Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215899.roa
File:                     AS215899.roa (raw, json)
Hash identifier:          ynsgaqc+4Y1RRLImciP5GxyaPEQKHNi5GDIw5s9VEpQ=
Subject key identifier:   C2:92:CD:B4:57:44:5C:29:A2:56:8A:B9:41:A4:B6:16:22:02:24:12
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       543B47BA5D34304F543DFFF6007DF16F596C2C1C
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215899.roa
Signing time:             Thu 23 May 2024 16:49:12 +0000
ROA not before:           Thu 23 May 2024 16:44:12 +0000
ROA not after:            Thu 22 May 2025 16:49:12 +0000
asID:                     215899
IP address blocks:        2a0f:85c1:334::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:3b:47:ba:5d:34:30:4f:54:3d:ff:f6:00:7d:f1:6f:59:6c:2c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:12 2024 GMT
            Not After : May 22 16:49:12 2025 GMT
        Subject: CN=C292CDB457445C29A2568AB941A4B61622022412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:29:32:e4:17:80:6b:f9:53:bd:87:d2:be:fa:
                    7d:77:fa:71:04:60:ca:68:4a:92:3a:ba:d9:f0:7c:
                    16:0e:e0:dd:d7:c5:a4:bc:42:3f:0d:5d:f0:bc:2d:
                    ec:77:f2:ca:33:be:36:39:2c:ef:91:a9:be:24:28:
                    55:90:ee:a2:35:44:90:c8:c0:ad:28:58:54:d8:dc:
                    1b:0e:aa:39:83:cd:58:61:3c:f6:66:fb:28:ec:72:
                    55:9e:03:d8:e9:5f:04:b1:7f:ab:bf:66:97:ec:d4:
                    45:82:5f:25:35:1d:71:12:ac:1a:b6:82:f4:88:27:
                    a6:cc:7d:34:2e:11:d5:ce:6f:45:8c:93:4e:7d:b8:
                    b6:6b:d5:c4:e4:a6:63:64:7c:6e:3f:1a:c9:d4:77:
                    82:99:a7:15:d6:cc:24:68:e2:cc:54:7a:de:bf:fd:
                    8c:6c:b5:d4:d3:b4:28:11:bd:59:46:35:17:89:31:
                    f5:2c:68:5f:3f:b2:82:57:fa:39:af:a4:ee:ab:45:
                    a3:17:78:13:a7:5b:f6:5c:13:66:ca:cd:2a:46:98:
                    7d:c9:a2:37:3d:20:b7:e7:2d:4c:15:ce:c6:24:93:
                    f2:61:ac:38:c9:72:7d:29:a0:3d:ca:1c:50:ea:6e:
                    79:7c:0e:3e:01:ea:c9:af:75:e7:81:02:0c:50:0e:
                    89:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:92:CD:B4:57:44:5C:29:A2:56:8A:B9:41:A4:B6:16:22:02:24:12
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215899.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:334::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:4b:47:2e:ef:8e:57:01:9b:10:2a:d4:8f:46:8a:2b:9f:8a:
         83:02:3d:34:ad:99:e4:c1:9f:1b:ff:ff:87:6d:bc:ac:ad:83:
         40:11:1d:c9:61:84:17:40:2d:94:90:7e:24:48:0f:1f:89:f9:
         52:b3:65:e3:48:89:43:da:e0:d5:b5:61:09:d2:68:b1:c3:53:
         58:48:f6:be:bf:f8:b1:88:99:ee:49:da:29:df:09:de:fb:c8:
         9f:cf:dd:d8:08:dc:a0:6a:cb:8f:0e:66:04:7f:63:da:0c:90:
         89:d5:d3:e7:61:dd:59:7f:3d:05:b9:41:98:17:a9:3a:8a:e0:
         1a:1d:df:ad:d7:22:d5:76:d5:66:b1:34:fa:f9:77:b2:d9:f9:
         3d:4e:69:4d:75:99:62:a0:2e:72:33:41:e7:ca:52:62:a8:80:
         83:da:48:36:66:5d:66:c0:bd:74:95:88:b7:d9:1f:14:45:1c:
         8e:7c:55:a6:5f:99:29:92:87:9e:75:b3:93:2c:c5:fa:38:65:
         05:bf:91:bd:3a:35:e7:0c:86:ee:e3:c4:21:18:bf:29:2e:51:
         cb:00:e1:f6:33:dc:ae:ec:e0:26:9c:29:1e:5e:e6:b3:3d:8c:
         cc:3e:ff:e8:22:24:9b:f1:e8:f5:35:28:7e:f8:41:90:73:b3:
         d8:94:66:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVDtHul00ME9UPf/2AH3xb1lsLBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTJaFw0yNTA1MjIxNjQ5MTJaMDMxMTAvBgNV
BAMTKEMyOTJDREI0NTc0NDVDMjlBMjU2OEFCOTQxQTRCNjE2MjIwMjI0MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFKTLkF4Br+VO9h9K++n13+nEE
YMpoSpI6utnwfBYO4N3XxaS8Qj8NXfC8Lex38sozvjY5LO+Rqb4kKFWQ7qI1RJDI
wK0oWFTY3BsOqjmDzVhhPPZm+yjsclWeA9jpXwSxf6u/Zpfs1EWCXyU1HXESrBq2
gvSIJ6bMfTQuEdXOb0WMk059uLZr1cTkpmNkfG4/GsnUd4KZpxXWzCRo4sxUet6/
/YxstdTTtCgRvVlGNReJMfUsaF8/soJX+jmvpO6rRaMXeBOnW/ZcE2bKzSpGmH3J
ojc9ILfnLUwVzsYkk/JhrDjJcn0poD3KHFDqbnl8Dj4B6smvdeeBAgxQDonFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwpLNtFdEXCmiVoq5QaS2FiICJBIwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1ODk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQM0MA0GCSqGSIb3DQEBCwUAA4IBAQAAS0cu745XAZsQKtSPRoorn4qDAj00rZnk
wZ8b//+HbbysrYNAER3JYYQXQC2UkH4kSA8fiflSs2XjSIlD2uDVtWEJ0mixw1NY
SPa+v/ixiJnuSdop3wne+8ifz93YCNygasuPDmYEf2PaDJCJ1dPnYd1Zfz0FuUGY
F6k6iuAaHd+t1yLVdtVmsTT6+Xey2fk9TmlNdZlioC5yM0HnylJiqICD2kg2Zl1m
wL10lYi32R8URRyOfFWmX5kpkoeedbOTLMX6OGUFv5G9OjXnDIbu48QhGL8pLlHL
AOH2M9yu7OAmnCkeXuazPYzMPv/oIiSb8ej1NSh++EGQc7PYlGZ6
-----END CERTIFICATE-----
Generated at Wed Jul 17 22:48:20 2024 by rpki-client on console-ams.rpki-client.org