Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215743.roa
File:                     AS215743.roa (raw, json)
Hash identifier:          PTjnrNiv9uhBfxaB3ZvsaAuv68p5V2HrAWGKte/w9rE=
Subject key identifier:   C5:CA:1F:F8:E9:A6:2C:3D:EC:09:AD:4A:C3:A3:E4:F3:88:CD:80:8F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1A515A0CF148CF698639FDB405D0B41608D15F61
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215743.roa
Signing time:             Fri 23 Aug 2024 08:01:23 +0000
ROA not before:           Fri 23 Aug 2024 07:56:23 +0000
ROA not after:            Fri 22 Aug 2025 08:01:23 +0000
asID:                     215743
IP address blocks:        2a0f:85c1:347::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:51:5a:0c:f1:48:cf:69:86:39:fd:b4:05:d0:b4:16:08:d1:5f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:23 2024 GMT
            Not After : Aug 22 08:01:23 2025 GMT
        Subject: CN=C5CA1FF8E9A62C3DEC09AD4AC3A3E4F388CD808F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bf:cf:de:d7:d3:12:57:a8:ae:c2:41:de:3a:
                    3b:1b:62:82:c2:0a:5d:e1:bc:9a:f8:f8:dd:05:91:
                    16:0d:10:99:b1:ab:73:d4:a7:ee:93:f0:c4:5a:26:
                    97:8a:a4:a4:90:be:72:36:42:3d:c2:b4:0a:7c:c4:
                    19:21:06:ff:de:66:15:26:2b:e3:9e:48:b8:ee:51:
                    a1:ec:69:fe:62:a4:dd:a8:78:e4:d3:1a:31:46:77:
                    3c:66:8c:ff:99:03:63:30:4c:f7:e4:40:de:df:82:
                    0b:40:09:ba:46:38:bf:a3:e2:d3:84:e1:dd:30:95:
                    57:bc:94:d3:f0:20:cc:6c:89:bf:3e:f0:2c:6a:5d:
                    b0:55:56:62:79:d2:eb:96:05:f4:da:64:64:8f:c8:
                    36:ed:d5:4a:d7:49:c2:d1:3f:8d:41:63:ad:c7:ed:
                    02:8b:dc:85:96:bf:f2:94:e3:36:30:56:79:12:6b:
                    38:76:1f:f4:11:0a:e8:aa:34:db:4f:f8:7d:df:75:
                    5e:52:e7:72:a9:d9:45:6e:08:2c:b0:dc:d9:34:fc:
                    92:6d:32:f0:45:92:0d:e7:ab:0a:c8:ee:71:7b:1d:
                    91:ee:29:46:3c:e5:4a:5b:01:82:18:7e:7f:21:af:
                    b5:20:cb:d7:14:1a:2c:3b:fd:77:3a:59:ef:6b:9a:
                    7a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CA:1F:F8:E9:A6:2C:3D:EC:09:AD:4A:C3:A3:E4:F3:88:CD:80:8F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215743.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:347::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:dd:55:e7:84:09:83:99:73:8c:f1:de:d2:e4:5b:25:8b:3a:
         bb:3a:d0:95:eb:4e:f6:83:e3:fc:60:a0:85:40:3e:33:03:91:
         3d:e8:5d:90:ec:1b:c9:29:7a:74:12:c4:f7:99:13:1b:9b:1b:
         dc:b7:d5:1b:39:cc:9d:b1:c0:cb:c7:4f:52:bf:84:44:70:fb:
         da:94:5e:26:b7:bd:d6:8f:d7:2b:5b:b3:f7:2d:7a:91:29:72:
         9a:15:5f:af:14:eb:01:82:dc:f4:fe:a0:c4:d1:f3:c2:c4:27:
         0e:87:2c:51:3e:12:e6:52:31:aa:e8:f5:d9:15:ca:cc:62:7c:
         5b:a0:e0:eb:8f:21:2f:ab:6f:04:af:17:dc:3b:51:b7:ac:1e:
         22:83:a1:70:92:90:5c:dd:48:35:25:b7:35:6b:b9:72:9f:18:
         47:1c:c1:94:99:12:99:83:9a:a2:b1:33:49:21:2a:c4:df:07:
         f7:88:b4:57:0a:7a:26:fd:94:3c:08:3c:af:d5:40:03:ab:17:
         11:5f:74:fb:e4:a4:e8:33:b6:e8:77:ea:53:71:25:b6:28:de:
         5f:31:1c:ec:5e:36:4a:6f:ed:82:6f:1c:4b:37:8a:f0:82:d8:
         ce:83:89:89:8f:64:e4:9a:e7:f7:cb:31:ad:70:60:83:a6:78:
         e3:59:39:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGlFaDPFIz2mGOf20BdC0FgjRX2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjNaFw0yNTA4MjIwODAxMjNaMDMxMTAvBgNV
BAMTKEM1Q0ExRkY4RTlBNjJDM0RFQzA5QUQ0QUMzQTNFNEYzODhDRDgwOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlv8/e19MSV6iuwkHeOjsbYoLC
Cl3hvJr4+N0FkRYNEJmxq3PUp+6T8MRaJpeKpKSQvnI2Qj3CtAp8xBkhBv/eZhUm
K+OeSLjuUaHsaf5ipN2oeOTTGjFGdzxmjP+ZA2MwTPfkQN7fggtACbpGOL+j4tOE
4d0wlVe8lNPwIMxsib8+8CxqXbBVVmJ50uuWBfTaZGSPyDbt1UrXScLRP41BY63H
7QKL3IWWv/KU4zYwVnkSazh2H/QRCuiqNNtP+H3fdV5S53Kp2UVuCCyw3Nk0/JJt
MvBFkg3nqwrI7nF7HZHuKUY85UpbAYIYfn8hr7Ugy9cUGiw7/Xc6We9rmnrTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxcof+OmmLD3sCa1Kw6Pk84jNgI8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NzQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNHMA0GCSqGSIb3DQEBCwUAA4IBAQC93VXnhAmDmXOM8d7S5Fslizq7OtCV6072
g+P8YKCFQD4zA5E96F2Q7BvJKXp0EsT3mRMbmxvct9UbOcydscDLx09Sv4REcPva
lF4mt73Wj9crW7P3LXqRKXKaFV+vFOsBgtz0/qDE0fPCxCcOhyxRPhLmUjGq6PXZ
FcrMYnxboODrjyEvq28ErxfcO1G3rB4ig6FwkpBc3Ug1Jbc1a7lynxhHHMGUmRKZ
g5qisTNJISrE3wf3iLRXCnom/ZQ8CDyv1UADqxcRX3T75KToM7bod+pTcSW2KN5f
MRzsXjZKb+2CbxxLN4rwgtjOg4mJj2Tkmuf3yzGtcGCDpnjjWTkA
-----END CERTIFICATE-----