Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215181.roa
File:                     AS215181.roa (raw, json)
Hash identifier:          8c7j6ROZkv9rsISuOepRqboy6rQv1ZZGNzV6s1PEfo8=
Subject key identifier:   C3:60:2C:95:ED:DA:3B:88:2B:53:60:46:2F:29:D3:BB:D4:89:CF:BE
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4C1D04E61AA8349A201A8BF5636C53A2F772496E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215181.roa
Signing time:             Wed 15 Jan 2025 17:10:10 +0000
ROA not before:           Wed 15 Jan 2025 17:05:10 +0000
ROA not after:            Wed 14 Jan 2026 17:10:10 +0000
asID:                     215181
IP address blocks:        5.133.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:1d:04:e6:1a:a8:34:9a:20:1a:8b:f5:63:6c:53:a2:f7:72:49:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 17:05:10 2025 GMT
            Not After : Jan 14 17:10:10 2026 GMT
        Subject: CN=C3602C95EDDA3B882B5360462F29D3BBD489CFBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b7:a4:b8:a8:9d:e4:a7:b3:d7:23:95:03:50:
                    a0:d6:90:79:22:72:a7:f9:4e:42:35:01:cf:5f:3c:
                    1b:ee:7b:5f:04:e6:64:a1:ce:21:af:41:18:a4:91:
                    a2:09:02:1a:03:c3:43:25:6a:46:5a:3d:f8:6e:c2:
                    09:65:bc:ce:a2:cd:8d:4c:e1:9a:52:ef:b3:9c:19:
                    f2:ce:21:03:3c:d8:10:3f:67:33:20:54:85:bd:a4:
                    29:1c:04:10:1a:bb:e8:6c:ed:f6:a6:ee:dc:94:2d:
                    5c:89:34:91:ad:c0:17:bc:11:f7:e4:04:58:45:d9:
                    7e:35:10:98:22:31:8d:1f:2b:43:10:0b:b5:b6:43:
                    0a:72:18:2e:af:2c:97:c9:e0:92:05:66:28:08:64:
                    09:c5:8e:ba:68:f2:8c:31:32:23:e3:12:39:d4:d9:
                    47:be:6d:00:a2:af:78:26:10:71:85:fb:98:e9:17:
                    5a:8f:ed:49:25:e4:06:2c:fb:e9:ed:93:41:e7:16:
                    3c:9f:73:1e:f1:bd:2c:26:c1:e7:8e:6f:cc:7e:f0:
                    65:a8:3f:a6:9f:67:f2:bf:a3:21:40:f9:26:8f:4c:
                    85:d6:98:e4:7a:25:da:0c:cf:90:ee:29:73:90:ca:
                    a0:99:f2:64:b6:57:1a:13:6a:82:96:53:91:9d:4f:
                    7c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:60:2C:95:ED:DA:3B:88:2B:53:60:46:2F:29:D3:BB:D4:89:CF:BE
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:11:7d:3c:94:cd:97:7b:2d:88:18:b9:8a:1e:66:75:ff:a7:
         88:fc:70:f0:70:15:ad:cb:41:a7:27:ce:61:96:21:85:29:c4:
         aa:c5:fb:95:9c:08:51:f2:06:e1:f2:d4:ed:33:0a:21:a3:b8:
         9e:ce:4d:d7:38:5f:ee:ae:35:59:13:e5:5b:6f:81:b3:d2:1f:
         17:de:0b:63:f4:bb:74:c8:3e:bb:54:52:0c:f1:0c:df:b3:f7:
         28:2e:fd:b9:9f:36:e4:a3:d5:55:ff:45:ca:99:c8:4c:d0:b2:
         02:da:44:c0:02:7b:a0:2d:80:d4:a0:f1:43:28:21:e9:4d:9a:
         be:f1:8b:ae:6e:39:02:84:98:ee:b1:e5:97:26:b6:9f:2d:c8:
         8e:60:db:32:0e:fd:d0:e1:bf:ed:c5:c9:82:ff:cc:31:e2:8e:
         d5:3d:08:91:d0:b6:eb:67:62:78:c8:30:e3:49:79:46:b3:c0:
         83:38:ae:a6:69:b0:6e:f2:b1:46:3d:11:ac:7c:1c:40:3b:40:
         a7:a4:79:af:5a:21:57:0b:98:27:3e:64:11:be:d1:26:2d:26:
         5b:ff:2e:e6:0f:19:c8:84:50:94:14:57:a7:59:26:8c:07:84:
         92:54:e0:f4:46:ce:ca:ce:a6:b4:49:c2:65:2a:a4:f4:b1:f3:
         de:61:c2:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTB0E5hqoNJogGov1Y2xTovdySW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNzA1MTBaFw0yNjAxMTQxNzEwMTBaMDMxMTAvBgNV
BAMTKEMzNjAyQzk1RUREQTNCODgyQjUzNjA0NjJGMjlEM0JCRDQ4OUNGQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCot6S4qJ3kp7PXI5UDUKDWkHki
cqf5TkI1Ac9fPBvue18E5mShziGvQRikkaIJAhoDw0MlakZaPfhuwgllvM6izY1M
4ZpS77OcGfLOIQM82BA/ZzMgVIW9pCkcBBAau+hs7fam7tyULVyJNJGtwBe8Effk
BFhF2X41EJgiMY0fK0MQC7W2QwpyGC6vLJfJ4JIFZigIZAnFjrpo8owxMiPjEjnU
2Ue+bQCir3gmEHGF+5jpF1qP7Ukl5AYs++ntk0HnFjyfcx7xvSwmweeOb8x+8GWo
P6afZ/K/oyFA+SaPTIXWmOR6JdoMz5DuKXOQyqCZ8mS2VxoTaoKWU5GdT3zFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUw2Asle3aO4grU2BGLynTu9SJz74wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVk
MA0GCSqGSIb3DQEBCwUAA4IBAQCPEX08lM2Xey2IGLmKHmZ1/6eI/HDwcBWty0Gn
J85hliGFKcSqxfuVnAhR8gbh8tTtMwoho7iezk3XOF/urjVZE+Vbb4Gz0h8X3gtj
9Lt0yD67VFIM8Qzfs/coLv25nzbko9VV/0XKmchM0LIC2kTAAnugLYDUoPFDKCHp
TZq+8YuubjkChJjuseWXJrafLciOYNsyDv3Q4b/txcmC/8wx4o7VPQiR0LbrZ2J4
yDDjSXlGs8CDOK6mabBu8rFGPRGsfBxAO0CnpHmvWiFXC5gnPmQRvtEmLSZb/y7m
DxnIhFCUFFenWSaMB4SSVOD0Rs7Kzqa0ScJlKqT0sfPeYcIv
-----END CERTIFICATE-----