Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215221.roa
File:                     AS215221.roa (raw, json)
Hash identifier:          w1jclgy0BAdw5nFUHunLTykEZTbnnyW1JtciKRdkS38=
Subject key identifier:   FB:88:B2:1D:DE:60:69:CC:9E:DC:17:9A:26:1F:B0:D8:29:70:4F:98
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       19A448069583516FE89C953635C507D8FD45D83C
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215221.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215221
IP address blocks:        2a0f:85c1:3a7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a4:48:06:95:83:51:6f:e8:9c:95:36:35:c5:07:d8:fd:45:d8:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=FB88B21DDE6069CC9EDC179A261FB0D829704F98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c9:06:55:62:57:1f:e1:92:5b:3b:bc:15:7d:
                    2e:d4:e6:f0:24:ec:bb:3b:8a:33:23:5f:d0:fc:d1:
                    ba:ef:e7:c0:4c:8f:51:04:cf:44:91:73:e2:00:1e:
                    15:f9:85:15:21:6a:cf:25:30:f6:01:70:53:5d:ee:
                    fa:73:23:a7:d8:7c:19:1c:a7:67:07:8b:6f:ab:3c:
                    1f:27:ac:23:33:90:c4:3f:c2:f3:fc:1e:c4:f5:dd:
                    94:f6:8f:ea:c5:2f:dd:c6:42:22:c5:17:7b:ae:87:
                    08:0e:65:24:44:46:44:b7:4d:79:5f:29:38:30:ac:
                    f6:11:c8:a5:4e:9a:d1:b2:2d:cc:20:75:de:89:4a:
                    fc:e8:dc:51:55:85:01:ff:31:a2:22:25:ac:d6:92:
                    22:7a:c3:ca:c9:b7:4d:9f:69:03:fd:4e:ac:29:24:
                    44:d1:3c:07:7a:8a:14:9d:18:c3:91:1a:3b:d4:3e:
                    29:ca:06:c3:d1:22:6a:84:3e:82:5f:7e:38:32:f8:
                    50:ae:6d:f0:99:34:24:9a:be:45:f0:cf:33:0d:8d:
                    7a:cb:56:26:c4:5f:56:73:ec:f8:87:b7:e6:3e:3d:
                    ce:ee:69:18:4b:4b:f9:d0:6e:f3:f7:ff:89:d3:f2:
                    8c:c2:de:4b:7a:ef:78:91:58:55:ee:23:f0:28:82:
                    64:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:88:B2:1D:DE:60:69:CC:9E:DC:17:9A:26:1F:B0:D8:29:70:4F:98
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:a0:be:e8:37:da:4f:6d:d0:4a:ee:b1:6a:51:9b:c5:37:ae:
         c8:0a:f4:c3:bf:2a:aa:6d:4f:a0:48:00:7f:dc:07:dd:2c:7c:
         c2:d5:83:96:df:08:f7:35:d5:ad:3a:9a:ae:1d:1a:bd:9f:1b:
         bb:bc:ee:d8:a8:2f:72:1b:5c:70:74:3a:13:35:97:7c:a7:ba:
         c2:25:b9:70:df:38:eb:a9:a2:fc:bf:20:84:ed:4c:6c:1a:40:
         5b:20:86:b5:42:f6:13:82:4c:e6:9d:02:02:9f:fd:fa:79:94:
         24:84:79:9e:60:1d:cf:dc:b2:c5:89:cf:35:91:15:49:c3:f3:
         4b:eb:33:b5:8c:64:13:cc:97:96:99:e0:ac:ab:11:eb:d5:7e:
         3e:b1:93:d7:4d:72:22:a0:55:0b:2e:54:9b:77:d5:26:f8:7b:
         4f:89:fa:4e:a3:74:64:15:e8:35:2c:7b:02:e8:43:e7:e6:6f:
         1a:5e:28:48:05:0a:54:82:f2:19:1e:64:f8:ec:c4:a0:b2:96:
         e0:76:a3:00:f3:4d:09:d6:b3:ba:35:6f:67:cc:41:a3:70:cf:
         79:68:f4:f5:55:5e:4b:c5:83:ec:70:b4:62:b3:da:2d:c4:3b:
         6b:ec:46:48:29:95:c3:53:b3:4c:5c:8f:ed:b5:c4:67:ef:90:
         14:a8:1b:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGaRIBpWDUW/onJU2NcUH2P1F2DwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKEZCODhCMjFEREU2MDY5Q0M5RURDMTc5QTI2MUZCMEQ4Mjk3MDRGOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSyQZVYlcf4ZJbO7wVfS7U5vAk
7Ls7ijMjX9D80brv58BMj1EEz0SRc+IAHhX5hRUhas8lMPYBcFNd7vpzI6fYfBkc
p2cHi2+rPB8nrCMzkMQ/wvP8HsT13ZT2j+rFL93GQiLFF3uuhwgOZSRERkS3TXlf
KTgwrPYRyKVOmtGyLcwgdd6JSvzo3FFVhQH/MaIiJazWkiJ6w8rJt02faQP9Tqwp
JETRPAd6ihSdGMORGjvUPinKBsPRImqEPoJffjgy+FCubfCZNCSavkXwzzMNjXrL
VibEX1Zz7PiHt+Y+Pc7uaRhLS/nQbvP3/4nT8ozC3kt673iRWFXuI/AogmRFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+4iyHd5gacye3BeaJh+w2ClwT5gwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOnMA0GCSqGSIb3DQEBCwUAA4IBAQCzoL7oN9pPbdBK7rFqUZvFN67ICvTDvyqq
bU+gSAB/3AfdLHzC1YOW3wj3NdWtOpquHRq9nxu7vO7YqC9yG1xwdDoTNZd8p7rC
Jblw3zjrqaL8vyCE7UxsGkBbIIa1QvYTgkzmnQICn/36eZQkhHmeYB3P3LLFic81
kRVJw/NL6zO1jGQTzJeWmeCsqxHr1X4+sZPXTXIioFULLlSbd9Um+HtPifpOo3Rk
Feg1LHsC6EPn5m8aXihIBQpUgvIZHmT47MSgspbgdqMA800J1rO6NW9nzEGjcM95
aPT1VV5LxYPscLRis9otxDtr7EZIKZXDU7NMXI/ttcRn75AUqBsX
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org