Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215568.roa
File:                     AS215568.roa (raw, json)
Hash identifier:          EOmz2qR05JJobW1qbt5IKFweMcTy8/aEslKx6nWE3WE=
Subject key identifier:   0A:67:78:B7:F8:23:1B:20:03:A8:7A:38:09:10:CB:7C:4E:3C:CF:87
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2DE24440AA191D698EBE56F85E858D892545DBD4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215568.roa
Signing time:             Thu 12 Jun 2025 14:10:18 +0000
ROA not before:           Thu 12 Jun 2025 14:05:18 +0000
ROA not after:            Thu 11 Jun 2026 14:10:18 +0000
asID:                     215568
IP address blocks:        2a0a:9e01::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:e2:44:40:aa:19:1d:69:8e:be:56:f8:5e:85:8d:89:25:45:db:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:18 2025 GMT
            Not After : Jun 11 14:10:18 2026 GMT
        Subject: CN=0A6778B7F8231B2003A87A380910CB7C4E3CCF87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dd:dd:fd:23:2d:fa:74:15:a4:c1:c6:2d:fb:
                    ab:3d:9d:03:08:09:6e:eb:ce:73:0f:01:c6:32:d3:
                    cd:10:a0:7b:3f:ad:77:cc:d6:4d:c9:90:e7:37:47:
                    b1:1b:6a:2c:f0:55:11:c9:99:7e:cb:18:c5:01:62:
                    8f:10:92:7c:df:99:68:fc:6e:92:59:b7:2a:72:6c:
                    97:6f:e5:a1:b5:58:01:cc:a5:32:cb:00:7c:38:67:
                    f2:0e:f7:3a:1e:87:5d:a1:03:0d:54:e6:43:b8:43:
                    bb:5d:39:8b:94:a7:94:9e:d6:42:0b:83:c6:8c:c6:
                    4f:f1:7d:c0:46:03:53:4e:41:f2:41:fb:02:dc:f0:
                    82:d4:11:78:85:7c:51:c2:40:d4:f5:7e:7e:65:8c:
                    95:22:ce:dc:11:6f:ab:92:97:f0:a5:a5:f5:7c:9c:
                    57:68:6c:98:c8:a8:72:f8:a3:57:54:2f:1c:3e:f8:
                    37:65:ca:b6:df:7b:54:2e:c7:7b:08:1a:b5:97:7e:
                    16:c6:3d:92:75:53:03:e0:de:74:2a:bd:2e:6c:ad:
                    b9:2f:89:ce:f7:fc:cd:01:a0:cc:84:b4:f4:93:62:
                    1f:8b:ca:c3:7b:93:df:be:c9:dc:f7:ad:90:b4:7e:
                    8a:0e:4a:fc:42:b1:94:bf:25:a8:81:93:9d:36:dd:
                    b6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:67:78:B7:F8:23:1B:20:03:A8:7A:38:09:10:CB:7C:4E:3C:CF:87
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215568.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e01::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:89:30:36:74:aa:47:69:a1:2a:19:9c:70:91:58:b2:cd:fd:
         7f:55:04:6c:46:79:e5:55:3d:53:4e:91:87:ee:26:2d:dd:92:
         c9:b6:cd:8a:71:69:5e:70:e0:6a:72:86:9c:9d:95:cc:9e:bb:
         35:9a:20:06:34:d6:18:51:96:cc:ad:14:c2:76:8d:ab:91:73:
         2b:d9:af:b1:af:38:da:a0:5a:da:de:19:55:c3:3c:81:e6:c1:
         58:ff:ff:1b:c7:07:13:2d:fd:06:2a:ce:0f:79:7d:ff:99:69:
         50:30:ba:bb:cd:03:89:30:e3:f9:74:d9:d5:fb:0b:46:84:aa:
         09:cb:f7:7d:ba:eb:70:1c:22:d7:b4:24:46:19:50:36:0b:a9:
         1e:02:a7:0d:a2:37:85:93:27:f5:dd:00:88:b8:07:bb:d8:42:
         08:57:be:12:e7:d7:fb:8a:66:4e:e1:ca:3c:d0:55:98:ac:4b:
         ef:7a:8e:40:7c:6c:74:54:65:0c:23:89:82:76:2b:39:4e:f1:
         51:0f:b9:85:9e:7c:51:2c:79:07:12:14:e7:7c:37:0f:2c:ae:
         df:92:31:f4:f6:39:43:d1:2a:18:67:76:f8:79:92:77:2d:f5:
         b2:04:4f:4a:9e:78:b4:f0:fc:9a:fa:39:bc:e5:96:63:2a:9f:
         4f:5d:00:be
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIULeJEQKoZHWmOvlb4XoWNiSVF29QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MThaFw0yNjA2MTExNDEwMThaMDMxMTAvBgNV
BAMTKDBBNjc3OEI3RjgyMzFCMjAwM0E4N0EzODA5MTBDQjdDNEUzQ0NGODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3d39Iy36dBWkwcYt+6s9nQMI
CW7rznMPAcYy080QoHs/rXfM1k3JkOc3R7EbaizwVRHJmX7LGMUBYo8QknzfmWj8
bpJZtypybJdv5aG1WAHMpTLLAHw4Z/IO9zoeh12hAw1U5kO4Q7tdOYuUp5Se1kIL
g8aMxk/xfcBGA1NOQfJB+wLc8ILUEXiFfFHCQNT1fn5ljJUiztwRb6uSl/ClpfV8
nFdobJjIqHL4o1dULxw++Ddlyrbfe1Qux3sIGrWXfhbGPZJ1UwPg3nQqvS5srbkv
ic73/M0BoMyEtPSTYh+LysN7k9++ydz3rZC0fooOSvxCsZS/JaiBk5023batAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUCmd4t/gjGyADqHo4CRDLfE48z4cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
ATANBgkqhkiG9w0BAQsFAAOCAQEAZ4kwNnSqR2mhKhmccJFYss39f1UEbEZ55VU9
U06Rh+4mLd2SybbNinFpXnDganKGnJ2VzJ67NZogBjTWGFGWzK0UwnaNq5FzK9mv
sa842qBa2t4ZVcM8gebBWP//G8cHEy39BirOD3l9/5lpUDC6u80DiTDj+XTZ1fsL
RoSqCcv3fbrrcBwi17QkRhlQNgupHgKnDaI3hZMn9d0AiLgHu9hCCFe+EufX+4pm
TuHKPNBVmKxL73qOQHxsdFRlDCOJgnYrOU7xUQ+5hZ58USx5BxIU53w3Dyyu35Ix
9PY5Q9EqGGd2+HmSdy31sgRPSp54tPD8mvo5vOWWYyqfT10Avg==
-----END CERTIFICATE-----