Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          aEN59Wc1sVi2FLSpwvDtv0eo94DsoVyzU3FjhKwkevc=
Subject key identifier:   53:AA:F8:17:AE:BD:79:5B:08:00:ED:77:A4:FD:E5:A7:BD:D5:AD:EC
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       4465C9CB34FB3FE5794BCC5D3D54B6D147FD9ABB
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
Signing time:             Mon 02 Feb 2026 09:48:47 +0000
ROA not before:           Mon 02 Feb 2026 09:43:47 +0000
ROA not after:            Mon 01 Feb 2027 09:48:47 +0000
asID:                     215607
IP address blocks:        82.139.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:29:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:65:c9:cb:34:fb:3f:e5:79:4b:cc:5d:3d:54:b6:d1:47:fd:9a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb  2 09:43:47 2026 GMT
            Not After : Feb  1 09:48:47 2027 GMT
        Subject: CN=53AAF817AEBD795B0800ED77A4FDE5A7BDD5ADEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6d:21:52:5d:8a:d0:9b:68:88:42:92:98:7f:
                    96:e5:f2:02:2a:b4:93:ac:ce:ed:ab:e9:71:7c:09:
                    f0:0c:a0:89:9a:d1:ea:19:9a:d3:4a:d4:9f:bd:7a:
                    36:84:29:04:9a:a9:34:9a:2f:36:ad:4d:2d:55:cb:
                    0c:1a:15:23:63:2f:77:db:39:a8:4a:b5:b2:28:99:
                    81:3b:87:53:5c:db:b2:54:f0:c9:96:ea:68:7c:95:
                    4c:90:be:31:d0:6c:bd:16:ca:5c:52:d9:da:5b:a7:
                    88:c0:af:0e:26:7a:22:79:fc:1e:b9:2c:0f:01:c6:
                    10:db:f3:91:34:bd:39:7b:50:06:7b:18:c9:ae:bf:
                    88:88:93:51:69:28:c5:57:29:02:3c:53:43:f7:4f:
                    c1:45:fd:08:54:44:d8:ec:ab:c6:44:19:e1:d1:e4:
                    21:3e:05:24:23:53:ec:1a:33:5f:72:25:ff:0a:25:
                    53:20:32:a2:a1:fe:d4:67:14:6b:16:f2:69:e5:6e:
                    fe:df:8b:2a:c4:af:c0:b1:b4:d9:ec:9c:cf:dd:7b:
                    f5:14:80:a3:ff:3c:df:d9:27:51:6f:32:a7:ac:53:
                    96:29:bd:24:c2:6c:7a:bc:e8:14:cd:b7:f0:24:2c:
                    10:13:eb:de:61:cb:1f:80:a8:63:e5:ba:42:a2:b7:
                    da:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AA:F8:17:AE:BD:79:5B:08:00:ED:77:A4:FD:E5:A7:BD:D5:AD:EC
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d0:d6:62:e1:0a:c1:91:fe:f8:11:89:09:a2:f6:0d:69:d1:
         72:54:3e:24:6a:36:1d:9a:a5:a4:c2:23:3c:05:b7:0a:2c:40:
         2d:7e:15:39:48:7a:1e:bf:fe:27:29:8e:22:53:f0:d6:f5:17:
         8e:88:c7:62:46:47:30:27:d6:b0:44:51:b3:b8:23:3f:47:8c:
         61:52:99:b9:25:1b:d9:b9:e9:47:70:bb:36:96:c0:8a:1f:7c:
         18:16:4c:f4:a2:d2:e5:0f:fa:40:cf:03:f5:1e:f4:ac:ea:19:
         cc:1f:c4:d2:63:cb:11:47:e5:5b:00:ba:c8:9f:c9:2f:c2:23:
         82:00:77:de:2d:64:0b:74:ec:3c:47:37:e7:d9:44:d2:b2:82:
         e7:ca:64:e4:45:5e:5b:0e:87:3e:14:12:43:99:84:d6:b7:35:
         63:ed:1d:d6:a1:f1:66:2f:a4:80:58:83:04:88:28:1e:37:6a:
         32:3e:0f:1e:c8:15:b5:99:f8:55:0e:66:0e:be:0b:e5:3e:c3:
         ac:0e:bf:ca:2a:c4:2c:f4:4d:4e:f1:9e:99:f0:4e:ca:52:a5:
         3f:26:e7:c1:df:85:81:d6:14:f6:92:26:37:e6:9d:09:b8:ba:
         49:b0:39:43:a2:44:8d:f4:7f:88:1d:45:6b:72:e3:ff:79:02:
         0e:46:b7:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURGXJyzT7P+V5S8xdPVS20Uf9mrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMDIwOTQzNDdaFw0yNzAyMDEwOTQ4NDdaMDMxMTAvBgNV
BAMTKDUzQUFGODE3QUVCRDc5NUIwODAwRUQ3N0E0RkRFNUE3QkRENUFERUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCubSFSXYrQm2iIQpKYf5bl8gIq
tJOszu2r6XF8CfAMoIma0eoZmtNK1J+9ejaEKQSaqTSaLzatTS1VywwaFSNjL3fb
OahKtbIomYE7h1Nc27JU8MmW6mh8lUyQvjHQbL0WylxS2dpbp4jArw4meiJ5/B65
LA8BxhDb85E0vTl7UAZ7GMmuv4iIk1FpKMVXKQI8U0P3T8FF/QhURNjsq8ZEGeHR
5CE+BSQjU+waM19yJf8KJVMgMqKh/tRnFGsW8mnlbv7fiyrEr8CxtNnsnM/de/UU
gKP/PN/ZJ1FvMqesU5YpvSTCbHq86BTNt/AkLBAT695hyx+AqGPlukKit9p7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUU6r4F669eVsIAO13pP3lp73VrewwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovX
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ0NZi4QrBkf74EYkJovYNadFyVD4kajYdmqWk
wiM8BbcKLEAtfhU5SHoev/4nKY4iU/DW9ReOiMdiRkcwJ9awRFGzuCM/R4xhUpm5
JRvZuelHcLs2lsCKH3wYFkz0otLlD/pAzwP1HvSs6hnMH8TSY8sRR+VbALrIn8kv
wiOCAHfeLWQLdOw8Rzfn2UTSsoLnymTkRV5bDoc+FBJDmYTWtzVj7R3WofFmL6SA
WIMEiCgeN2oyPg8eyBW1mfhVDmYOvgvlPsOsDr/KKsQs9E1O8Z6Z8E7KUqU/JufB
34WB1hT2kiY35p0JuLpJsDlDokSN9H+IHUVrcuP/eQIORrdB
-----END CERTIFICATE-----