Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215355.roa
File:                     AS215355.roa (raw, json)
Hash identifier:          sh8SBYUQAxlfTr0DLSfHE/LXfdG8BhaUO0xzunGcaiE=
Subject key identifier:   11:69:9B:EE:62:2A:C4:26:CB:B4:34:9F:03:76:51:97:E5:43:03:2D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1C4224284AB5281786E276C9BFA919C95C945311
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215355.roa
Signing time:             Sat 30 Nov 2024 00:59:17 +0000
ROA not before:           Sat 30 Nov 2024 00:54:17 +0000
ROA not after:            Sat 29 Nov 2025 00:59:17 +0000
asID:                     215355
IP address blocks:        46.203.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:42:24:28:4a:b5:28:17:86:e2:76:c9:bf:a9:19:c9:5c:94:53:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 30 00:54:17 2024 GMT
            Not After : Nov 29 00:59:17 2025 GMT
        Subject: CN=11699BEE622AC426CBB4349F03765197E543032D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:16:99:db:61:1c:57:52:37:44:a0:7d:f8:fc:
                    04:f2:16:a1:44:36:da:dc:de:02:c3:a6:4e:53:15:
                    f9:82:de:0b:bc:56:e6:9c:76:d9:6e:44:1f:4e:af:
                    0f:7f:0c:77:4c:c5:ca:24:8f:8a:d9:24:e2:7b:86:
                    a3:07:74:99:9d:91:1e:df:f9:1c:53:26:23:86:ce:
                    b2:14:9f:2f:69:77:1f:e0:c6:c3:61:a8:7e:83:f6:
                    c6:33:3e:27:42:1c:e3:10:c6:c1:69:95:18:5e:ac:
                    d6:b6:59:9a:21:b6:97:41:60:60:1d:7c:90:84:7f:
                    c5:fc:b2:8b:a5:45:e8:8a:dd:15:02:c2:ed:e2:7b:
                    b5:f4:78:fd:5a:d5:68:fe:5c:7a:1f:c3:19:5d:fd:
                    a2:11:8c:97:6c:1c:74:36:eb:ac:82:ad:4b:f6:d2:
                    8a:4b:2c:5e:a1:cd:30:9a:85:55:d8:d4:65:b5:10:
                    96:05:8b:99:52:ed:88:ec:5e:7f:ed:6b:b0:a9:40:
                    8e:19:d8:64:40:3b:c9:29:ff:f9:4e:78:03:5e:df:
                    3a:84:e1:77:92:c7:04:13:47:cd:3e:e4:04:c5:89:
                    a5:b3:12:1d:5c:0d:f3:c2:35:f8:de:d2:15:6b:4d:
                    65:8c:37:f1:a7:ea:d4:b8:eb:44:e0:3c:4c:60:b7:
                    94:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:69:9B:EE:62:2A:C4:26:CB:B4:34:9F:03:76:51:97:E5:43:03:2D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215355.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:31:70:98:88:d8:9d:11:34:98:84:e4:dd:c1:66:46:ab:b5:
         1f:4d:73:a2:24:c2:ea:c6:7d:3e:fd:4b:58:01:e3:54:03:dd:
         a4:a0:e0:29:b0:34:18:3b:28:2a:69:78:3c:67:61:45:5b:d8:
         5a:f2:b4:a1:32:18:69:c5:53:5d:95:13:0c:b2:65:fa:ea:3c:
         b4:8b:6c:3a:58:b6:31:f0:fb:43:ac:62:99:0d:56:79:b9:0a:
         48:11:d9:c3:7d:6e:2b:df:a7:ef:6b:d7:05:80:06:fd:93:ea:
         bd:d6:e6:e3:f4:ce:3c:60:49:e7:ef:0b:94:16:48:d3:44:d1:
         63:55:72:b3:57:ff:90:ee:77:27:4d:2c:23:d3:bd:05:fa:7f:
         32:f1:1f:1a:86:1e:ec:25:61:7b:1c:9f:c9:c8:ce:cf:dd:7d:
         f6:8e:d9:4d:18:27:86:b0:42:03:a8:09:4d:85:02:03:4f:2e:
         be:73:3d:ea:cb:a2:28:35:a8:74:f4:39:ac:da:e1:8d:2b:4d:
         bd:25:94:f3:0a:0e:6e:b6:45:de:85:5f:66:5d:da:4d:01:c1:
         28:9e:6e:a3:6b:c8:df:73:b8:45:61:8e:6a:a9:cb:fa:09:67:
         c2:b8:05:89:86:04:d0:c1:b0:ed:2b:b8:cb:f1:b4:a7:b1:8b:
         29:f1:53:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHEIkKEq1KBeG4nbJv6kZyVyUUxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMzAwMDU0MTdaFw0yNTExMjkwMDU5MTdaMDMxMTAvBgNV
BAMTKDExNjk5QkVFNjIyQUM0MjZDQkI0MzQ5RjAzNzY1MTk3RTU0MzAzMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWFpnbYRxXUjdEoH34/ATyFqFE
Ntrc3gLDpk5TFfmC3gu8VuacdtluRB9Orw9/DHdMxcokj4rZJOJ7hqMHdJmdkR7f
+RxTJiOGzrIUny9pdx/gxsNhqH6D9sYzPidCHOMQxsFplRherNa2WZohtpdBYGAd
fJCEf8X8soulReiK3RUCwu3ie7X0eP1a1Wj+XHofwxld/aIRjJdsHHQ266yCrUv2
0opLLF6hzTCahVXY1GW1EJYFi5lS7YjsXn/ta7CpQI4Z2GRAO8kp//lOeANe3zqE
4XeSxwQTR80+5ATFiaWzEh1cDfPCNfje0hVrTWWMN/Gn6tS460TgPExgt5RPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEWmb7mIqxCbLtDSfA3ZRl+VDAy0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1MzU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsve
MA0GCSqGSIb3DQEBCwUAA4IBAQCkMXCYiNidETSYhOTdwWZGq7UfTXOiJMLqxn0+
/UtYAeNUA92koOApsDQYOygqaXg8Z2FFW9ha8rShMhhpxVNdlRMMsmX66jy0i2w6
WLYx8PtDrGKZDVZ5uQpIEdnDfW4r36fva9cFgAb9k+q91ubj9M48YEnn7wuUFkjT
RNFjVXKzV/+Q7ncnTSwj070F+n8y8R8ahh7sJWF7HJ/JyM7P3X32jtlNGCeGsEID
qAlNhQIDTy6+cz3qy6IoNah09Dms2uGNK029JZTzCg5utkXehV9mXdpNAcEonm6j
a8jfc7hFYY5qqcv6CWfCuAWJhgTQwbDtK7jL8bSnsYsp8VNn
-----END CERTIFICATE-----