Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215261.roa
File:                     AS215261.roa (raw, json)
Hash identifier:          PjJd2M0gbnyAcoo+JzuoJksYQLim3cyieT2+St/nxuk=
Subject key identifier:   5B:BE:E1:88:D7:0C:B0:CD:F3:A3:DF:FE:BA:83:11:2D:54:15:93:9F
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4586B3AECD93B4A13295ECDACC775EE06B6C9CE4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215261.roa
Signing time:             Tue 09 Jun 2026 19:31:24 +0000
ROA not before:           Tue 09 Jun 2026 19:26:24 +0000
ROA not after:            Tue 08 Jun 2027 19:31:24 +0000
asID:                     215261
IP address blocks:        167.148.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:86:b3:ae:cd:93:b4:a1:32:95:ec:da:cc:77:5e:e0:6b:6c:9c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  9 19:26:24 2026 GMT
            Not After : Jun  8 19:31:24 2027 GMT
        Subject: CN=5BBEE188D70CB0CDF3A3DFFEBA83112D5415939F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:84:36:53:e4:58:e8:e5:75:53:fa:3a:94:a0:
                    82:ff:fc:fc:d9:91:47:6b:04:6c:91:22:38:da:68:
                    76:ba:8d:6d:82:b2:f3:96:d2:b9:df:cc:56:96:74:
                    e5:f6:f0:cc:27:30:af:1b:72:bb:0b:f3:62:64:13:
                    d6:e9:04:4a:e7:52:79:aa:05:32:b0:71:7d:80:52:
                    63:4c:10:c9:68:35:ee:1a:d3:4c:d9:fb:20:b7:a6:
                    86:22:65:80:fe:0e:c6:34:7d:c7:26:94:af:ca:fa:
                    fb:02:7f:1c:68:b6:84:49:ac:0d:48:03:7c:c1:8d:
                    db:68:ff:92:21:c5:be:8b:a0:ec:12:3a:9d:3b:65:
                    f8:e8:ed:dd:71:a3:93:eb:fe:7c:c7:79:34:38:f0:
                    26:9b:d6:6c:00:14:9c:d9:e4:47:31:46:e1:b5:0e:
                    14:ed:9c:85:cf:66:77:4f:54:27:89:0f:77:b2:e0:
                    51:05:d3:2a:df:e6:96:ab:6b:36:14:62:6d:4d:f1:
                    ab:4c:a1:73:a8:40:78:92:5e:a2:0d:5c:13:2e:27:
                    3b:11:b4:48:6c:eb:b2:55:98:2e:90:ff:66:86:88:
                    03:e5:00:79:3a:a8:57:bc:6e:dd:11:50:f0:c4:8f:
                    ea:9a:02:08:80:ed:9e:b6:da:81:77:32:af:31:b9:
                    93:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BE:E1:88:D7:0C:B0:CD:F3:A3:DF:FE:BA:83:11:2D:54:15:93:9F
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215261.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:14:5d:66:b7:d5:5b:10:ac:fb:ca:94:b4:da:00:ea:94:14:
         8e:e0:96:1b:13:54:13:3a:1d:14:91:bc:86:fd:ef:19:78:62:
         25:71:ff:1d:1f:7b:22:19:95:9d:7f:3d:ab:be:db:bd:08:cc:
         30:b0:07:67:f6:01:b2:4c:fe:e3:00:6c:9c:08:6f:51:24:3d:
         a8:c7:fc:ce:79:a4:c3:66:4f:0b:8c:7e:4a:68:f1:69:36:95:
         4c:de:e0:73:eb:71:a9:9a:bb:18:02:0c:95:7f:c0:d0:82:53:
         61:4a:35:05:88:69:35:57:7d:fb:ab:f6:11:1c:f7:aa:83:45:
         55:f0:52:5b:ec:44:29:c2:36:1c:36:42:22:43:42:9a:b2:c0:
         25:ed:e6:75:74:70:e8:4e:f9:a1:db:57:1b:1e:81:b2:d3:1d:
         7d:09:cb:d6:8a:d1:9f:81:21:95:a2:73:01:22:c4:7d:d9:4b:
         14:ba:71:20:61:f4:73:d1:8e:d0:4f:16:83:a8:d1:57:60:e8:
         e4:5b:67:5e:8b:b3:4e:ab:0b:5e:87:fa:52:86:0d:4f:0b:9c:
         d1:36:64:1c:14:79:90:6e:0f:c1:39:37:a5:82:cc:37:2d:a0:
         e3:38:a5:0d:68:84:aa:93:91:46:ef:15:86:9b:39:ae:b5:77:
         49:f8:da:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURYazrs2TtKEylezazHde4GtsnOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDkxOTI2MjRaFw0yNzA2MDgxOTMxMjRaMDMxMTAvBgNV
BAMTKDVCQkVFMTg4RDcwQ0IwQ0RGM0EzREZGRUJBODMxMTJENTQxNTkzOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuhDZT5Fjo5XVT+jqUoIL//PzZ
kUdrBGyRIjjaaHa6jW2CsvOW0rnfzFaWdOX28MwnMK8bcrsL82JkE9bpBErnUnmq
BTKwcX2AUmNMEMloNe4a00zZ+yC3poYiZYD+DsY0fccmlK/K+vsCfxxotoRJrA1I
A3zBjdto/5Ihxb6LoOwSOp07Zfjo7d1xo5Pr/nzHeTQ48Cab1mwAFJzZ5EcxRuG1
DhTtnIXPZndPVCeJD3ey4FEF0yrf5parazYUYm1N8atMoXOoQHiSXqINXBMuJzsR
tEhs67JVmC6Q/2aGiAPlAHk6qFe8bt0RUPDEj+qaAgiA7Z622oF3Mq8xuZMLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUW77hiNcMsM3zo9/+uoMRLVQVk58wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MjYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5Sn
MA0GCSqGSIb3DQEBCwUAA4IBAQB5FF1mt9VbEKz7ypS02gDqlBSO4JYbE1QTOh0U
kbyG/e8ZeGIlcf8dH3siGZWdfz2rvtu9CMwwsAdn9gGyTP7jAGycCG9RJD2ox/zO
eaTDZk8LjH5KaPFpNpVM3uBz63GpmrsYAgyVf8DQglNhSjUFiGk1V337q/YRHPeq
g0VV8FJb7EQpwjYcNkIiQ0KassAl7eZ1dHDoTvmh21cbHoGy0x19CcvWitGfgSGV
onMBIsR92UsUunEgYfRz0Y7QTxaDqNFXYOjkW2dei7NOqwteh/pShg1PC5zRNmQc
FHmQbg/BOTelgsw3LaDjOKUNaISqk5FG7xWGmzmutXdJ+Nq0
-----END CERTIFICATE-----