Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215672.roa
File:                     AS215672.roa (raw, json)
Hash identifier:          bxMu0GCWj6jzHc3fQUX8HnECLrlfEFrUNiNr0EtlUdA=
Subject key identifier:   19:36:C0:64:38:5F:28:D9:F6:8A:FE:98:8A:10:EE:E6:1D:67:9F:04
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5FD9EC78CC0DF1F459F6FF2B9A086BD23CE2FED5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215672.roa
Signing time:             Tue 06 May 2025 04:59:57 +0000
ROA not before:           Tue 06 May 2025 04:54:57 +0000
ROA not after:            Tue 05 May 2026 04:59:57 +0000
asID:                     215672
IP address blocks:        155.117.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:d9:ec:78:cc:0d:f1:f4:59:f6:ff:2b:9a:08:6b:d2:3c:e2:fe:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 04:54:57 2025 GMT
            Not After : May  5 04:59:57 2026 GMT
        Subject: CN=1936C064385F28D9F68AFE988A10EEE61D679F04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:29:49:f7:61:06:05:8e:4b:99:ff:74:6c:9c:
                    7a:1d:a6:d4:c6:e5:dc:b9:82:c7:26:64:a1:b8:33:
                    5d:0d:5d:db:64:5d:07:23:11:b2:82:b8:83:8d:e2:
                    92:1b:db:68:3e:84:a3:06:4d:ff:a4:32:ab:48:b9:
                    81:da:e1:1e:d3:a6:58:b6:9c:c2:0e:bb:93:13:27:
                    5e:77:61:08:31:48:f8:84:b9:cf:72:6b:bd:f8:9f:
                    79:0e:75:89:7b:e9:bb:e8:7b:30:c7:89:53:c8:dd:
                    8c:8f:cb:56:a9:87:16:ce:d0:da:17:e4:4a:24:7d:
                    4c:49:c7:8b:53:76:60:b3:c0:76:26:a1:95:36:74:
                    18:f6:61:c2:ea:1a:5c:1b:4f:10:37:9b:d0:71:d4:
                    10:43:84:a7:27:e1:8a:6c:02:30:eb:9e:5a:4e:04:
                    eb:d8:f6:81:88:b1:88:51:9e:bc:13:80:fc:dd:84:
                    4b:bc:44:de:86:3f:15:de:3c:b7:cd:93:d4:1a:ec:
                    ec:9c:68:c1:b4:18:74:05:2d:8a:cb:42:fc:64:23:
                    90:89:2c:ac:b9:cd:2a:0c:65:99:4f:63:0b:79:aa:
                    15:95:bc:f2:1f:dc:08:bf:e0:9a:6c:71:cc:e8:37:
                    83:60:bc:2e:f8:10:5c:ef:6f:de:d7:2c:1e:9f:9a:
                    16:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:36:C0:64:38:5F:28:D9:F6:8A:FE:98:8A:10:EE:E6:1D:67:9F:04
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:f9:14:ef:5e:6e:d3:e6:75:a3:26:3a:f7:22:c2:bd:d2:83:
         a9:85:48:8e:e0:80:d8:e1:fe:d2:3b:1d:91:34:a5:f1:43:fd:
         b2:02:7a:e0:b9:5e:93:75:6d:3e:df:9c:4c:dd:3d:a6:f4:9d:
         5c:a5:13:c3:ea:17:9c:2c:97:d1:79:e7:34:86:89:a3:f7:1f:
         11:7c:6e:fd:1a:b3:0e:41:9a:f7:2e:91:3c:0a:61:ba:4e:75:
         19:98:f7:96:ed:80:ce:71:99:0d:2d:1c:6d:1c:e0:ff:0d:b2:
         93:d6:64:3c:56:10:62:2b:ee:67:ed:b9:ad:7d:04:42:32:09:
         3d:3a:71:93:8f:98:f9:8c:bb:bd:26:e1:9d:12:90:e0:84:35:
         26:3c:2b:61:1c:93:69:65:69:97:2b:05:f4:f3:06:43:32:f2:
         27:17:94:59:39:a0:35:31:3b:c2:47:42:b1:86:97:d0:b9:c6:
         87:ac:af:4a:6c:b5:60:fa:3a:62:eb:79:07:54:cb:4f:94:75:
         31:83:62:4c:83:58:3f:fd:88:71:6e:73:02:b0:c2:a2:a8:f8:
         fb:c1:cb:b7:7f:3f:79:12:97:c8:9e:3a:db:db:db:d7:50:13:
         3b:ea:97:93:70:7d:96:68:10:01:38:bf:a1:b3:55:89:f9:64:
         38:92:e2:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX9nseMwN8fRZ9v8rmghr0jzi/tUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDYwNDU0NTdaFw0yNjA1MDUwNDU5NTdaMDMxMTAvBgNV
BAMTKDE5MzZDMDY0Mzg1RjI4RDlGNjhBRkU5ODhBMTBFRUU2MUQ2NzlGMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRKUn3YQYFjkuZ/3RsnHodptTG
5dy5gscmZKG4M10NXdtkXQcjEbKCuION4pIb22g+hKMGTf+kMqtIuYHa4R7Tpli2
nMIOu5MTJ153YQgxSPiEuc9ya734n3kOdYl76bvoezDHiVPI3YyPy1aphxbO0NoX
5EokfUxJx4tTdmCzwHYmoZU2dBj2YcLqGlwbTxA3m9Bx1BBDhKcn4YpsAjDrnlpO
BOvY9oGIsYhRnrwTgPzdhEu8RN6GPxXePLfNk9Qa7OycaMG0GHQFLYrLQvxkI5CJ
LKy5zSoMZZlPYwt5qhWVvPIf3Ai/4JpscczoN4NgvC74EFzvb97XLB6fmhbbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGTbAZDhfKNn2iv6YihDu5h1nnwQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1NjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm3WY
MA0GCSqGSIb3DQEBCwUAA4IBAQBq+RTvXm7T5nWjJjr3IsK90oOphUiO4IDY4f7S
Ox2RNKXxQ/2yAnrguV6TdW0+35xM3T2m9J1cpRPD6hecLJfReec0homj9x8RfG79
GrMOQZr3LpE8CmG6TnUZmPeW7YDOcZkNLRxtHOD/DbKT1mQ8VhBiK+5n7bmtfQRC
Mgk9OnGTj5j5jLu9JuGdEpDghDUmPCthHJNpZWmXKwX08wZDMvInF5RZOaA1MTvC
R0KxhpfQucaHrK9KbLVg+jpi63kHVMtPlHUxg2JMg1g//YhxbnMCsMKiqPj7wcu3
fz95EpfInjrb29vXUBM76peTcH2WaBABOL+hs1WJ+WQ4kuL+
-----END CERTIFICATE-----