Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215269.roa
File:                     AS215269.roa (raw, json)
Hash identifier:          T+QorJTk7+r6ApVFOnz00RTNl/GIvME8cg99tHRa7Dk=
Subject key identifier:   C3:EE:C0:B5:FE:D0:4B:B9:7B:E4:A3:65:8B:72:4B:87:B9:99:A6:87
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       39AE47B31414D13A33D0EE1F220C87004BB75819
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215269.roa
Signing time:             Mon 02 Dec 2024 16:57:00 +0000
ROA not before:           Mon 02 Dec 2024 16:52:00 +0000
ROA not after:            Mon 01 Dec 2025 16:57:00 +0000
asID:                     215269
IP address blocks:        46.203.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:ae:47:b3:14:14:d1:3a:33:d0:ee:1f:22:0c:87:00:4b:b7:58:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Dec  2 16:52:00 2024 GMT
            Not After : Dec  1 16:57:00 2025 GMT
        Subject: CN=C3EEC0B5FED04BB97BE4A3658B724B87B999A687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e0:3d:ad:5b:97:7e:28:fc:25:52:e4:5c:be:
                    22:4a:1b:20:a3:f9:23:0f:2d:e5:8e:44:be:ec:51:
                    38:54:b4:12:62:5a:cc:36:96:d0:07:47:b9:50:a9:
                    54:04:70:37:b8:c5:eb:34:b7:ee:9e:ca:c5:ad:13:
                    5a:3f:73:dc:92:f6:3f:c7:2e:02:6c:e7:a9:ca:97:
                    7c:a7:3c:ab:0a:a3:96:e3:c7:29:41:12:2d:71:7a:
                    49:c4:9d:2b:e5:04:d0:73:48:75:ee:36:cb:42:ad:
                    49:c9:34:0a:a7:6d:88:67:9e:ab:46:48:6a:8d:44:
                    a6:a5:9d:e8:da:62:01:8f:d6:90:a5:b2:8f:69:29:
                    c8:98:3e:ef:54:b5:07:4a:0e:81:ac:09:63:0b:c1:
                    9c:86:67:08:56:53:a9:e0:f9:92:26:17:6f:e0:7c:
                    71:cc:ff:1f:7e:ce:0e:0d:e3:99:76:f7:53:31:ba:
                    90:c5:20:75:1e:ef:7a:c8:72:b8:ba:0f:88:e9:5c:
                    85:6d:a6:1c:e9:7f:dd:04:62:73:c2:5e:00:77:4b:
                    71:72:d3:b0:fb:2c:00:c1:02:df:88:b2:50:94:92:
                    7b:bc:20:e1:f9:b5:73:40:5b:a1:7f:d0:35:d8:cd:
                    49:ed:0e:fe:30:fd:42:00:e4:2f:ba:d0:2e:15:81:
                    e4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EE:C0:B5:FE:D0:4B:B9:7B:E4:A3:65:8B:72:4B:87:B9:99:A6:87
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215269.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:61:78:c2:6e:53:a2:f2:98:79:bd:a2:a1:27:2c:01:bc:67:
         47:4a:d8:1e:bf:95:ce:e6:7f:ad:af:cf:ab:cf:ac:89:5e:8f:
         8a:ce:30:03:c0:18:2f:16:ab:75:3e:47:64:55:9b:a4:89:af:
         85:97:fa:b7:ca:7c:56:76:e1:78:81:be:13:d6:1c:43:a6:32:
         21:81:a6:55:34:6d:9b:6f:8a:e7:6a:81:90:8a:9f:6d:2e:fb:
         d0:d7:d3:43:38:24:07:05:f3:6b:c5:d8:44:1f:f9:8f:43:17:
         ec:54:b1:07:7e:4b:42:87:81:f7:8f:a6:be:1f:bc:e2:fb:90:
         f0:fd:df:b8:ba:90:f9:c2:bc:e6:d0:a0:44:8e:f9:ef:93:9a:
         52:ee:74:6c:5b:b3:ad:de:18:96:40:5e:4b:16:04:4e:c3:ee:
         b0:eb:ea:52:de:29:8e:7b:f2:b2:9a:26:df:bd:7d:54:33:74:
         22:29:13:2d:3a:04:c9:0f:95:14:0a:40:16:c0:e8:b3:32:16:
         71:0e:5c:67:16:df:40:7f:ca:fc:68:d3:ee:e3:d5:93:f5:c4:
         df:b6:24:43:f8:71:11:c6:0e:2c:0a:d6:e5:78:9a:43:a9:6f:
         1a:f2:6a:9d:ad:ad:4a:ef:56:ca:06:de:47:cd:90:49:4c:3c:
         be:16:08:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOa5HsxQU0Toz0O4fIgyHAEu3WBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDEyMDIxNjUyMDBaFw0yNTEyMDExNjU3MDBaMDMxMTAvBgNV
BAMTKEMzRUVDMEI1RkVEMDRCQjk3QkU0QTM2NThCNzI0Qjg3Qjk5OUE2ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC04D2tW5d+KPwlUuRcviJKGyCj
+SMPLeWORL7sUThUtBJiWsw2ltAHR7lQqVQEcDe4xes0t+6eysWtE1o/c9yS9j/H
LgJs56nKl3ynPKsKo5bjxylBEi1xeknEnSvlBNBzSHXuNstCrUnJNAqnbYhnnqtG
SGqNRKalnejaYgGP1pClso9pKciYPu9UtQdKDoGsCWMLwZyGZwhWU6ng+ZImF2/g
fHHM/x9+zg4N45l291MxupDFIHUe73rIcri6D4jpXIVtphzpf90EYnPCXgB3S3Fy
07D7LADBAt+IslCUknu8IOH5tXNAW6F/0DXYzUntDv4w/UIA5C+60C4VgeSLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUw+7Atf7QS7l75KNli3JLh7mZpocwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1MjY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLst8
MA0GCSqGSIb3DQEBCwUAA4IBAQCjYXjCblOi8ph5vaKhJywBvGdHStgev5XO5n+t
r8+rz6yJXo+KzjADwBgvFqt1PkdkVZukia+Fl/q3ynxWduF4gb4T1hxDpjIhgaZV
NG2bb4rnaoGQip9tLvvQ19NDOCQHBfNrxdhEH/mPQxfsVLEHfktCh4H3j6a+H7zi
+5Dw/d+4upD5wrzm0KBEjvnvk5pS7nRsW7Ot3hiWQF5LFgROw+6w6+pS3imOe/Ky
mibfvX1UM3QiKRMtOgTJD5UUCkAWwOizMhZxDlxnFt9Af8r8aNPu49WT9cTftiRD
+HERxg4sCtbleJpDqW8a8mqdra1K71bKBt5HzZBJTDy+Fgj/
-----END CERTIFICATE-----