Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215224.roa
File:                     AS215224.roa (raw, json)
Hash identifier:          jOutBXVm03cKid1PNledmuHC9UTwv18fBey5RusHZX0=
Subject key identifier:   FE:52:A6:15:6C:B0:AB:C5:7B:E5:6C:7D:FF:18:D3:7B:23:D7:25:0F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5DAFD731786E1A0C5B2009C80863DA41B5DBC93B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215224.roa
Signing time:             Mon 27 Jan 2025 09:31:24 +0000
ROA not before:           Mon 27 Jan 2025 09:26:24 +0000
ROA not after:            Mon 26 Jan 2026 09:31:24 +0000
asID:                     215224
IP address blocks:        141.11.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:af:d7:31:78:6e:1a:0c:5b:20:09:c8:08:63:da:41:b5:db:c9:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan 27 09:26:24 2025 GMT
            Not After : Jan 26 09:31:24 2026 GMT
        Subject: CN=FE52A6156CB0ABC57BE56C7DFF18D37B23D7250F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b0:2f:4f:8d:88:5a:25:9a:6e:b1:a6:1b:fc:
                    c1:d1:02:d9:e4:e2:89:8d:8c:01:20:ae:66:48:a5:
                    48:79:48:e1:78:8f:09:c8:20:34:24:1a:b0:08:f2:
                    f2:2a:38:0a:61:73:61:c1:0c:0b:d0:ed:08:6e:e8:
                    4c:f6:5c:b1:19:7a:f0:cd:e1:6e:73:1b:0d:e1:de:
                    7e:3e:e1:f5:98:ba:ee:91:29:f8:e1:b9:7e:03:5d:
                    43:11:3b:73:6a:c4:e2:19:2f:0d:35:86:64:70:fd:
                    e9:be:14:93:22:aa:62:46:cd:fe:14:71:73:ea:ac:
                    4f:d3:15:dc:a6:08:88:00:ab:01:31:b7:71:09:6d:
                    c3:09:49:bb:84:5d:82:e1:00:58:61:03:14:6a:62:
                    f3:5d:55:f8:9f:9d:47:c4:4a:f9:88:f3:e8:71:b0:
                    a8:42:f0:1c:a0:2b:90:14:f0:d5:0c:0e:2f:7b:69:
                    ca:12:e7:56:e1:49:73:f0:06:aa:b4:88:f0:cf:c8:
                    25:56:0c:04:c0:3e:8a:56:15:25:c9:a6:ba:88:3d:
                    a9:fc:ac:c2:0b:62:f4:b7:4d:4e:d9:f1:1f:97:a3:
                    eb:1c:c6:89:0f:f5:db:49:ec:24:26:f1:22:74:18:
                    16:e9:06:98:2f:b3:e7:a8:da:a3:9b:4d:b6:07:c7:
                    28:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:52:A6:15:6C:B0:AB:C5:7B:E5:6C:7D:FF:18:D3:7B:23:D7:25:0F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:58:b9:ad:07:32:dc:d6:93:07:19:48:e4:21:12:6f:76:e5:
         bc:10:d8:eb:e5:e1:02:9a:45:aa:0b:84:cc:f2:b2:95:89:f7:
         1f:93:f6:a3:68:26:01:69:cf:ba:e6:0a:39:38:15:3a:00:33:
         7a:26:9a:0f:fd:ad:42:da:5b:b5:b6:88:88:c3:63:a5:fd:fb:
         02:02:b0:d8:ac:7f:af:0e:8c:75:7e:44:2f:96:02:8b:35:e3:
         d7:92:3a:be:b9:ce:ee:0c:7b:32:bf:81:36:98:4d:9a:c3:39:
         6a:5f:80:05:6c:44:e7:47:4a:d1:8b:63:cc:7f:0d:ab:27:48:
         50:3c:00:da:cb:68:21:ce:eb:40:db:62:f5:fe:d4:92:4e:4f:
         c4:99:0a:43:eb:1c:14:f6:8d:38:5c:28:1d:42:63:df:2a:93:
         1a:07:05:cf:d5:a6:b0:a9:1c:4c:3b:07:91:6e:95:db:b2:bc:
         41:3e:9b:4d:32:79:a4:c2:09:b9:02:d4:a2:31:59:af:74:e5:
         02:84:cc:80:96:78:d2:16:95:18:78:52:30:d6:0e:5d:e8:47:
         13:c0:e6:f0:80:a0:e8:0e:75:48:78:38:0d:e7:64:a8:e4:bf:
         79:af:97:a1:6c:88:0f:a1:db:a8:62:08:a4:fe:40:d9:bb:d4:
         38:41:af:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXa/XMXhuGgxbIAnICGPaQbXbyTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAxMjcwOTI2MjRaFw0yNjAxMjYwOTMxMjRaMDMxMTAvBgNV
BAMTKEZFNTJBNjE1NkNCMEFCQzU3QkU1NkM3REZGMThEMzdCMjNENzI1MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjsC9PjYhaJZpusaYb/MHRAtnk
4omNjAEgrmZIpUh5SOF4jwnIIDQkGrAI8vIqOAphc2HBDAvQ7Qhu6Ez2XLEZevDN
4W5zGw3h3n4+4fWYuu6RKfjhuX4DXUMRO3NqxOIZLw01hmRw/em+FJMiqmJGzf4U
cXPqrE/TFdymCIgAqwExt3EJbcMJSbuEXYLhAFhhAxRqYvNdVfifnUfESvmI8+hx
sKhC8BygK5AU8NUMDi97acoS51bhSXPwBqq0iPDPyCVWDATAPopWFSXJprqIPan8
rMILYvS3TU7Z8R+Xo+scxokP9dtJ7CQm8SJ0GBbpBpgvs+eo2qObTbYHxyhdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/lKmFWywq8V75Wx9/xjTeyPXJQ8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsf
MA0GCSqGSIb3DQEBCwUAA4IBAQDRWLmtBzLc1pMHGUjkIRJvduW8ENjr5eECmkWq
C4TM8rKVifcfk/ajaCYBac+65go5OBU6ADN6JpoP/a1C2lu1toiIw2Ol/fsCArDY
rH+vDox1fkQvlgKLNePXkjq+uc7uDHsyv4E2mE2awzlqX4AFbETnR0rRi2PMfw2r
J0hQPADay2ghzutA22L1/tSSTk/EmQpD6xwU9o04XCgdQmPfKpMaBwXP1aawqRxM
OweRbpXbsrxBPptNMnmkwgm5AtSiMVmvdOUChMyAlnjSFpUYeFIw1g5d6EcTwObw
gKDoDnVIeDgN52So5L95r5ehbIgPoduoYgik/kDZu9Q4Qa+3
-----END CERTIFICATE-----