Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215729.roa
File:                     AS215729.roa (raw, json)
Hash identifier:          qL/OeXlhk5GkwmYWnVxst7uvDh+vgDJaMmefMv1/Ydc=
Subject key identifier:   10:1F:56:8D:C7:19:DD:3D:69:0E:5A:1A:36:77:C0:82:87:C4:B4:7E
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       2CC151E316F4FAD5545C7EAE17374DEFBEBAA62F
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215729.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215729
IP address blocks:        2a0f:85c1:351::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:c1:51:e3:16:f4:fa:d5:54:5c:7e:ae:17:37:4d:ef:be:ba:a6:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=101F568DC719DD3D690E5A1A3677C08287C4B47E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:2d:a0:30:b6:82:b0:eb:23:a2:eb:99:1c:8d:
                    4c:f7:bb:8b:5e:4a:17:87:79:00:d5:f3:54:03:7e:
                    98:03:a5:77:5f:df:f6:6c:f2:93:50:56:fb:29:9f:
                    5a:9d:79:71:1e:62:b9:e1:9d:b6:d2:7b:28:06:42:
                    1f:5c:54:f5:f2:70:84:28:91:67:2c:cf:11:80:a1:
                    aa:05:9a:87:c0:dd:95:f9:c9:3b:70:45:a2:9c:af:
                    46:9a:fa:a2:e9:67:87:79:58:18:6f:74:29:96:b9:
                    5f:4a:50:dc:d3:96:e0:43:8b:c1:f7:71:6d:2e:91:
                    37:96:e0:30:b0:80:3d:90:98:01:ab:6a:e5:92:ba:
                    88:20:91:13:cb:0f:b9:50:a6:ff:e9:79:a0:58:c9:
                    38:2b:da:d9:fc:5c:4e:c3:5a:63:5e:c6:0e:c4:6a:
                    74:e2:48:4a:11:b2:9e:ed:4d:a0:07:c7:53:33:a1:
                    63:22:06:56:62:52:06:09:ec:76:14:6f:25:f4:3d:
                    8b:4c:21:2a:07:ee:da:d2:1c:d8:67:43:cc:33:b6:
                    07:88:b3:a1:50:16:11:2a:58:0d:cc:a0:d4:77:9a:
                    26:50:17:a6:f5:27:c9:45:c8:b4:4d:43:0c:75:57:
                    be:74:ea:91:33:d3:6c:64:20:eb:bd:e2:5f:e3:a4:
                    e2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1F:56:8D:C7:19:DD:3D:69:0E:5A:1A:36:77:C0:82:87:C4:B4:7E
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215729.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:351::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:82:1e:5b:dc:09:89:8b:96:91:1b:2a:ae:85:0d:ec:34:ae:
         dd:b0:35:96:63:86:a6:e9:c1:ad:6c:46:94:37:1f:6b:7e:fa:
         4a:08:66:59:5e:7c:66:ec:a8:e7:9c:6f:3b:28:7d:3c:ad:ba:
         eb:7c:fa:1e:90:53:93:bc:f8:c9:e1:8e:36:14:15:8a:bf:9b:
         ea:7f:ad:1f:cd:b0:fb:b6:82:07:f9:4d:15:ef:90:4b:6d:e0:
         98:74:ac:75:16:25:0a:aa:33:ac:97:50:8e:8b:73:2c:3f:f0:
         47:66:f4:81:3d:88:21:94:48:62:4c:0b:36:4c:bc:51:32:f9:
         89:95:36:bd:91:9b:02:c0:9b:59:3c:e8:a1:e1:17:b3:1b:44:
         af:0e:3b:a2:88:22:4b:8f:78:4c:cb:c3:59:bf:4a:cd:e9:32:
         e5:de:af:39:ff:25:da:57:4b:40:60:c0:f0:ef:cc:d4:f2:ca:
         5d:31:b6:81:a4:ab:2a:f0:a1:d8:a5:93:30:47:cb:fe:e7:8e:
         3c:fb:cd:2b:1a:7e:7d:c1:38:3c:70:50:4d:38:be:41:7c:2e:
         39:d3:c1:73:a5:86:3c:de:97:8d:51:e2:7c:2c:8f:a9:a3:29:
         a3:59:4f:58:6c:45:e3:b4:24:0b:15:d9:8c:cd:7a:1c:a9:0d:
         59:41:71:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULMFR4xb0+tVUXH6uFzdN7766pi8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDEwMUY1NjhEQzcxOUREM0Q2OTBFNUExQTM2NzdDMDgyODdDNEI0N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLaAwtoKw6yOi65kcjUz3u4te
SheHeQDV81QDfpgDpXdf3/Zs8pNQVvspn1qdeXEeYrnhnbbSeygGQh9cVPXycIQo
kWcszxGAoaoFmofA3ZX5yTtwRaKcr0aa+qLpZ4d5WBhvdCmWuV9KUNzTluBDi8H3
cW0ukTeW4DCwgD2QmAGrauWSuoggkRPLD7lQpv/peaBYyTgr2tn8XE7DWmNexg7E
anTiSEoRsp7tTaAHx1MzoWMiBlZiUgYJ7HYUbyX0PYtMISoH7trSHNhnQ8wztgeI
s6FQFhEqWA3MoNR3miZQF6b1J8lFyLRNQwx1V7506pEz02xkIOu94l/jpOJdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUEB9WjccZ3T1pDloaNnfAgofEtH4wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NzI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNRMA0GCSqGSIb3DQEBCwUAA4IBAQCKgh5b3AmJi5aRGyquhQ3sNK7dsDWWY4am
6cGtbEaUNx9rfvpKCGZZXnxm7KjnnG87KH08rbrrfPoekFOTvPjJ4Y42FBWKv5vq
f60fzbD7toIH+U0V75BLbeCYdKx1FiUKqjOsl1COi3MsP/BHZvSBPYghlEhiTAs2
TLxRMvmJlTa9kZsCwJtZPOih4RezG0SvDjuiiCJLj3hMy8NZv0rN6TLl3q85/yXa
V0tAYMDw78zU8spdMbaBpKsq8KHYpZMwR8v+5448+80rGn59wTg8cFBNOL5BfC45
08FzpYY83peNUeJ8LI+poymjWU9YbEXjtCQLFdmMzXocqQ1ZQXHo
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org