Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215073.roa
File:                     AS215073.roa (raw, json)
Hash identifier:          +ZYpkL4vKieOzK1F91sde69ggBFmiXoGBt1EvjJ0tWU=
Subject key identifier:   91:A0:CA:32:53:1E:2C:6B:4C:DC:5B:76:64:D4:B4:3E:11:D1:77:E9
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       2415294299CC51D5F37D4772D3B491F8A9997C45
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215073.roa
Signing time:             Wed 15 Jan 2025 17:12:45 +0000
ROA not before:           Wed 15 Jan 2025 17:07:45 +0000
ROA not after:            Wed 14 Jan 2026 17:12:45 +0000
asID:                     215073
IP address blocks:        85.235.73.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:15:29:42:99:cc:51:d5:f3:7d:47:72:d3:b4:91:f8:a9:99:7c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 17:07:45 2025 GMT
            Not After : Jan 14 17:12:45 2026 GMT
        Subject: CN=91A0CA32531E2C6B4CDC5B7664D4B43E11D177E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c5:08:41:cc:94:44:43:32:e2:87:07:f3:32:
                    8e:04:88:80:0c:10:9c:57:b8:c6:43:d9:30:05:d2:
                    18:e5:d2:3e:4c:1d:52:bc:d2:e9:ce:5b:c3:32:18:
                    60:05:7e:88:30:7e:1b:93:e4:78:94:17:1b:59:26:
                    00:0d:aa:88:9d:5d:80:1b:12:06:45:63:56:ed:33:
                    33:2b:9a:67:5d:70:70:e0:dd:c2:27:0b:0b:16:fe:
                    12:21:50:15:0a:e3:77:c1:07:70:4e:e7:37:69:b8:
                    2b:e7:b5:11:eb:e3:cb:68:f5:6d:46:aa:ae:fa:39:
                    b8:f7:bf:b4:4d:27:a7:d3:a7:48:99:8d:2e:cd:49:
                    3e:02:a2:15:e2:08:98:82:0f:89:2c:e2:3b:91:97:
                    75:ff:15:77:6d:77:35:9a:10:42:24:49:76:a9:b6:
                    ec:89:52:ef:11:bb:e6:81:44:d7:53:e5:d8:17:e6:
                    a5:18:2c:09:60:05:2c:f9:6b:98:32:b2:ba:f5:f1:
                    12:2f:fa:d1:a9:f4:ac:58:61:98:de:da:51:55:27:
                    2e:89:54:eb:d4:af:64:fb:09:9f:1d:5a:ad:99:8b:
                    b4:9b:c0:b3:71:bf:0a:9f:b0:02:23:76:83:4c:ad:
                    cf:ee:23:f8:62:0b:78:9f:0b:97:f1:c1:85:54:ce:
                    45:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A0:CA:32:53:1E:2C:6B:4C:DC:5B:76:64:D4:B4:3E:11:D1:77:E9
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.73.0/24
                  193.111.78.0/24
                  217.18.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:0d:22:41:f4:13:78:cd:ee:d7:8b:b6:c4:bf:7f:9b:1b:cf:
         00:0e:dd:55:51:60:af:05:da:1f:6e:26:00:c9:25:41:77:e2:
         4e:c2:17:57:1d:a2:20:d3:af:8c:bb:ce:fc:fd:0f:9f:91:fb:
         a5:9c:e1:5b:cf:fc:bd:12:f2:55:ef:26:36:ed:da:66:85:1a:
         b8:96:3e:b3:d6:b9:50:af:aa:80:77:7b:b5:b5:ed:a6:ce:f7:
         e4:f0:a0:2b:c9:3c:9b:49:fd:11:d0:07:88:96:c0:4e:da:4f:
         a9:c9:f7:6e:6b:dc:db:ae:84:03:70:1a:b7:03:53:12:61:7d:
         00:f7:8a:99:a5:cb:86:fc:8d:b7:c9:d0:7b:43:2f:c5:7f:e1:
         14:76:ee:92:71:c5:75:0e:26:f0:d1:e2:97:97:e8:d9:f1:d1:
         a4:6b:ad:a1:6a:ca:e2:22:8f:11:0b:33:32:a7:99:df:dd:7d:
         b3:37:04:5e:bd:6f:a0:d0:57:ee:43:b4:71:f6:80:46:4a:3d:
         4f:39:d5:33:71:30:8c:79:91:cf:41:5c:e2:18:c5:a4:db:eb:
         45:b5:a0:d5:c3:81:50:be:0f:a9:8e:d6:ff:ff:22:5d:04:35:
         d9:de:60:d4:0b:f0:33:cd:f2:71:e0:96:5b:2e:4a:de:25:bf:
         b3:9d:87:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJBUpQpnMUdXzfUdy07SR+KmZfEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNzA3NDVaFw0yNjAxMTQxNzEyNDVaMDMxMTAvBgNV
BAMTKDkxQTBDQTMyNTMxRTJDNkI0Q0RDNUI3NjY0RDRCNDNFMTFEMTc3RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSxQhBzJREQzLihwfzMo4EiIAM
EJxXuMZD2TAF0hjl0j5MHVK80unOW8MyGGAFfogwfhuT5HiUFxtZJgANqoidXYAb
EgZFY1btMzMrmmddcHDg3cInCwsW/hIhUBUK43fBB3BO5zdpuCvntRHr48to9W1G
qq76Obj3v7RNJ6fTp0iZjS7NST4CohXiCJiCD4ks4juRl3X/FXdtdzWaEEIkSXap
tuyJUu8Ru+aBRNdT5dgX5qUYLAlgBSz5a5gysrr18RIv+tGp9KxYYZje2lFVJy6J
VOvUr2T7CZ8dWq2Zi7SbwLNxvwqfsAIjdoNMrc/uI/hiC3ifC5fxwYVUzkVxAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUkaDKMlMeLGtM3Ft2ZNS0PhHRd+kwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVetJ
AwQAwW9OAwQA2RLTMA0GCSqGSIb3DQEBCwUAA4IBAQCoDSJB9BN4ze7Xi7bEv3+b
G88ADt1VUWCvBdofbiYAySVBd+JOwhdXHaIg06+Mu878/Q+fkfulnOFbz/y9EvJV
7yY27dpmhRq4lj6z1rlQr6qAd3u1te2mzvfk8KAryTybSf0R0AeIlsBO2k+pyfdu
a9zbroQDcBq3A1MSYX0A94qZpcuG/I23ydB7Qy/Ff+EUdu6SccV1Dibw0eKXl+jZ
8dGka62hasriIo8RCzMyp5nf3X2zNwRevW+g0FfuQ7Rx9oBGSj1POdUzcTCMeZHP
QVziGMWk2+tFtaDVw4FQvg+pjtb//yJdBDXZ3mDUC/AzzfJx4JZbLkreJb+znYcq
-----END CERTIFICATE-----