Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
File:                     AS215071.roa (raw, json)
Hash identifier:          BKe5Jt75CYQG70NoscIIZfAgCWs4b0EnbhmE2ze9WLc=
Subject key identifier:   02:1A:44:30:B0:57:C1:DF:4C:9C:3C:B2:62:AA:82:D1:55:72:CF:FC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       753ED4FF4E48C6713B27ED739E67733283681500
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
Signing time:             Wed 25 Feb 2026 12:46:28 +0000
ROA not before:           Wed 25 Feb 2026 12:41:28 +0000
ROA not after:            Wed 24 Feb 2027 12:46:28 +0000
asID:                     215071
IP address blocks:        179.61.184.0/24 maxlen: 24
                          181.214.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:3e:d4:ff:4e:48:c6:71:3b:27:ed:73:9e:67:73:32:83:68:15:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 25 12:41:28 2026 GMT
            Not After : Feb 24 12:46:28 2027 GMT
        Subject: CN=021A4430B057C1DF4C9C3CB262AA82D15572CFFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:81:ed:81:fe:55:3f:bd:3f:d4:e5:6e:2c:a6:
                    b8:81:10:10:fe:19:09:d8:22:42:ed:d6:82:24:55:
                    79:fd:5c:c5:37:50:0b:92:38:db:a0:58:18:91:36:
                    ed:73:09:00:0c:4e:c1:65:8c:c1:50:3d:d2:98:ae:
                    63:d3:01:c2:62:64:43:30:c8:20:8a:b7:ac:c8:f8:
                    27:4b:6f:ed:02:21:cb:47:66:df:a2:e7:b9:de:20:
                    d3:4c:13:2b:30:b0:a9:01:d3:b8:24:45:04:f6:8b:
                    06:1c:c1:cc:6f:97:53:d6:c2:79:37:74:7e:86:1d:
                    17:13:44:32:65:cb:d2:44:f3:b9:27:dc:95:3d:44:
                    02:3c:71:53:46:52:60:d8:79:ec:17:a7:3f:34:79:
                    70:ae:0f:64:91:07:1c:9d:6e:9f:e5:fd:0a:b0:4c:
                    5b:18:f3:cc:c9:1f:27:c4:4e:17:68:1f:b0:e7:aa:
                    2f:21:17:4c:ac:d4:fe:04:0f:29:0b:bf:29:34:2e:
                    9c:de:52:be:75:af:c2:e6:9e:ab:39:94:3c:58:31:
                    68:9e:3e:f1:a9:ac:cb:90:02:14:a4:fb:81:4d:98:
                    c9:24:0a:b7:db:83:6c:a4:74:72:78:1f:54:68:76:
                    52:bc:72:9b:b2:b9:d0:f0:85:00:cd:29:c3:d9:4c:
                    0c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1A:44:30:B0:57:C1:DF:4C:9C:3C:B2:62:AA:82:D1:55:72:CF:FC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.184.0/24
                  181.214.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:47:f0:97:70:70:51:87:f9:0b:ff:5a:38:76:fb:c2:3b:50:
         ae:39:de:33:e2:5a:49:63:24:ff:34:b1:41:ef:53:73:d5:68:
         ee:41:b7:bd:77:23:3d:6d:70:8a:ae:13:90:25:47:0c:3e:47:
         ac:03:87:61:10:11:cd:9d:f1:fa:0d:7b:a3:a6:42:4e:07:5f:
         7a:5f:a2:d7:09:43:21:7f:50:89:fa:35:f4:07:43:ff:2d:2c:
         4f:73:71:09:55:3a:d4:f2:19:a6:4e:ff:79:48:31:08:0d:fd:
         a2:be:da:0c:f6:9f:66:0e:94:17:30:01:4c:f1:99:e5:8d:e0:
         41:94:b8:b1:c9:20:e7:b7:c3:bd:5b:2a:d3:b1:ba:6f:11:8d:
         98:ae:5d:fe:9b:85:83:89:b8:88:ce:8d:1f:10:a7:70:f6:2d:
         9c:78:f0:e7:ee:d3:5a:6a:1f:8f:a4:c7:6e:b1:36:ff:8c:4d:
         6d:a3:fc:2b:4f:5d:5f:d2:ed:3f:ca:12:51:f8:e0:28:b3:e4:
         3e:d0:7c:fe:2a:db:51:7c:93:4e:d1:45:48:2f:7f:ba:50:e2:
         a4:a7:0d:d2:d7:66:3b:40:db:17:30:67:7c:d0:1e:c6:6d:75:
         a7:ea:8c:cf:a5:86:10:7c:d7:c5:e3:b3:8a:85:36:dd:3c:99:
         16:ac:fe:4d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdT7U/05IxnE7J+1znmdzMoNoFQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMjUxMjQxMjhaFw0yNzAyMjQxMjQ2MjhaMDMxMTAvBgNV
BAMTKDAyMUE0NDMwQjA1N0MxREY0QzlDM0NCMjYyQUE4MkQxNTU3MkNGRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxge2B/lU/vT/U5W4spriBEBD+
GQnYIkLt1oIkVXn9XMU3UAuSONugWBiRNu1zCQAMTsFljMFQPdKYrmPTAcJiZEMw
yCCKt6zI+CdLb+0CIctHZt+i57neINNMEyswsKkB07gkRQT2iwYcwcxvl1PWwnk3
dH6GHRcTRDJly9JE87kn3JU9RAI8cVNGUmDYeewXpz80eXCuD2SRBxydbp/l/Qqw
TFsY88zJHyfEThdoH7Dnqi8hF0ys1P4EDykLvyk0LpzeUr51r8Lmnqs5lDxYMWie
PvGprMuQAhSk+4FNmMkkCrfbg2ykdHJ4H1RodlK8cpuyudDwhQDNKcPZTAyFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAhpEMLBXwd9MnDyyYqqC0VVyz/wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz24
AwQAtdbVMA0GCSqGSIb3DQEBCwUAA4IBAQBIR/CXcHBRh/kL/1o4dvvCO1CuOd4z
4lpJYyT/NLFB71Nz1WjuQbe9dyM9bXCKrhOQJUcMPkesA4dhEBHNnfH6DXujpkJO
B196X6LXCUMhf1CJ+jX0B0P/LSxPc3EJVTrU8hmmTv95SDEIDf2ivtoM9p9mDpQX
MAFM8ZnljeBBlLixySDnt8O9WyrTsbpvEY2Yrl3+m4WDibiIzo0fEKdw9i2cePDn
7tNaah+PpMdusTb/jE1to/wrT11f0u0/yhJR+OAos+Q+0Hz+KttRfJNO0UVIL3+6
UOKkpw3S12Y7QNsXMGd80B7GbXWn6ozPpYYQfNfF47OKhTbdPJkWrP5N
-----END CERTIFICATE-----