Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa
File:                     AS215791.roa (raw, json)
Hash identifier:          bx2TstjM+xPly0K8rloUZUU2wW3pjILjMUxavRWF2+U=
Subject key identifier:   FC:22:B1:D4:70:87:EE:E6:1C:F9:AB:D2:59:8C:98:24:57:C5:1C:85
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5886ED5ED6E406E77958CE9B47C1AB21E0443695
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa
Signing time:             Fri 23 Aug 2024 08:01:19 +0000
ROA not before:           Fri 23 Aug 2024 07:56:19 +0000
ROA not after:            Fri 22 Aug 2025 08:01:19 +0000
asID:                     215791
IP address blocks:        2a0f:85c1:348::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:86:ed:5e:d6:e4:06:e7:79:58:ce:9b:47:c1:ab:21:e0:44:36:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:19 2024 GMT
            Not After : Aug 22 08:01:19 2025 GMT
        Subject: CN=FC22B1D47087EEE61CF9ABD2598C982457C51C85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:45:03:92:2d:06:57:2f:b8:c2:6d:a7:02:dd:
                    1e:20:70:c5:30:21:51:7a:49:a0:bf:f6:96:c4:58:
                    c4:ee:fa:38:ea:ca:9e:90:7c:f9:d4:61:b4:61:9d:
                    92:c8:9d:1b:09:48:0b:9f:bc:b5:26:3a:a2:d9:a9:
                    94:dd:99:d8:bc:4d:fd:4a:1a:07:23:58:8c:c6:a2:
                    41:38:7f:81:99:9a:fd:3b:f2:3c:dd:58:67:86:cc:
                    3e:ae:17:43:4f:76:ad:fa:53:91:64:5c:e8:d5:d1:
                    e5:36:0d:9e:37:89:27:b6:44:5f:e5:1d:b4:6e:72:
                    7c:09:06:a5:40:0a:fb:bc:06:42:01:77:50:6f:34:
                    b6:d4:9b:1b:1f:f0:b7:bb:da:02:82:82:4c:5c:a9:
                    ce:e3:e9:92:b1:a0:e9:24:83:ea:f1:22:c3:7c:ad:
                    4c:28:10:ea:b2:71:81:7b:a7:4d:ad:0d:cd:4f:99:
                    ae:51:e1:b8:5b:ad:95:3d:d3:1e:d9:b2:9e:7a:02:
                    ec:ac:f2:48:58:52:cb:ba:eb:b2:2a:42:e4:82:4b:
                    07:08:ec:41:3c:70:b2:94:f5:fd:0d:4b:b5:e2:77:
                    a5:81:b3:8a:49:2b:2f:a0:7e:09:d2:d9:01:65:1c:
                    f2:d6:0e:29:ef:f6:a5:55:86:be:b1:d2:c5:da:53:
                    59:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:22:B1:D4:70:87:EE:E6:1C:F9:AB:D2:59:8C:98:24:57:C5:1C:85
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:348::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:bf:57:62:67:b3:c1:a9:71:f7:2a:f0:79:1e:ca:4e:bc:69:
         94:5f:67:eb:4d:6f:98:6b:07:cd:66:88:bf:3f:ea:ff:7e:8e:
         e3:62:cd:f3:d1:64:c2:0b:34:4c:72:8a:e2:19:2e:d9:8f:22:
         2e:cc:cd:8e:83:9a:79:76:5f:33:a3:43:eb:e7:ff:b3:50:f2:
         af:50:ba:0d:fa:2a:86:70:cb:dc:75:5c:e4:c6:39:e0:9d:67:
         1f:39:fb:9f:33:84:84:3e:a3:e5:c8:ad:e4:33:46:9a:05:54:
         9f:ca:fa:4f:68:32:4f:99:19:94:16:1b:95:fb:15:39:65:17:
         bd:46:c1:b3:0b:66:a1:7e:a6:bb:ad:15:b8:40:7f:a4:c1:d9:
         bf:34:bc:39:f0:93:10:73:25:83:49:97:6a:d8:af:23:21:b1:
         66:2c:a9:7d:a9:5b:ab:a4:52:62:d7:f4:93:4a:32:9c:93:dc:
         39:f8:46:85:23:05:3d:ee:3c:4c:59:7f:bf:03:8f:dd:7a:8f:
         de:a4:17:47:9d:cc:3e:f5:c5:19:5a:80:74:7c:19:09:11:09:
         12:40:38:45:20:af:66:a6:b1:15:62:bb:81:d3:b6:df:ee:41:
         64:89:cb:ef:97:06:79:e2:e2:5a:6b:99:e9:a3:4e:c5:0d:8b:
         db:59:4f:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWIbtXtbkBud5WM6bR8GrIeBENpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTlaFw0yNTA4MjIwODAxMTlaMDMxMTAvBgNV
BAMTKEZDMjJCMUQ0NzA4N0VFRTYxQ0Y5QUJEMjU5OEM5ODI0NTdDNTFDODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBRQOSLQZXL7jCbacC3R4gcMUw
IVF6SaC/9pbEWMTu+jjqyp6QfPnUYbRhnZLInRsJSAufvLUmOqLZqZTdmdi8Tf1K
GgcjWIzGokE4f4GZmv078jzdWGeGzD6uF0NPdq36U5FkXOjV0eU2DZ43iSe2RF/l
HbRucnwJBqVACvu8BkIBd1BvNLbUmxsf8Le72gKCgkxcqc7j6ZKxoOkkg+rxIsN8
rUwoEOqycYF7p02tDc1Pma5R4bhbrZU90x7Zsp56Auys8khYUsu667IqQuSCSwcI
7EE8cLKU9f0NS7Xid6WBs4pJKy+gfgnS2QFlHPLWDinv9qVVhr6x0sXaU1l3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/CKx1HCH7uYc+avSWYyYJFfFHIUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNIMA0GCSqGSIb3DQEBCwUAA4IBAQBBv1diZ7PBqXH3KvB5HspOvGmUX2frTW+Y
awfNZoi/P+r/fo7jYs3z0WTCCzRMcoriGS7ZjyIuzM2Og5p5dl8zo0Pr5/+zUPKv
ULoN+iqGcMvcdVzkxjngnWcfOfufM4SEPqPlyK3kM0aaBVSfyvpPaDJPmRmUFhuV
+xU5ZRe9RsGzC2ahfqa7rRW4QH+kwdm/NLw58JMQcyWDSZdq2K8jIbFmLKl9qVur
pFJi1/STSjKck9w5+EaFIwU97jxMWX+/A4/deo/epBdHncw+9cUZWoB0fBkJEQkS
QDhFIK9mprEVYruB07bf7kFkicvvlwZ54uJaa5npo07FDYvbWU8A
-----END CERTIFICATE-----