Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          8g+vXQkikUmctzhSz95KES3Mc8IwcumqyuWM6GE8KTs=
Subject key identifier:   3C:F9:D7:91:94:08:54:62:F9:FB:80:4E:88:6D:C7:B5:F0:CE:01:D4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       772E1991FDB3DC16CEFC8C030C64C96105C74424
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215703.roa
Signing time:             Fri 29 Nov 2024 21:09:20 +0000
ROA not before:           Fri 29 Nov 2024 21:04:20 +0000
ROA not after:            Fri 28 Nov 2025 21:09:20 +0000
asID:                     215703
IP address blocks:        46.203.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:2e:19:91:fd:b3:dc:16:ce:fc:8c:03:0c:64:c9:61:05:c7:44:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 29 21:04:20 2024 GMT
            Not After : Nov 28 21:09:20 2025 GMT
        Subject: CN=3CF9D79194085462F9FB804E886DC7B5F0CE01D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6f:75:e4:ae:38:eb:5c:56:3a:0c:99:db:b2:
                    a6:f6:7a:d3:6e:a2:d4:5d:e4:4b:e7:3d:a5:ff:6e:
                    66:c7:70:73:5a:31:47:13:fc:3d:75:35:2b:c6:40:
                    bd:09:6a:9e:e6:12:10:26:f9:3b:56:b9:42:18:3b:
                    65:cc:6c:ac:39:bc:58:4a:8b:82:f8:8d:77:fe:29:
                    b7:6a:a2:8d:ae:bc:88:5c:e4:bb:20:fa:d9:dc:10:
                    6e:d4:9d:a7:c7:68:30:7b:b0:66:98:66:aa:ca:c3:
                    af:ce:77:d9:4a:46:04:b2:8d:e2:0c:ea:fd:b4:67:
                    04:63:db:54:21:6a:00:06:09:30:22:dd:d2:3c:65:
                    75:5a:86:03:b2:84:55:62:d0:0f:2f:2b:33:f9:b4:
                    61:dd:ca:8f:77:0b:c9:e2:c7:0c:b2:c4:73:df:95:
                    e9:fe:c8:e0:b4:d5:82:18:5d:23:19:5d:e7:76:c5:
                    4d:2a:9d:02:f5:d0:17:88:16:09:b9:3f:7e:bc:59:
                    ce:b0:4d:5d:29:cc:eb:55:ac:64:25:dd:0c:c8:bd:
                    cd:09:58:37:20:bc:5e:64:7c:e1:fb:ab:ed:e0:22:
                    8d:44:82:f4:06:3a:d5:bf:22:2f:a9:87:44:b1:87:
                    99:b1:36:af:8e:23:f4:4e:bb:43:9c:ae:fd:63:d4:
                    f7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F9:D7:91:94:08:54:62:F9:FB:80:4E:88:6D:C7:B5:F0:CE:01:D4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:5f:b7:86:eb:c8:2d:8c:da:ab:dc:97:d7:e4:48:a4:b1:ff:
         8b:a5:7e:ed:02:fc:df:61:f3:8c:09:85:0c:b8:30:d1:e5:f0:
         69:91:19:1f:64:df:3c:a9:de:0e:80:d9:bc:5e:0d:2b:ee:80:
         0f:d1:f3:b6:53:8f:e1:fe:0c:ac:fa:12:a2:91:48:e3:d5:3b:
         2c:59:00:71:61:c1:4a:e8:cc:f9:b3:dd:45:80:99:f3:61:49:
         20:b7:f2:df:d1:76:bf:4a:ad:6d:f7:fc:d5:ed:38:08:26:6f:
         ca:99:f8:06:53:49:da:fc:48:bd:58:18:11:a2:f3:3d:80:d8:
         76:a8:38:88:44:14:3c:85:71:90:b4:10:2a:dd:74:69:e1:88:
         8c:1d:db:e4:a7:14:b5:42:79:79:37:1a:11:d6:d4:f2:62:18:
         39:92:27:d9:aa:d5:34:6f:b7:a5:27:0d:2a:8e:86:e5:de:d6:
         80:e9:92:35:a1:bc:64:46:f9:71:91:45:7e:35:50:db:12:06:
         24:34:9a:8b:5f:fa:49:cb:fb:8b:68:cd:0a:49:c4:e0:48:52:
         59:5c:8f:02:cb:28:73:b7:0f:93:0c:01:96:03:1a:c9:fb:6d:
         fc:d8:c9:75:a6:82:44:39:78:85:c1:ce:d9:d3:92:59:f0:9f:
         0d:b7:2b:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdy4Zkf2z3BbO/IwDDGTJYQXHRCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMjkyMTA0MjBaFw0yNTExMjgyMTA5MjBaMDMxMTAvBgNV
BAMTKDNDRjlENzkxOTQwODU0NjJGOUZCODA0RTg4NkRDN0I1RjBDRTAxRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVb3XkrjjrXFY6DJnbsqb2etNu
otRd5EvnPaX/bmbHcHNaMUcT/D11NSvGQL0Jap7mEhAm+TtWuUIYO2XMbKw5vFhK
i4L4jXf+Kbdqoo2uvIhc5Lsg+tncEG7UnafHaDB7sGaYZqrKw6/Od9lKRgSyjeIM
6v20ZwRj21QhagAGCTAi3dI8ZXVahgOyhFVi0A8vKzP5tGHdyo93C8nixwyyxHPf
len+yOC01YIYXSMZXed2xU0qnQL10BeIFgm5P368Wc6wTV0pzOtVrGQl3QzIvc0J
WDcgvF5kfOH7q+3gIo1EgvQGOtW/Ii+ph0Sxh5mxNq+OI/ROu0Ocrv1j1PcBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPPnXkZQIVGL5+4BOiG3HtfDOAdQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsvp
MA0GCSqGSIb3DQEBCwUAA4IBAQAEX7eG68gtjNqr3JfX5Eiksf+LpX7tAvzfYfOM
CYUMuDDR5fBpkRkfZN88qd4OgNm8Xg0r7oAP0fO2U4/h/gys+hKikUjj1TssWQBx
YcFK6Mz5s91FgJnzYUkgt/Lf0Xa/Sq1t9/zV7TgIJm/KmfgGU0na/Ei9WBgRovM9
gNh2qDiIRBQ8hXGQtBAq3XRp4YiMHdvkpxS1Qnl5NxoR1tTyYhg5kifZqtU0b7el
Jw0qjobl3taA6ZI1obxkRvlxkUV+NVDbEgYkNJqLX/pJy/uLaM0KScTgSFJZXI8C
yyhztw+TDAGWAxrJ+2382Ml1poJEOXiFwc7Z05JZ8J8NtysA
-----END CERTIFICATE-----