Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215899.roa
File:                     AS215899.roa (raw, json)
Hash identifier:          73+y+IsKH2L1HyMsNaJp1P/gPIDnGLJdv7pL4875TX4=
Subject key identifier:   CA:3C:F0:88:7C:F9:92:91:12:0E:78:5E:E2:80:53:43:96:38:35:3C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39D237046ADCF4EED7670A72DB2FB305B5709476
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215899.roa
Signing time:             Fri 23 Aug 2024 08:01:15 +0000
ROA not before:           Fri 23 Aug 2024 07:56:15 +0000
ROA not after:            Fri 22 Aug 2025 08:01:15 +0000
asID:                     215899
IP address blocks:        2a0f:85c1:334::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d2:37:04:6a:dc:f4:ee:d7:67:0a:72:db:2f:b3:05:b5:70:94:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:15 2024 GMT
            Not After : Aug 22 08:01:15 2025 GMT
        Subject: CN=CA3CF0887CF99291120E785EE28053439638353C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:23:c5:7a:f1:6f:9a:aa:07:ca:e7:8f:32:
                    74:4b:97:bb:f8:cd:48:14:4b:2e:11:b4:6a:0d:3c:
                    ca:52:2f:77:b5:8f:5c:c7:82:a6:c6:32:00:b0:79:
                    15:44:85:a1:4a:30:05:e3:f8:cb:92:bc:86:a0:41:
                    5e:db:8d:1a:8b:79:82:ec:ea:df:8e:ab:74:94:83:
                    5b:2a:34:e7:00:7a:70:6f:95:37:72:78:a5:5c:14:
                    84:a4:da:49:59:f0:ae:8d:50:42:b3:33:e1:f2:47:
                    43:e3:e9:25:fd:37:59:9b:ba:30:09:30:78:2e:a3:
                    17:45:b2:ac:5a:5f:2b:36:4a:f0:03:39:84:0b:f2:
                    1b:ef:5e:27:ba:85:a6:87:a0:a9:2b:05:ac:71:93:
                    8f:59:76:1f:68:6d:b8:1c:33:d3:c5:d5:6f:d2:84:
                    43:eb:f7:5c:76:f3:70:87:fa:f6:64:24:ff:0f:5e:
                    f1:38:6e:49:fb:2c:e5:46:4b:85:82:5d:6e:ec:b8:
                    7e:9c:bc:29:04:ea:f4:3a:fb:ce:b4:9f:bd:5d:a8:
                    6c:ac:bd:6f:cb:94:02:ed:8f:bf:8b:2f:aa:84:73:
                    33:2d:08:02:ea:ec:18:54:56:25:ff:78:a1:00:ab:
                    14:2d:b2:07:ca:13:0a:a8:9c:3b:ef:11:07:dd:b6:
                    c7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:3C:F0:88:7C:F9:92:91:12:0E:78:5E:E2:80:53:43:96:38:35:3C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215899.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:334::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:00:67:9c:f9:68:9e:5d:bb:12:c0:54:9c:94:81:61:42:08:
         b5:10:81:0f:5e:1a:66:ac:a5:2a:d0:e8:20:d4:c8:05:05:c7:
         4d:0e:2b:3a:4d:93:12:19:51:90:cd:17:74:73:9b:b9:b0:11:
         76:99:2c:ed:10:d7:2f:7e:2d:db:89:89:22:cf:5b:9b:f9:9f:
         ef:05:ed:bb:51:15:bd:fe:60:be:0f:05:30:3d:ed:a0:fa:c7:
         ca:86:46:29:66:6c:6f:4c:fa:f1:49:b6:05:08:0f:7a:8c:e1:
         96:36:c0:ee:f4:0c:af:7c:57:68:39:62:01:a6:99:71:48:41:
         69:8d:e9:20:9f:61:ba:25:4f:29:9d:0a:68:07:60:66:67:30:
         e8:05:60:11:26:6d:e9:5a:88:71:7e:ed:16:1b:c1:ce:9b:02:
         21:4a:a0:3e:5e:41:2d:14:d8:4a:e6:ff:6f:df:89:63:1e:f3:
         db:74:17:5a:71:e8:89:7d:20:4b:32:a0:81:a4:54:a1:70:5f:
         20:23:52:44:10:f9:54:11:38:82:99:12:1d:db:a0:58:e5:0b:
         ea:84:e1:f8:c4:05:0e:cb:68:55:c1:14:a0:ca:23:2b:40:0e:
         56:0e:65:72:24:5a:ec:75:12:d3:24:14:29:e9:c4:53:cf:e1:
         31:a9:ba:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOdI3BGrc9O7XZwpy2y+zBbVwlHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTVaFw0yNTA4MjIwODAxMTVaMDMxMTAvBgNV
BAMTKENBM0NGMDg4N0NGOTkyOTExMjBFNzg1RUUyODA1MzQzOTYzODM1M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCleiPFevFvmqoHyuePMnRLl7v4
zUgUSy4RtGoNPMpSL3e1j1zHgqbGMgCweRVEhaFKMAXj+MuSvIagQV7bjRqLeYLs
6t+Oq3SUg1sqNOcAenBvlTdyeKVcFISk2klZ8K6NUEKzM+HyR0Pj6SX9N1mbujAJ
MHguoxdFsqxaXys2SvADOYQL8hvvXie6haaHoKkrBaxxk49Zdh9obbgcM9PF1W/S
hEPr91x283CH+vZkJP8PXvE4bkn7LOVGS4WCXW7suH6cvCkE6vQ6+860n71dqGys
vW/LlALtj7+LL6qEczMtCALq7BhUViX/eKEAqxQtsgfKEwqonDvvEQfdtsdZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyjzwiHz5kpESDnhe4oBTQ5Y4NTwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1ODk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQM0MA0GCSqGSIb3DQEBCwUAA4IBAQAKAGec+WieXbsSwFSclIFhQgi1EIEPXhpm
rKUq0Ogg1MgFBcdNDis6TZMSGVGQzRd0c5u5sBF2mSztENcvfi3biYkiz1ub+Z/v
Be27URW9/mC+DwUwPe2g+sfKhkYpZmxvTPrxSbYFCA96jOGWNsDu9AyvfFdoOWIB
pplxSEFpjekgn2G6JU8pnQpoB2BmZzDoBWARJm3pWohxfu0WG8HOmwIhSqA+XkEt
FNhK5v9v34ljHvPbdBdaceiJfSBLMqCBpFShcF8gI1JEEPlUETiCmRId26BY5Qvq
hOH4xAUOy2hVwRSgyiMrQA5WDmVyJFrsdRLTJBQp6cRTz+Exqbps
-----END CERTIFICATE-----