Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa
File:                     AS215311.roa (raw, json)
Hash identifier:          z8y21ulyieYOYSAGwEbZQjVIDHR8ceKIMVgCn7q0VQ8=
Subject key identifier:   63:FE:D6:B0:5C:7E:FB:3C:64:55:EE:0B:FA:D9:EA:31:20:44:78:76
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1A5463FDCE26C37A5240A15D01E491930A376F05
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa
Signing time:             Thu 24 Apr 2025 00:01:57 +0000
ROA not before:           Wed 23 Apr 2025 23:56:57 +0000
ROA not after:            Thu 23 Apr 2026 00:01:57 +0000
asID:                     215311
IP address blocks:        145.223.68.0/22 maxlen: 22
                          146.103.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:54:63:fd:ce:26:c3:7a:52:40:a1:5d:01:e4:91:93:0a:37:6f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 23 23:56:57 2025 GMT
            Not After : Apr 23 00:01:57 2026 GMT
        Subject: CN=63FED6B05C7EFB3C6455EE0BFAD9EA3120447876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4c:aa:6e:e7:14:2d:50:12:b6:53:d9:d6:5c:
                    05:be:f3:d8:b5:62:21:76:4b:a5:b9:03:05:d1:f4:
                    4c:da:e7:a2:5f:18:07:9d:8e:76:6b:59:45:cd:73:
                    29:32:e2:26:51:88:54:26:80:eb:70:be:1b:ae:fc:
                    da:a5:fb:84:27:9e:cc:a4:b3:91:a2:14:eb:f5:df:
                    54:3a:d1:03:51:02:e9:c2:74:4d:94:ac:ab:f0:cd:
                    da:00:ef:22:da:58:50:92:f2:aa:33:cb:42:0f:1a:
                    8a:1f:b3:c9:14:30:e3:2f:60:07:60:6c:65:b7:b3:
                    3f:5e:60:79:de:09:42:7a:51:d0:4b:ad:df:99:89:
                    67:33:6a:c4:1b:e6:6c:a8:69:ea:da:60:d6:24:a0:
                    98:4a:53:36:61:97:d5:6b:69:ba:b2:a6:3e:70:3f:
                    63:e2:66:3e:c8:ec:4d:da:71:dc:43:1b:d9:b6:fa:
                    b7:b8:da:ff:e8:51:ab:55:71:cf:c6:bd:23:0a:a9:
                    4c:9f:94:cb:c5:a2:95:49:af:3f:ca:54:92:a7:a7:
                    8b:1b:28:4e:9d:c9:86:60:90:ba:c3:b7:d6:37:99:
                    85:dd:83:33:78:20:93:4d:8c:c3:42:1b:d0:e9:d2:
                    88:92:98:11:17:9a:19:1d:39:7d:3e:1e:db:53:2a:
                    24:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FE:D6:B0:5C:7E:FB:3C:64:55:EE:0B:FA:D9:EA:31:20:44:78:76
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.223.68.0/22
                  146.103.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:15:04:4f:55:be:c0:b8:78:d4:42:5e:2f:41:b2:be:30:44:
         8a:4a:d7:99:f8:99:e2:00:e7:48:13:2d:5c:4a:26:1b:be:5a:
         db:14:cf:4b:9b:44:31:f0:45:1e:4c:f9:2b:9b:3f:44:25:76:
         20:13:ed:97:78:d0:08:0a:9f:ed:20:e2:78:3a:aa:9e:05:7c:
         eb:a3:81:2c:c7:c7:ef:42:a7:b7:4b:4b:f2:67:f0:5d:92:92:
         e2:fa:ff:37:bc:3b:a0:63:62:cb:51:3f:a6:fd:f0:23:5d:15:
         10:09:98:6a:c9:56:c6:f3:8a:84:10:00:b5:00:e7:c9:a9:62:
         c2:89:a3:32:a5:52:7c:20:ec:f8:9c:f6:ef:46:2b:f8:46:07:
         7a:80:94:42:39:9d:66:ff:94:56:59:69:e9:a9:d3:3a:70:c4:
         e9:a6:2a:8d:be:72:42:2e:8d:51:0d:8d:ef:7a:36:49:43:e9:
         d2:20:cb:15:ca:63:43:e7:6d:1b:c8:ea:05:eb:5b:2b:64:a5:
         9d:b0:0c:22:08:e8:fe:85:91:2a:23:61:e0:8b:7b:bb:e1:ac:
         21:9e:20:b3:73:82:3e:60:54:55:5a:e1:c3:78:26:a3:23:b5:
         7f:b8:11:93:7f:04:55:ef:ed:95:d1:71:4d:eb:df:d5:2e:8e:
         23:7c:7b:ee
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGlRj/c4mw3pSQKFdAeSRkwo3bwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjMyMzU2NTdaFw0yNjA0MjMwMDAxNTdaMDMxMTAvBgNV
BAMTKDYzRkVENkIwNUM3RUZCM0M2NDU1RUUwQkZBRDlFQTMxMjA0NDc4NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TKpu5xQtUBK2U9nWXAW+89i1
YiF2S6W5AwXR9Eza56JfGAedjnZrWUXNcyky4iZRiFQmgOtwvhuu/Nql+4Qnnsyk
s5GiFOv131Q60QNRAunCdE2UrKvwzdoA7yLaWFCS8qozy0IPGoofs8kUMOMvYAdg
bGW3sz9eYHneCUJ6UdBLrd+ZiWczasQb5myoaeraYNYkoJhKUzZhl9Vrabqypj5w
P2PiZj7I7E3acdxDG9m2+re42v/oUatVcc/GvSMKqUyflMvFopVJrz/KVJKnp4sb
KE6dyYZgkLrDt9Y3mYXdgzN4IJNNjMNCG9Dp0oiSmBEXmhkdOX0+HttTKiQlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUY/7WsFx++zxkVe4L+tnqMSBEeHYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCkd9E
AwQCkmcoMA0GCSqGSIb3DQEBCwUAA4IBAQBpFQRPVb7AuHjUQl4vQbK+MESKSteZ
+JniAOdIEy1cSiYbvlrbFM9Lm0Qx8EUeTPkrmz9EJXYgE+2XeNAICp/tIOJ4Oqqe
BXzro4Esx8fvQqe3S0vyZ/BdkpLi+v83vDugY2LLUT+m/fAjXRUQCZhqyVbG84qE
EAC1AOfJqWLCiaMypVJ8IOz4nPbvRiv4Rgd6gJRCOZ1m/5RWWWnpqdM6cMTppiqN
vnJCLo1RDY3vejZJQ+nSIMsVymND520byOoF61srZKWdsAwiCOj+hZEqI2Hgi3u7
4awhniCzc4I+YFRVWuHDeCajI7V/uBGTfwRV7+2V0XFN69/VLo4jfHvu
-----END CERTIFICATE-----