Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215111.roa
File:                     AS215111.roa (raw, json)
Hash identifier:          MBEJSg3BjGPPXYkwfBr3PAInD3ZTbA5nWq5xv7JNHBo=
Subject key identifier:   DE:79:59:06:A5:52:67:FC:98:50:3B:CA:F0:20:59:B5:5B:4A:2E:6A
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       33039DD82EE049F4BEE67DBCF2837B458ECA0285
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215111.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     215111
IP address blocks:        2a0f:85c1:3be::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:03:9d:d8:2e:e0:49:f4:be:e6:7d:bc:f2:83:7b:45:8e:ca:02:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=DE795906A55267FC98503BCAF02059B55B4A2E6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e6:40:73:ea:7e:5f:de:d6:3b:b7:2b:20:4b:
                    a4:f1:4c:88:4e:9c:32:35:e9:c7:ee:ce:7d:cb:67:
                    64:4a:3e:f3:a6:ba:fc:13:18:db:13:48:60:21:95:
                    5b:3b:dc:12:f2:5f:60:fd:de:7c:6d:31:1e:09:53:
                    67:72:ff:93:17:d1:35:df:cc:95:a6:fc:76:4c:a8:
                    78:36:16:b8:9c:c0:f6:cf:38:7b:59:17:62:8b:95:
                    e4:04:30:d8:ac:1b:68:ae:e3:62:0b:df:73:1e:4e:
                    6e:5b:84:66:bf:28:22:77:6a:27:fe:c1:8d:6c:92:
                    4d:bf:d9:2d:a4:87:43:cb:e0:be:96:a8:47:72:e1:
                    07:f4:d5:f7:ab:fb:85:24:92:dd:9a:8b:f6:fb:82:
                    15:50:d6:d1:ae:60:98:f7:e1:5f:3a:19:b4:c9:81:
                    bb:e7:7a:31:3b:0c:a0:f3:ed:35:c2:73:64:04:8b:
                    8a:8f:30:7e:7e:9c:9d:a3:3e:e6:e9:67:c3:e8:ad:
                    1a:67:da:80:60:b6:3f:bb:26:72:cb:f8:2e:a1:ae:
                    5f:1d:ed:aa:20:ec:c9:ec:44:21:e4:a8:37:9d:06:
                    ca:1b:12:d7:b5:ba:86:c9:d2:d6:9c:25:90:a5:f6:
                    b7:ce:33:98:80:cc:28:4a:ec:34:63:1d:3d:13:1f:
                    ad:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:79:59:06:A5:52:67:FC:98:50:3B:CA:F0:20:59:B5:5B:4A:2E:6A
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3be::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:5f:0a:81:d7:ab:c6:67:ba:f4:69:a4:51:a3:91:52:3c:0b:
         f5:8f:cf:da:34:78:c2:31:e6:4a:02:b2:27:9b:65:d0:fa:39:
         33:57:44:a2:f8:95:fc:c9:1f:20:60:e0:a5:cf:f5:64:be:c0:
         6c:e9:7e:29:e7:92:c5:19:35:65:d8:fe:c3:7f:2c:70:99:63:
         bb:32:54:fe:ac:0b:96:e2:95:57:bc:af:f1:a9:f1:50:57:0c:
         e9:32:4c:7f:47:44:e7:56:4d:db:36:fa:ae:e4:03:94:f3:f6:
         06:48:db:bc:c8:d5:07:97:a9:70:b8:02:9d:24:c6:0c:90:ac:
         3b:87:f0:ec:8c:9d:16:4b:b3:73:42:ca:8f:9f:5f:be:88:ed:
         1f:52:b0:06:00:e7:42:b6:29:44:7b:ae:0a:5d:d0:27:01:e6:
         44:6b:0c:51:6f:e7:7e:64:91:d1:74:fc:09:33:1c:ff:90:1c:
         a1:3f:fb:59:cc:26:03:6d:5f:1f:d0:5a:59:2a:1a:82:fe:f5:
         5c:5d:fe:d8:95:84:72:94:4b:fe:6f:3e:7d:47:1f:e2:d1:26:
         46:bb:10:e0:9c:2a:4b:75:ed:48:27:63:bd:18:b5:24:00:b6:
         fc:3d:b4:84:84:63:66:23:91:bf:32:a8:1e:26:d8:2b:d2:a0:
         72:bd:41:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMwOd2C7gSfS+5n288oN7RY7KAoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKERFNzk1OTA2QTU1MjY3RkM5ODUwM0JDQUYwMjA1OUI1NUI0QTJFNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu5kBz6n5f3tY7tysgS6TxTIhO
nDI16cfuzn3LZ2RKPvOmuvwTGNsTSGAhlVs73BLyX2D93nxtMR4JU2dy/5MX0TXf
zJWm/HZMqHg2FricwPbPOHtZF2KLleQEMNisG2iu42IL33MeTm5bhGa/KCJ3aif+
wY1skk2/2S2kh0PL4L6WqEdy4Qf01fer+4Ukkt2ai/b7ghVQ1tGuYJj34V86GbTJ
gbvnejE7DKDz7TXCc2QEi4qPMH5+nJ2jPubpZ8PorRpn2oBgtj+7JnLL+C6hrl8d
7aog7MnsRCHkqDedBsobEte1uobJ0tacJZCl9rfOM5iAzChK7DRjHT0TH60jAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3nlZBqVSZ/yYUDvK8CBZtVtKLmowHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO+MA0GCSqGSIb3DQEBCwUAA4IBAQBPXwqB16vGZ7r0aaRRo5FSPAv1j8/aNHjC
MeZKArInm2XQ+jkzV0Si+JX8yR8gYOClz/VkvsBs6X4p55LFGTVl2P7DfyxwmWO7
MlT+rAuW4pVXvK/xqfFQVwzpMkx/R0TnVk3bNvqu5AOU8/YGSNu8yNUHl6lwuAKd
JMYMkKw7h/DsjJ0WS7NzQsqPn1++iO0fUrAGAOdCtilEe64KXdAnAeZEawxRb+d+
ZJHRdPwJMxz/kByhP/tZzCYDbV8f0FpZKhqC/vVcXf7YlYRylEv+bz59Rx/i0SZG
uxDgnCpLde1IJ2O9GLUkALb8PbSEhGNmI5G/MqgeJtgr0qByvUFj
-----END CERTIFICATE-----
Generated at Wed Jul 17 22:48:20 2024 by rpki-client on console-ams.rpki-client.org