Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215288.roa
File:                     AS215288.roa (raw, json)
Hash identifier:          ruNz3rj9rrEOGFWiI1HquwaUvvXGfxsXqEjcBZqOzRs=
Subject key identifier:   DA:94:72:4F:5A:4B:E8:01:D2:B8:7D:8F:9D:D4:05:0A:1B:76:48:C7
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1D8BDBCB937F58CD415F4499F5E499320E252643
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215288.roa
Signing time:             Tue 04 Feb 2025 00:17:07 +0000
ROA not before:           Tue 04 Feb 2025 00:12:07 +0000
ROA not after:            Tue 03 Feb 2026 00:17:07 +0000
asID:                     215288
IP address blocks:        2a14:7581:9f20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:8b:db:cb:93:7f:58:cd:41:5f:44:99:f5:e4:99:32:0e:25:26:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:07 2025 GMT
            Not After : Feb  3 00:17:07 2026 GMT
        Subject: CN=DA94724F5A4BE801D2B87D8F9DD4050A1B7648C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ae:a7:26:9c:d7:91:df:e0:44:5e:0a:19:26:
                    20:b3:26:70:2c:87:85:41:7e:b9:38:5f:79:25:2f:
                    79:c3:62:8f:6d:71:23:ec:14:2d:cf:9d:70:93:b4:
                    fc:10:f3:72:29:83:31:30:14:93:f9:7c:a6:4b:64:
                    ee:5f:58:30:97:20:b5:68:40:9a:3c:9e:bb:14:e8:
                    56:be:67:c3:52:db:78:75:eb:9a:73:a1:f7:99:05:
                    c0:d3:19:4e:23:11:a7:09:40:60:09:e3:43:91:50:
                    ff:72:0b:dd:d8:f5:00:8c:a5:37:da:64:86:b0:63:
                    a9:43:c3:78:8a:fc:ae:ee:dc:c8:ca:b5:45:34:a3:
                    41:b2:e4:1f:b6:7e:f8:7b:a9:9e:80:68:06:f3:58:
                    95:df:bd:df:b7:c3:5c:f1:f6:ab:1a:e1:4c:5b:63:
                    ad:c2:b0:dc:0c:b5:2c:79:ce:9b:e4:39:79:63:5a:
                    55:74:26:fb:35:d0:66:80:8f:8a:84:72:8d:46:b4:
                    cd:91:b6:e3:db:b3:74:e4:4b:77:ae:a1:7b:cb:7e:
                    28:0f:1d:b5:f4:d9:3d:f1:d5:5d:76:bf:1e:60:bf:
                    b2:ab:9b:de:e8:69:10:f0:96:5f:9b:07:07:82:68:
                    e8:85:56:b7:6b:6a:0f:ad:b5:5c:35:7a:c2:e6:0e:
                    6a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:94:72:4F:5A:4B:E8:01:D2:B8:7D:8F:9D:D4:05:0A:1B:76:48:C7
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215288.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9f20::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:af:3e:16:59:3f:c1:b9:d1:40:31:59:26:1a:2a:cc:68:6e:
         99:a3:5b:73:5c:33:95:1e:05:41:01:19:5a:70:ba:a1:51:aa:
         67:80:4b:c7:8d:02:40:66:75:fe:cd:99:b5:52:c5:71:30:b0:
         12:8e:8e:00:3c:11:ce:29:f2:dc:82:99:58:30:fa:6a:23:d0:
         cd:3d:b1:4e:2b:e3:48:de:58:05:39:7a:94:da:ae:4d:59:6a:
         21:da:ee:3e:a7:05:53:72:25:9b:9a:ef:ac:6e:ff:73:38:90:
         43:97:20:17:96:fa:8a:00:01:40:46:36:9f:e4:f0:62:ce:a5:
         75:6b:f5:9c:15:ff:61:83:5d:0e:c0:06:1b:ca:28:45:4b:e1:
         56:33:41:3e:08:d6:aa:fd:ee:c0:1f:65:1d:85:1f:9d:0d:74:
         ce:f4:64:02:0e:96:a9:83:11:57:21:fa:5d:e9:30:71:d6:a5:
         2a:92:4a:a8:77:ee:61:6c:9a:ac:80:ea:34:9a:00:1d:69:ef:
         ae:76:4e:76:c1:0b:5e:12:ee:d6:68:f7:79:a1:53:c9:95:8d:
         a5:8b:d9:39:1e:ad:47:50:75:9f:80:54:26:1f:ad:c2:fa:4e:
         3c:00:2d:fc:f2:b9:d1:70:3a:c8:80:92:73:40:a0:76:9d:2a:
         d8:a4:2b:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHYvby5N/WM1BX0SZ9eSZMg4lJkMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDdaFw0yNjAyMDMwMDE3MDdaMDMxMTAvBgNV
BAMTKERBOTQ3MjRGNUE0QkU4MDFEMkI4N0Q4RjlERDQwNTBBMUI3NjQ4QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvrqcmnNeR3+BEXgoZJiCzJnAs
h4VBfrk4X3klL3nDYo9tcSPsFC3PnXCTtPwQ83IpgzEwFJP5fKZLZO5fWDCXILVo
QJo8nrsU6Fa+Z8NS23h165pzofeZBcDTGU4jEacJQGAJ40ORUP9yC93Y9QCMpTfa
ZIawY6lDw3iK/K7u3MjKtUU0o0Gy5B+2fvh7qZ6AaAbzWJXfvd+3w1zx9qsa4Uxb
Y63CsNwMtSx5zpvkOXljWlV0Jvs10GaAj4qEco1GtM2RtuPbs3TkS3euoXvLfigP
HbX02T3x1V12vx5gv7Krm97oaRDwll+bBweCaOiFVrdrag+ttVw1esLmDmqNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2pRyT1pL6AHSuH2PndQFCht2SMcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE1Mjg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1
gZ8gMA0GCSqGSIb3DQEBCwUAA4IBAQBjrz4WWT/BudFAMVkmGirMaG6Zo1tzXDOV
HgVBARlacLqhUapngEvHjQJAZnX+zZm1UsVxMLASjo4APBHOKfLcgplYMPpqI9DN
PbFOK+NI3lgFOXqU2q5NWWoh2u4+pwVTciWbmu+sbv9zOJBDlyAXlvqKAAFARjaf
5PBizqV1a/WcFf9hg10OwAYbyihFS+FWM0E+CNaq/e7AH2UdhR+dDXTO9GQCDpap
gxFXIfpd6TBx1qUqkkqod+5hbJqsgOo0mgAdae+udk52wQteEu7WaPd5oVPJlY2l
i9k5Hq1HUHWfgFQmH63C+k48AC388rnRcDrIgJJzQKB2nSrYpCvK
-----END CERTIFICATE-----