Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215743.roa
File:                     AS215743.roa (raw, json)
Hash identifier:          /ebg+A4XW2LjWAsBR2bpsjz/uwuX2b+MoZRulC/y57Y=
Subject key identifier:   84:7F:0D:BE:F2:21:FF:8F:C9:9F:6C:C8:D8:28:C3:7D:BE:08:41:97
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5C7D08DAC77EF3CB195391A47815D463654772B6
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215743.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     215743
IP address blocks:        2a0f:85c1:347::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:7d:08:da:c7:7e:f3:cb:19:53:91:a4:78:15:d4:63:65:47:72:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=847F0DBEF221FF8FC99F6CC8D828C37DBE084197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:97:5b:cd:41:8c:33:c4:f0:45:9b:e3:79:9c:
                    a3:f2:db:a4:fb:d9:5a:02:18:1d:ad:c6:e5:bc:e5:
                    20:b0:04:e2:29:15:77:0d:cd:c5:ce:49:31:22:8e:
                    3a:93:a3:f4:1f:8f:e1:9a:ff:ad:32:e3:1a:be:21:
                    3b:da:cc:7f:76:14:22:3d:fb:c7:7c:31:47:f4:18:
                    2c:c0:a5:49:98:50:b8:51:e6:b5:36:4d:f7:1c:e3:
                    7b:a9:6f:cd:cd:a2:b1:84:9c:a4:d3:32:1c:f5:49:
                    9d:5f:60:38:f7:07:0d:1a:14:89:b2:5e:d2:94:7a:
                    ac:b9:ab:97:48:03:67:56:a9:fc:aa:ac:9b:7b:89:
                    91:c7:86:2e:7e:ac:3b:3c:3c:40:03:55:8d:e8:55:
                    98:6f:c3:77:0b:05:1f:2f:17:30:5e:89:4d:28:fd:
                    2d:cb:c1:7b:37:0f:16:61:30:4f:e1:ff:98:46:f4:
                    84:e0:1e:57:d4:39:0c:63:5b:df:f9:9e:5a:2a:4c:
                    6e:38:25:21:3e:c3:fe:49:bd:0f:92:19:28:94:38:
                    47:66:6e:77:e6:ba:21:a0:68:2b:57:0b:37:db:26:
                    7e:e4:b0:27:49:96:7e:47:c2:8f:10:8e:c3:66:65:
                    51:f5:78:cd:9c:1f:4e:f2:e0:f5:00:81:11:b4:42:
                    1e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:7F:0D:BE:F2:21:FF:8F:C9:9F:6C:C8:D8:28:C3:7D:BE:08:41:97
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215743.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:347::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:62:6d:dd:45:23:c7:1c:e1:60:94:b8:de:91:54:a5:85:40:
         00:74:75:66:1f:c0:57:a2:4c:3f:51:af:1d:c8:ae:15:49:61:
         1f:95:fe:17:b5:41:ff:3c:00:e3:69:41:08:3e:01:89:63:5e:
         2e:af:6f:cf:05:ae:96:d3:7f:08:72:2f:4c:ff:e2:df:bc:48:
         8e:50:fd:d2:1c:0a:20:ed:0a:03:48:bc:81:05:01:72:68:2b:
         97:ec:59:a9:19:12:04:83:ef:5d:08:15:7a:24:52:5c:3a:70:
         09:ba:c8:d0:34:57:53:aa:8b:53:5a:be:09:a8:f4:57:e7:e4:
         89:7e:be:94:b2:8e:ae:b0:ae:07:bb:64:16:19:4b:ab:9d:e7:
         b7:93:6e:07:fc:f7:76:62:a9:be:d1:c5:67:f1:2e:48:7a:2b:
         d5:dd:7a:6f:c1:b0:19:72:6b:03:7c:be:02:88:78:1a:ee:d5:
         fc:a8:9c:6e:14:e7:2e:08:12:be:f6:45:2b:2f:b4:f6:61:7a:
         56:7b:15:7c:8d:d5:d8:df:6b:ed:3a:60:1c:3a:41:21:f5:c2:
         42:8e:37:82:ff:11:f4:90:a2:7f:78:f7:fb:d0:1c:df:1e:a0:
         dc:23:35:b5:95:c6:cf:e6:a2:bf:9f:a0:fa:e0:79:73:7a:71:
         e9:cc:e4:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUXH0I2sd+88sZU5GkeBXUY2VHcrYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKDg0N0YwREJFRjIyMUZGOEZDOTlGNkNDOEQ4MjhDMzdEQkUwODQxOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgl1vNQYwzxPBFm+N5nKPy26T7
2VoCGB2txuW85SCwBOIpFXcNzcXOSTEijjqTo/Qfj+Ga/60y4xq+ITvazH92FCI9
+8d8MUf0GCzApUmYULhR5rU2Tfcc43upb83NorGEnKTTMhz1SZ1fYDj3Bw0aFImy
XtKUeqy5q5dIA2dWqfyqrJt7iZHHhi5+rDs8PEADVY3oVZhvw3cLBR8vFzBeiU0o
/S3LwXs3DxZhME/h/5hG9ITgHlfUOQxjW9/5nloqTG44JSE+w/5JvQ+SGSiUOEdm
bnfmuiGgaCtXCzfbJn7ksCdJln5Hwo8QjsNmZVH1eM2cH07y4PUAgRG0Qh5BAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhH8NvvIh/4/Jn2zI2CjDfb4IQZcwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1NzQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNHMA0GCSqGSIb3DQEBCwUAA4IBAQAvYm3dRSPHHOFglLjekVSlhUAAdHVmH8BX
okw/Ua8dyK4VSWEflf4XtUH/PADjaUEIPgGJY14ur2/PBa6W038Ici9M/+LfvEiO
UP3SHAog7QoDSLyBBQFyaCuX7FmpGRIEg+9dCBV6JFJcOnAJusjQNFdTqotTWr4J
qPRX5+SJfr6Uso6usK4Hu2QWGUurnee3k24H/Pd2Yqm+0cVn8S5IeivV3XpvwbAZ
cmsDfL4CiHga7tX8qJxuFOcuCBK+9kUrL7T2YXpWexV8jdXY32vtOmAcOkEh9cJC
jjeC/xH0kKJ/ePf70BzfHqDcIzW1lcbP5qK/n6D64HlzenHpzOQ0
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:35:22 2024 by rpki-client on console-ams.rpki-client.org