Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215255.roa
File:                     AS215255.roa (raw, json)
Hash identifier:          Ea4y14/TlDjtebGdd/HUqKZhe7/dqty73yOzN4PPi8k=
Subject key identifier:   AE:1E:72:5E:E1:73:06:3D:3A:AA:64:FD:00:FE:BC:06:B9:64:F0:03
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       73D2BD3A3F0F7773AC294205EDACA045B17E38D7
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215255.roa
Signing time:             Thu 23 May 2024 16:49:10 +0000
ROA not before:           Thu 23 May 2024 16:44:10 +0000
ROA not after:            Thu 22 May 2025 16:49:10 +0000
asID:                     215255
IP address blocks:        2a0f:85c1:39f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d2:bd:3a:3f:0f:77:73:ac:29:42:05:ed:ac:a0:45:b1:7e:38:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:10 2024 GMT
            Not After : May 22 16:49:10 2025 GMT
        Subject: CN=AE1E725EE173063D3AAA64FD00FEBC06B964F003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:49:36:c7:d0:91:66:21:bf:04:37:51:48:9b:
                    4b:61:3e:55:0f:03:80:2f:c7:a0:81:0e:7f:a4:e2:
                    f7:ad:a3:b7:94:e0:93:e3:e0:07:c4:1c:9a:89:f9:
                    96:da:f3:82:0f:0c:9e:af:12:38:52:2b:83:38:cf:
                    45:67:e0:7d:0a:9b:4b:55:85:89:fb:96:ae:48:50:
                    9b:e4:9f:fe:5d:57:d4:4e:05:77:7d:6c:a5:4b:bf:
                    67:8e:40:11:40:5d:6b:a2:a0:2d:73:54:e5:43:2b:
                    d0:64:1b:d5:0d:a7:b5:64:aa:a8:f2:d3:17:97:22:
                    cc:cd:12:48:61:38:60:44:bf:4c:de:0e:14:3a:f2:
                    8c:40:1e:7f:8f:38:d5:bd:c5:18:21:23:a3:06:4c:
                    0b:dd:c8:8f:b1:17:66:61:77:b1:51:44:d4:b2:bf:
                    1f:63:26:ad:24:bf:ac:d7:e6:07:86:e7:19:fa:18:
                    6a:b2:8e:a8:e2:ef:b4:09:0f:a2:ca:b6:4e:c7:8d:
                    11:b7:c4:de:1d:ed:0d:b3:36:98:91:5e:81:a6:75:
                    60:ed:74:80:19:b4:dd:30:60:78:1f:cd:b4:90:f9:
                    7a:d7:f9:cd:fa:2f:db:1b:16:06:5f:01:c4:b7:6c:
                    7f:39:a8:22:7a:a8:40:37:3b:56:52:f3:f8:84:32:
                    d5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1E:72:5E:E1:73:06:3D:3A:AA:64:FD:00:FE:BC:06:B9:64:F0:03
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215255.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:82:5b:7a:7f:5b:24:26:de:1d:0c:da:10:51:b5:89:98:5c:
         d2:c8:c4:a0:6d:b2:23:47:59:f5:fc:e0:7a:b5:58:e4:41:bc:
         1d:1d:19:1c:7a:f7:a3:81:b7:62:c9:1f:28:d5:59:9a:76:21:
         f5:a0:88:ee:3c:59:6e:96:b5:60:d5:78:a7:ca:f9:c3:f3:c5:
         2f:9e:ec:7e:93:be:5a:ed:12:a9:f1:44:27:45:ec:66:6a:8a:
         af:8e:18:49:94:7e:f8:5b:31:0a:ae:e4:85:51:6a:5a:88:2e:
         cd:16:c8:3b:96:eb:14:45:b4:1a:f2:69:29:f7:58:a1:d1:c6:
         a7:0c:81:51:ae:7e:0c:12:64:e5:79:dd:2b:5f:15:21:7b:37:
         55:47:b7:85:28:2d:c9:0c:59:6a:1d:65:dd:9f:01:39:34:fc:
         8f:63:ed:69:b7:fa:59:e8:56:90:ec:5e:34:dc:24:1f:0c:a1:
         e5:b5:24:21:92:3b:7c:5e:06:09:44:60:a8:e1:42:2b:b5:90:
         ed:1d:1a:65:67:b3:eb:ac:cc:13:7d:b4:f0:42:9d:6f:ab:7b:
         73:9d:1c:c0:84:39:40:23:b3:9c:be:bb:de:7c:ad:37:36:61:
         c5:79:5a:ec:07:1a:cb:40:78:38:1d:8f:28:0b:00:7c:21:7e:
         1c:23:9e:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUc9K9Oj8Pd3OsKUIF7aygRbF+ONcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTBaFw0yNTA1MjIxNjQ5MTBaMDMxMTAvBgNV
BAMTKEFFMUU3MjVFRTE3MzA2M0QzQUFBNjRGRDAwRkVCQzA2Qjk2NEYwMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDSTbH0JFmIb8EN1FIm0thPlUP
A4Avx6CBDn+k4veto7eU4JPj4AfEHJqJ+Zba84IPDJ6vEjhSK4M4z0Vn4H0Km0tV
hYn7lq5IUJvkn/5dV9ROBXd9bKVLv2eOQBFAXWuioC1zVOVDK9BkG9UNp7Vkqqjy
0xeXIszNEkhhOGBEv0zeDhQ68oxAHn+PONW9xRghI6MGTAvdyI+xF2Zhd7FRRNSy
vx9jJq0kv6zX5geG5xn6GGqyjqji77QJD6LKtk7HjRG3xN4d7Q2zNpiRXoGmdWDt
dIAZtN0wYHgfzbSQ+XrX+c36L9sbFgZfAcS3bH85qCJ6qEA3O1ZS8/iEMtW5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUrh5yXuFzBj06qmT9AP68Brlk8AMwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MjU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOfMA0GCSqGSIb3DQEBCwUAA4IBAQAMglt6f1skJt4dDNoQUbWJmFzSyMSgbbIj
R1n1/OB6tVjkQbwdHRkcevejgbdiyR8o1VmadiH1oIjuPFlulrVg1XinyvnD88Uv
nux+k75a7RKp8UQnRexmaoqvjhhJlH74WzEKruSFUWpaiC7NFsg7lusURbQa8mkp
91ih0canDIFRrn4MEmTled0rXxUhezdVR7eFKC3JDFlqHWXdnwE5NPyPY+1pt/pZ
6FaQ7F403CQfDKHltSQhkjt8XgYJRGCo4UIrtZDtHRplZ7PrrMwTfbTwQp1vq3tz
nRzAhDlAI7OcvrvefK03NmHFeVrsBxrLQHg4HY8oCwB8IX4cI561
-----END CERTIFICATE-----
Generated at Wed Jul 17 22:48:20 2024 by rpki-client on console-ams.rpki-client.org