Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          9sFqT+ig/LZBw/TLC66frVwrJ4vCiRhGIwUbv1elwFI=
Subject key identifier:   BE:05:62:72:83:A0:27:71:8F:D6:79:0B:AA:EE:5B:E0:6A:F2:E1:98
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       05A82E91E87F5E38FF460E22110EC0F046AA9DDF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215607.roa
Signing time:             Fri 03 Apr 2026 21:05:08 +0000
ROA not before:           Fri 03 Apr 2026 21:00:08 +0000
ROA not after:            Fri 02 Apr 2027 21:05:08 +0000
asID:                     215607
IP address blocks:        96.62.249.0/24 maxlen: 24
                          143.14.20.0/24 maxlen: 24
                          167.148.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:a8:2e:91:e8:7f:5e:38:ff:46:0e:22:11:0e:c0:f0:46:aa:9d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  3 21:00:08 2026 GMT
            Not After : Apr  2 21:05:08 2027 GMT
        Subject: CN=BE05627283A027718FD6790BAAEE5BE06AF2E198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4b:a2:02:e7:54:6a:99:cb:c6:de:81:a7:ab:
                    b0:01:17:a6:ff:78:9e:6b:36:6d:1f:b7:13:7c:d1:
                    d3:ea:81:5b:01:b9:45:05:43:99:d8:39:f7:7f:c4:
                    18:22:16:2b:21:0d:8a:15:98:44:f0:c2:b4:e4:e6:
                    52:b5:2f:ea:6e:c3:a8:87:0b:10:b8:a8:12:c3:5b:
                    76:0f:ef:91:d5:14:b0:23:7a:11:d7:4a:a9:8c:70:
                    fe:db:4e:cd:c2:0b:de:68:48:9d:a2:ac:44:a1:5f:
                    5e:d1:02:4e:c6:48:fc:70:21:03:fc:0b:3f:4b:78:
                    11:5a:07:c5:c6:ea:cd:f6:33:2d:c5:af:b0:cd:47:
                    09:5d:a7:32:a0:59:fc:bc:8f:26:b6:98:33:d9:b4:
                    d2:81:90:bf:fc:0a:b9:0e:57:db:23:68:31:70:0f:
                    c9:3c:e1:eb:32:c9:45:1a:e8:31:a6:d6:d4:b3:63:
                    8e:63:6f:64:1e:87:2c:16:d2:6d:82:b0:10:1f:d2:
                    53:0d:8c:01:3d:14:fc:2a:b2:ca:aa:a0:bd:6b:6b:
                    e3:35:a9:a4:8f:25:af:92:c9:db:ab:96:9d:87:a3:
                    4d:74:0c:fd:9f:21:10:02:b8:6b:49:f4:bb:2f:94:
                    3c:fd:89:ea:ea:22:0c:17:f1:b9:cb:41:9f:ee:83:
                    36:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:05:62:72:83:A0:27:71:8F:D6:79:0B:AA:EE:5B:E0:6A:F2:E1:98
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.249.0/24
                  143.14.20.0/24
                  167.148.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:2a:77:c7:19:19:24:64:78:16:f2:ea:a7:98:3a:2b:e1:0c:
         98:39:6f:c8:7d:ec:5d:71:dc:73:36:d6:14:2d:ab:43:87:60:
         d8:8f:c4:97:ce:3e:b2:dd:63:c2:94:7c:0f:8f:50:e9:2b:99:
         1f:56:f3:e8:0a:f8:4a:cc:51:c7:e2:cb:71:55:ea:06:ec:49:
         f1:3a:ad:fc:81:00:ac:69:2d:07:dc:93:4a:10:49:88:4f:86:
         cf:ab:cf:ec:6b:c8:e0:bb:d2:de:d6:2a:aa:99:5c:d5:6c:11:
         d3:64:90:ca:e6:14:42:14:1a:0c:ea:84:da:54:1f:ca:3a:ea:
         9a:c1:a9:34:31:c9:ad:75:4b:1e:13:89:8d:7f:48:16:8d:da:
         71:d3:98:d6:e4:14:e2:94:51:aa:e3:bc:6a:99:bf:fd:f4:e0:
         9f:21:5c:22:01:5c:0d:fe:fc:67:75:01:e1:b7:3d:91:c0:00:
         7f:21:d4:99:56:4a:c4:90:df:51:e9:d1:9c:a0:aa:54:7e:33:
         b3:75:97:a4:e2:56:9f:3b:72:ab:4b:00:10:7e:02:02:c7:71:
         13:b1:60:ea:85:54:9d:64:73:4b:d0:40:7d:dd:27:e7:6a:da:
         8d:47:dd:9e:39:68:f2:a6:71:33:f4:6e:2f:37:ea:25:4f:15:
         68:62:c0:5a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUBagukeh/Xjj/Rg4iEQ7A8Eaqnd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDMyMTAwMDhaFw0yNzA0MDIyMTA1MDhaMDMxMTAvBgNV
BAMTKEJFMDU2MjcyODNBMDI3NzE4RkQ2NzkwQkFBRUU1QkUwNkFGMkUxOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxS6IC51RqmcvG3oGnq7ABF6b/
eJ5rNm0ftxN80dPqgVsBuUUFQ5nYOfd/xBgiFishDYoVmETwwrTk5lK1L+puw6iH
CxC4qBLDW3YP75HVFLAjehHXSqmMcP7bTs3CC95oSJ2irEShX17RAk7GSPxwIQP8
Cz9LeBFaB8XG6s32My3Fr7DNRwldpzKgWfy8jya2mDPZtNKBkL/8CrkOV9sjaDFw
D8k84esyyUUa6DGm1tSzY45jb2QehywW0m2CsBAf0lMNjAE9FPwqssqqoL1ra+M1
qaSPJa+Sydurlp2Ho010DP2fIRACuGtJ9LsvlDz9ierqIgwX8bnLQZ/ugzZLAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUvgVicoOgJ3GP1nkLqu5b4Gry4ZgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAYD75
AwQAjw4UAwQAp5TWMA0GCSqGSIb3DQEBCwUAA4IBAQChKnfHGRkkZHgW8uqnmDor
4QyYOW/IfexdcdxzNtYULatDh2DYj8SXzj6y3WPClHwPj1DpK5kfVvPoCvhKzFHH
4stxVeoG7EnxOq38gQCsaS0H3JNKEEmIT4bPq8/sa8jgu9Le1iqqmVzVbBHTZJDK
5hRCFBoM6oTaVB/KOuqawak0McmtdUseE4mNf0gWjdpx05jW5BTilFGq47xqmb/9
9OCfIVwiAVwN/vxndQHhtz2RwAB/IdSZVkrEkN9R6dGcoKpUfjOzdZek4lafO3Kr
SwAQfgICx3ETsWDqhVSdZHNL0EB93SfnatqNR92eOWjypnEz9G4vN+olTxVoYsBa
-----END CERTIFICATE-----