:75:e1:1e:9d:4c:26:3e:b4:69:e1:27:5b:62:42:20:27:39:
         83:4c:54:b8:b8:66:7c:3a:a0:68:77:2e:04:d3:a0:68:20:28:
         b2:5d:cb:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdaaNd/f6nhtgZ5zdcybbr3h1ppQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU5MDhaFw0yNTEwMTUwMzA0MDhaMDMxMTAvBgNV
BAMTKDZGNzBFMzg4RTdDMTJENEE1QjFERjAxMEI5QTBFQ0U2NkE3REYxOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcmLlHyP5cf+f6TCbVGukeRYVR
AloiOHr+8CWsgCxkXvHi/MR6j9iaX+DMhHNR6prvv8Tqip4PWPCp+Tp0NoUhUXzV
rxCETfo7fcKZgfpUg8N+4ApUPNYRgzUfwM4XIAkTd1zhaDeVIlFR88iRa0XcE0Ai
2y7Mv5+61qRz4+u06oNgao/4xmAXJJD9HV7HTL6mrfbLWCVQiGm6qmc4T37Myist
8jiVRv8ybKAlUhU844LU9PUoMbXdaHCvDcpHxdYqznt+D4guocENuCLOn+EDk+PP
AqkPfas4vEYvQBwRDoJQIN+UlBMbNzTFLuTaKJT7B//IyrO4AAM/WgxVlpRLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUb3DjiOfBLUpbHfAQuaDs5mp98ZYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNWMA0GCSqGSIb3DQEBCwUAA4IBAQDLjh8xaXxSm7VFW/6okJo2p9CRgFkRRLEi
PQbzP7HlDPWzSlHygzd04UotJFyo3kDKELJxtQ+R8GMUp8JuwGhoSzNyUYq313kj
ELxBZgDON6+zflT48wPAmEdbpbwuc+asSVAjp3G6UJYGNOQAe8Zz6QofdpHJT2Ez
E92/2pBsufTqdEgTc7ejS33ytUVjWPGg8taUN3yKpqzgUvlWvRGo6I0RKZ6ZeN+2
WMYMiMbQMSvmGvAY9sqlZBJk3L0G5dIObE9HJMXNhlJoEf+5nuYtMknOBIcuvsVv
deEenUwmPrRp4SdbYkIgJzmDTFS4uGZ8OqBody4E06BoICiyXcvM
-----END CERTIFICATE-----