Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215434.roa
File:                     AS215434.roa (raw, json)
Hash identifier:          0ea+lukwv+T6QmMCbkLlrw9syFb/XiAOYSSXjVdnU8I=
Subject key identifier:   96:B7:CE:ED:FD:4B:A0:D4:07:3B:59:33:A3:4B:A3:0D:B5:86:00:68
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6182160AF37F0F3147720A2E0B39BBA99EC6A5EE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215434.roa
Signing time:             Thu 12 Jun 2025 14:10:16 +0000
ROA not before:           Thu 12 Jun 2025 14:05:16 +0000
ROA not after:            Thu 11 Jun 2026 14:10:16 +0000
asID:                     215434
IP address blocks:        2a0a:9e00::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:82:16:0a:f3:7f:0f:31:47:72:0a:2e:0b:39:bb:a9:9e:c6:a5:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:16 2025 GMT
            Not After : Jun 11 14:10:16 2026 GMT
        Subject: CN=96B7CEEDFD4BA0D4073B5933A34BA30DB5860068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:5e:1b:35:8e:9d:33:14:47:de:9c:90:38:
                    8a:7d:34:69:ac:14:43:b2:44:cf:77:75:b4:6e:5a:
                    f5:be:c8:b6:94:8d:b6:2b:a7:d7:04:45:93:c9:84:
                    33:b6:53:2f:25:f4:84:22:e9:78:2d:47:76:36:fd:
                    35:db:71:35:f5:f1:45:df:42:4c:b5:83:ce:2d:5d:
                    94:7e:94:a4:b4:d4:da:8f:8f:1c:27:c7:4a:3e:8a:
                    e2:f9:4f:a8:78:0f:c5:b9:7a:9e:01:f8:74:12:d2:
                    2e:73:dd:73:15:d0:52:db:e2:be:4f:0c:fc:7d:e3:
                    00:96:13:a2:cd:eb:61:81:ce:27:cb:9d:43:27:9d:
                    ad:b2:96:63:e4:e0:b9:c3:58:b0:72:a8:98:44:b1:
                    43:83:7d:68:d9:f5:29:ba:cb:66:be:fd:52:1f:ea:
                    bd:f0:cb:3a:c6:14:0b:6a:40:33:ba:0b:84:3e:08:
                    85:b9:af:5c:6a:39:ed:dc:78:91:15:a2:ae:a2:44:
                    f4:17:54:3c:2f:6c:12:a1:97:94:2a:98:2f:06:b0:
                    38:08:55:b7:18:f9:7f:0f:ac:0e:28:47:05:6b:c0:
                    71:7d:b8:a7:55:a1:df:6e:d3:d7:dd:a4:c5:f7:38:
                    ab:04:63:ed:c7:07:60:90:80:bd:a4:a3:e0:0e:bf:
                    b0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B7:CE:ED:FD:4B:A0:D4:07:3B:59:33:A3:4B:A3:0D:B5:86:00:68
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:85:43:13:aa:4d:aa:c0:5e:21:26:a7:5d:d2:d8:4c:dd:c0:
         ac:14:72:de:e6:0d:7a:2e:4b:17:2c:f9:ff:76:bb:bb:0b:24:
         04:11:8d:07:f1:eb:b0:9c:7b:5d:26:20:fd:71:ff:d4:e8:d8:
         bf:3b:94:c6:6b:a1:40:de:21:66:d2:e8:fc:3d:62:7e:65:21:
         5d:ae:96:d4:7c:95:ff:3d:4f:36:c7:ab:64:8e:aa:34:97:37:
         82:07:80:99:50:34:77:78:8b:6a:d8:8a:1d:8f:ad:6a:90:3a:
         bf:03:86:2d:76:fc:a5:24:89:27:a2:bf:25:06:ec:8f:9c:d0:
         a0:85:23:e4:6b:32:13:c3:57:8d:62:66:0f:d7:8c:e2:5f:00:
         27:e1:38:73:fa:d8:9c:60:55:4a:ef:2a:46:74:a3:6c:bf:8a:
         e7:b8:c1:e6:55:c2:54:97:99:11:1c:50:ae:87:b0:f1:bc:5c:
         a0:1b:f4:a7:ff:cd:28:a4:e1:a4:84:34:5c:60:bb:23:de:b2:
         8d:42:59:51:d4:28:c7:c0:04:4a:33:70:d1:b8:b1:da:c5:aa:
         66:90:3a:12:2e:a4:fe:c7:ef:29:b4:8b:85:cd:3e:9a:9e:50:
         16:0f:8a:a6:db:09:f5:0e:bf:17:fe:62:61:bd:7b:20:7f:0a:
         aa:6d:05:60
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUYYIWCvN/DzFHcgouCzm7qZ7Gpe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MTZaFw0yNjA2MTExNDEwMTZaMDMxMTAvBgNV
BAMTKDk2QjdDRUVERkQ0QkEwRDQwNzNCNTkzM0EzNEJBMzBEQjU4NjAwNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3y14bNY6dMxRH3pyQOIp9NGms
FEOyRM93dbRuWvW+yLaUjbYrp9cERZPJhDO2Uy8l9IQi6XgtR3Y2/TXbcTX18UXf
Qky1g84tXZR+lKS01NqPjxwnx0o+iuL5T6h4D8W5ep4B+HQS0i5z3XMV0FLb4r5P
DPx94wCWE6LN62GBzifLnUMnna2ylmPk4LnDWLByqJhEsUODfWjZ9Sm6y2a+/VIf
6r3wyzrGFAtqQDO6C4Q+CIW5r1xqOe3ceJEVoq6iRPQXVDwvbBKhl5QqmC8GsDgI
VbcY+X8PrA4oRwVrwHF9uKdVod9u09fdpMX3OKsEY+3HB2CQgL2ko+AOv7AVAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUlrfO7f1LoNQHO1kzo0ujDbWGAGgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NDM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
ADANBgkqhkiG9w0BAQsFAAOCAQEAnIVDE6pNqsBeISanXdLYTN3ArBRy3uYNei5L
Fyz5/3a7uwskBBGNB/HrsJx7XSYg/XH/1OjYvzuUxmuhQN4hZtLo/D1ifmUhXa6W
1HyV/z1PNserZI6qNJc3ggeAmVA0d3iLatiKHY+tapA6vwOGLXb8pSSJJ6K/JQbs
j5zQoIUj5GsyE8NXjWJmD9eM4l8AJ+E4c/rYnGBVSu8qRnSjbL+K57jB5lXCVJeZ
ERxQroew8bxcoBv0p//NKKThpIQ0XGC7I96yjUJZUdQox8AESjNw0bix2sWqZpA6
Ei6k/sfvKbSLhc0+mp5QFg+KptsJ9Q6/F/5iYb17IH8Kqm0FYA==
-----END CERTIFICATE-----