Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa
File:                     AS215676.roa (raw, json)
Hash identifier:          bu5ebZ8/oCRvHUTkvaeXegGcNECH8gBy+r8AxLDdvnA=
Subject key identifier:   21:A0:44:E8:19:AA:93:83:41:C0:D7:61:27:A5:B0:EA:16:26:2C:B2
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1632C75B7573EC5932607372857C9477C6209EA5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa
Signing time:             Fri 23 Aug 2024 08:01:16 +0000
ROA not before:           Fri 23 Aug 2024 07:56:16 +0000
ROA not after:            Fri 22 Aug 2025 08:01:16 +0000
asID:                     215676
IP address blocks:        2a0f:85c1:355::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:32:c7:5b:75:73:ec:59:32:60:73:72:85:7c:94:77:c6:20:9e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:16 2024 GMT
            Not After : Aug 22 08:01:16 2025 GMT
        Subject: CN=21A044E819AA938341C0D76127A5B0EA16262CB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:b8:a5:64:c9:9e:51:90:eb:dc:1a:55:18:
                    59:d8:bf:be:b8:42:f1:67:9d:23:91:75:b2:f4:67:
                    c9:aa:6a:8c:fd:2c:0f:5f:1c:2b:31:e3:d4:80:0c:
                    63:63:0e:dc:c5:a6:19:a6:5d:fb:1e:12:2b:8a:e8:
                    8c:82:8a:4d:a3:2f:f8:38:c6:e0:f3:cb:d8:a2:7b:
                    a3:db:8f:f7:27:f1:d9:69:8d:82:51:ca:61:ce:fa:
                    8a:87:77:ee:ab:2a:c6:64:31:5e:39:82:f6:56:cd:
                    92:f2:e7:19:f1:e7:b9:5c:80:a7:80:ee:c0:07:66:
                    f0:c3:81:88:4f:bc:0c:62:b0:6e:e6:95:b6:d4:54:
                    96:a0:93:06:fa:28:df:ba:8c:c6:44:14:05:c6:3f:
                    84:c5:ec:3c:d2:df:77:a3:d8:8b:7e:9f:69:2c:bf:
                    1f:6d:d4:9f:f0:61:ea:d3:3c:93:27:b7:b1:35:1c:
                    3f:46:61:0e:82:24:fc:97:ec:f0:ac:3e:bb:98:a1:
                    c0:17:de:b9:f3:05:1e:89:f6:91:20:61:ef:38:4f:
                    58:cc:7a:d8:71:37:aa:c2:7d:01:08:c6:4b:27:25:
                    9d:95:15:c9:fc:f1:a3:a3:4e:0f:26:aa:b8:dd:1e:
                    4e:b6:ed:d9:c5:fe:23:1a:c0:f9:13:1e:4b:23:de:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A0:44:E8:19:AA:93:83:41:C0:D7:61:27:A5:B0:EA:16:26:2C:B2
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:355::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:b7:8a:71:d6:20:d5:b9:51:a3:8b:14:9d:cf:8b:64:1a:70:
         dd:b7:18:ef:39:22:83:b9:75:f2:ea:b5:d9:7e:14:27:60:3c:
         e4:8a:69:79:69:65:36:c2:dd:9d:27:de:48:7d:37:0e:2f:b2:
         41:1c:7d:2b:7e:83:f2:64:c7:2f:e3:ef:b5:36:96:51:28:0c:
         43:47:d7:ce:74:e3:e4:46:32:b0:f0:25:37:a7:93:09:02:0d:
         44:7d:be:15:76:c0:85:f9:54:54:3e:28:8b:ce:e4:40:5b:34:
         95:10:e8:5a:54:22:ae:26:b3:2c:b2:11:3d:f5:9c:e5:fb:80:
         b4:04:e4:dd:46:3a:44:2a:41:3b:d1:76:fb:88:55:a3:82:a2:
         b0:14:70:fc:29:8a:e4:67:58:8d:7c:d1:b7:83:10:20:62:7c:
         dd:27:be:ec:89:3b:b6:69:e9:07:80:39:ba:89:85:a7:79:97:
         2a:4f:c6:2d:55:07:9b:04:1b:68:4a:e6:02:9f:0c:50:2b:09:
         9b:0a:9f:b5:c5:89:a1:2e:a9:45:70:c6:a5:0a:6d:31:33:53:
         62:90:a0:1f:d9:9a:d8:96:34:1f:de:13:9c:66:2f:01:ed:ad:
         71:10:b7:7c:21:c5:0e:fc:6f:c9:c8:3f:0d:d0:0d:5e:ba:5d:
         ef:b2:6c:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFjLHW3Vz7FkyYHNyhXyUd8YgnqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTZaFw0yNTA4MjIwODAxMTZaMDMxMTAvBgNV
BAMTKDIxQTA0NEU4MTlBQTkzODM0MUMwRDc2MTI3QTVCMEVBMTYyNjJDQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcXLilZMmeUZDr3BpVGFnYv764
QvFnnSORdbL0Z8mqaoz9LA9fHCsx49SADGNjDtzFphmmXfseEiuK6IyCik2jL/g4
xuDzy9iie6Pbj/cn8dlpjYJRymHO+oqHd+6rKsZkMV45gvZWzZLy5xnx57lcgKeA
7sAHZvDDgYhPvAxisG7mlbbUVJagkwb6KN+6jMZEFAXGP4TF7DzS33ej2It+n2ks
vx9t1J/wYerTPJMnt7E1HD9GYQ6CJPyX7PCsPruYocAX3rnzBR6J9pEgYe84T1jM
ethxN6rCfQEIxksnJZ2VFcn88aOjTg8mqrjdHk627dnF/iMawPkTHksj3rbRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUIaBE6Bmqk4NBwNdhJ6Ww6hYmLLIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Njc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNVMA0GCSqGSIb3DQEBCwUAA4IBAQAet4px1iDVuVGjixSdz4tkGnDdtxjvOSKD
uXXy6rXZfhQnYDzkiml5aWU2wt2dJ95IfTcOL7JBHH0rfoPyZMcv4++1NpZRKAxD
R9fOdOPkRjKw8CU3p5MJAg1Efb4VdsCF+VRUPiiLzuRAWzSVEOhaVCKuJrMsshE9
9Zzl+4C0BOTdRjpEKkE70Xb7iFWjgqKwFHD8KYrkZ1iNfNG3gxAgYnzdJ77siTu2
aekHgDm6iYWneZcqT8YtVQebBBtoSuYCnwxQKwmbCp+1xYmhLqlFcMalCm0xM1Ni
kKAf2ZrYljQf3hOcZi8B7a1xELd8IcUO/G/JyD8N0A1eul3vsmxe
-----END CERTIFICATE-----