Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
File:                     AS215071.roa (raw, json)
Hash identifier:          bgJ9O3tKgZIptjuNzzTFmsYQ1/Ew0o1mv+FG++Hubo0=
Subject key identifier:   7E:F5:1A:5B:CC:70:C7:38:22:D8:30:B9:3A:FB:60:31:31:D0:14:4B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1279A2788B2FB50333F34F6CDE7E82AC64696734
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
Signing time:             Wed 26 Mar 2025 11:53:59 +0000
ROA not before:           Wed 26 Mar 2025 11:48:59 +0000
ROA not after:            Wed 25 Mar 2026 11:53:59 +0000
asID:                     215071
IP address blocks:        179.61.184.0/24 maxlen: 24
                          181.214.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:79:a2:78:8b:2f:b5:03:33:f3:4f:6c:de:7e:82:ac:64:69:67:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 26 11:48:59 2025 GMT
            Not After : Mar 25 11:53:59 2026 GMT
        Subject: CN=7EF51A5BCC70C73822D830B93AFB603131D0144B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:61:ff:70:29:00:ef:25:63:f3:a0:f6:a0:d8:
                    19:cf:65:ec:09:c1:a1:a4:1b:96:95:74:a1:1f:f2:
                    c6:26:95:e2:f1:b6:21:73:b6:0c:8c:66:88:d0:e7:
                    76:71:94:b1:32:d1:27:0f:a3:9b:6d:38:e2:e2:c1:
                    1d:f2:19:c2:8c:17:5e:41:0f:f9:4a:0a:68:3d:34:
                    8c:57:c4:a8:54:29:1c:13:27:d1:80:2a:28:85:ff:
                    78:80:e8:85:2d:7f:55:cd:31:1c:8f:b7:1d:c5:68:
                    11:87:1c:85:2d:85:47:a8:57:53:71:1b:00:0f:33:
                    77:25:b1:3f:ab:54:8e:25:36:0e:95:86:e0:fa:78:
                    1a:5c:47:bd:17:4e:e5:e0:37:8d:c7:6e:96:42:a7:
                    06:99:1f:b3:ff:4a:82:5c:1b:1b:3a:ba:f4:b4:9e:
                    07:e0:d1:ad:0b:43:3a:ce:c0:f6:c0:21:99:76:40:
                    56:8e:80:03:6b:5e:93:57:41:85:a2:73:af:76:1f:
                    2f:c1:fb:06:a1:27:a5:43:90:7c:6e:8e:77:97:17:
                    c3:be:0e:da:97:d1:84:e2:0a:04:01:6e:61:4d:44:
                    b3:b2:5a:79:fc:03:04:47:86:bd:c0:0b:b1:da:27:
                    b7:8c:9f:e3:dd:1c:d5:74:af:8f:57:a0:bb:71:92:
                    8c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F5:1A:5B:CC:70:C7:38:22:D8:30:B9:3A:FB:60:31:31:D0:14:4B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.184.0/24
                  181.214.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ca:d8:f7:13:6b:23:b3:97:43:90:15:8e:65:85:2b:2e:27:
         ef:f8:b0:5a:93:42:fe:b6:34:57:df:1d:12:04:0e:9b:ff:df:
         11:c7:87:10:ae:cb:d4:92:36:12:9b:94:3e:a9:05:62:ce:c3:
         79:a7:99:a9:9a:71:d5:43:0d:c3:b6:83:cc:48:12:ab:2d:b7:
         7e:a9:f0:bd:ea:f6:8a:e9:ff:47:0b:82:bc:04:17:bc:d3:e7:
         c2:33:f8:be:ab:f2:b8:5f:0f:2f:b3:18:aa:7d:4c:9c:a0:02:
         a1:80:95:27:20:9b:82:25:30:77:3f:26:07:f0:ac:54:e0:cf:
         cd:40:29:39:3c:85:f0:af:9f:bc:bd:d4:f6:04:fe:fd:0c:e1:
         7d:90:83:c9:1d:cf:6e:c1:7b:5b:86:9f:1c:fc:36:10:4b:3a:
         ca:0c:16:63:28:4b:d8:02:db:6d:72:8c:47:2d:f6:60:0b:c0:
         03:84:d8:96:46:84:37:42:97:e6:4b:a6:48:f8:0d:a1:62:6b:
         64:7e:de:1f:26:9d:0d:99:db:a9:48:24:5a:52:d9:0d:6b:d8:
         33:d3:15:01:c8:51:0c:b0:18:bd:2b:2a:12:94:94:b1:80:94:
         7f:78:05:f8:e0:86:da:7d:fa:a0:2a:68:f4:e6:e5:95:3a:33:
         e9:c9:e3:93
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUEnmieIsvtQMz809s3n6CrGRpZzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMjYxMTQ4NTlaFw0yNjAzMjUxMTUzNTlaMDMxMTAvBgNV
BAMTKDdFRjUxQTVCQ0M3MEM3MzgyMkQ4MzBCOTNBRkI2MDMxMzFEMDE0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkYf9wKQDvJWPzoPag2BnPZewJ
waGkG5aVdKEf8sYmleLxtiFztgyMZojQ53ZxlLEy0ScPo5ttOOLiwR3yGcKMF15B
D/lKCmg9NIxXxKhUKRwTJ9GAKiiF/3iA6IUtf1XNMRyPtx3FaBGHHIUthUeoV1Nx
GwAPM3clsT+rVI4lNg6VhuD6eBpcR70XTuXgN43HbpZCpwaZH7P/SoJcGxs6uvS0
ngfg0a0LQzrOwPbAIZl2QFaOgANrXpNXQYWic692Hy/B+wahJ6VDkHxujneXF8O+
DtqX0YTiCgQBbmFNRLOyWnn8AwRHhr3AC7HaJ7eMn+PdHNV0r49XoLtxkowjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfvUaW8xwxzgi2DC5OvtgMTHQFEswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz24
AwQAtdbVMA0GCSqGSIb3DQEBCwUAA4IBAQBWytj3E2sjs5dDkBWOZYUrLifv+LBa
k0L+tjRX3x0SBA6b/98Rx4cQrsvUkjYSm5Q+qQVizsN5p5mpmnHVQw3DtoPMSBKr
Lbd+qfC96vaK6f9HC4K8BBe80+fCM/i+q/K4Xw8vsxiqfUycoAKhgJUnIJuCJTB3
PyYH8KxU4M/NQCk5PIXwr5+8vdT2BP79DOF9kIPJHc9uwXtbhp8c/DYQSzrKDBZj
KEvYAtttcoxHLfZgC8ADhNiWRoQ3QpfmS6ZI+A2hYmtkft4fJp0NmdupSCRaUtkN
a9gz0xUByFEMsBi9KyoSlJSxgJR/eAX44IbaffqgKmj05uWVOjPpyeOT
-----END CERTIFICATE-----