Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215638.roa
File:                     AS215638.roa (raw, json)
Hash identifier:          QTjtelPGw0BPQNyaYMgwpUep1sJxN03pc8R2WgVOzP4=
Subject key identifier:   D4:0B:C6:B4:05:41:B9:8C:3B:07:0A:AD:E7:AC:92:51:0A:E9:BC:2A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4AD2BFEF230FFA0026857ED5B26DFED61ACFF2EF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215638.roa
Signing time:             Tue 04 Nov 2025 00:02:48 +0000
ROA not before:           Mon 03 Nov 2025 23:57:48 +0000
ROA not after:            Tue 03 Nov 2026 00:02:48 +0000
asID:                     215638
IP address blocks:        2a0b:3300::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:d2:bf:ef:23:0f:fa:00:26:85:7e:d5:b2:6d:fe:d6:1a:cf:f2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  3 23:57:48 2025 GMT
            Not After : Nov  3 00:02:48 2026 GMT
        Subject: CN=D40BC6B40541B98C3B070AADE7AC92510AE9BC2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:69:21:66:d9:37:88:e6:dd:5d:e8:98:53:e6:
                    23:4e:2e:7a:19:2c:8d:a9:91:40:13:4e:2d:3b:4f:
                    ba:87:8c:ea:7c:9c:d4:18:5f:34:c4:1a:d1:0d:f7:
                    6a:5c:a8:8c:f3:68:6d:09:8a:4d:14:7c:13:d8:53:
                    0d:ad:6a:b3:70:7c:d5:6f:2b:f7:71:46:6b:f6:bc:
                    22:fb:d2:1b:20:f4:f7:24:b3:47:4d:89:62:c5:03:
                    ac:6b:36:b8:24:8c:ef:37:98:35:83:7f:a1:58:22:
                    82:ed:5d:b7:2a:82:e0:80:ec:af:c3:81:28:a6:60:
                    86:19:12:9a:04:60:1b:32:76:cc:bf:4c:82:70:87:
                    a6:e3:d8:23:24:bd:0e:cd:58:e8:d8:68:80:f7:ff:
                    66:9b:e0:b0:c2:28:fa:ef:62:10:ae:38:35:23:43:
                    50:cf:66:12:32:2f:0d:78:0a:a8:6b:94:0f:0c:52:
                    bc:c3:68:21:05:c4:2d:bd:dd:81:a2:62:2f:c8:c6:
                    9c:e1:0b:04:b2:7e:d5:da:eb:36:ff:d6:2a:70:ad:
                    d3:1c:ed:c5:ed:0e:c8:e0:bd:27:60:b8:f1:86:df:
                    a3:ee:31:05:8f:f2:7a:89:6f:c6:f9:21:99:d6:69:
                    e9:41:9e:db:e5:a5:af:a2:eb:13:eb:ab:12:82:f6:
                    43:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0B:C6:B4:05:41:B9:8C:3B:07:0A:AD:E7:AC:92:51:0A:E9:BC:2A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:3300::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:fc:27:63:a1:cc:0b:ee:78:06:44:4e:bb:91:f2:c4:2b:86:
         8b:8d:ab:15:6e:87:9c:ae:85:40:c7:30:5e:7f:5a:a2:3d:15:
         c3:2a:d7:fe:2a:68:d2:50:b2:f1:1c:6e:b3:bc:75:b8:b2:bf:
         90:a4:65:23:9f:6d:fa:66:13:ab:ee:c1:5b:da:c3:57:e5:1d:
         46:16:80:3d:12:f5:02:95:40:d8:28:5d:2e:17:5c:21:4d:71:
         af:ee:43:a9:ed:8e:d6:20:b2:0b:ea:87:20:0c:5f:bd:da:b7:
         ef:a6:92:b2:5b:0d:2e:9b:10:92:57:b2:65:8b:17:c6:82:f6:
         30:c4:ab:98:06:33:ab:3b:97:62:ac:59:3b:15:39:38:5e:30:
         d4:9a:b6:ef:3d:80:b3:4f:dd:17:df:d0:e2:bf:b3:4c:aa:9d:
         89:1b:fd:3e:ba:8d:ca:15:a1:88:e0:a3:72:42:6a:d2:5b:e9:
         f4:09:47:7e:3c:2b:9d:7f:f2:a8:85:52:eb:2f:c2:5b:a2:de:
         31:47:c5:8d:da:e5:6b:aa:a3:b6:28:0b:4f:49:e6:54:1d:9a:
         6e:35:0d:2e:c2:29:5d:3d:19:83:67:6e:f1:66:f5:b1:6e:a9:
         f1:a6:e8:0a:b7:72:88:6e:9f:5a:93:f6:74:9b:34:c8:fd:23:
         4e:da:ad:dd
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUStK/7yMP+gAmhX7Vsm3+1hrP8u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTExMDMyMzU3NDhaFw0yNjExMDMwMDAyNDhaMDMxMTAvBgNV
BAMTKEQ0MEJDNkI0MDU0MUI5OEMzQjA3MEFBREU3QUM5MjUxMEFFOUJDMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwaSFm2TeI5t1d6JhT5iNOLnoZ
LI2pkUATTi07T7qHjOp8nNQYXzTEGtEN92pcqIzzaG0Jik0UfBPYUw2tarNwfNVv
K/dxRmv2vCL70hsg9Pcks0dNiWLFA6xrNrgkjO83mDWDf6FYIoLtXbcqguCA7K/D
gSimYIYZEpoEYBsydsy/TIJwh6bj2CMkvQ7NWOjYaID3/2ab4LDCKPrvYhCuODUj
Q1DPZhIyLw14CqhrlA8MUrzDaCEFxC293YGiYi/IxpzhCwSyftXa6zb/1ipwrdMc
7cXtDsjgvSdguPGG36PuMQWP8nqJb8b5IZnWaelBntvlpa+i6xPrqxKC9kO7AgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU1AvGtAVBuYw7Bwqt56ySUQrpvCowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsz
ADANBgkqhkiG9w0BAQsFAAOCAQEAofwnY6HMC+54BkROu5HyxCuGi42rFW6HnK6F
QMcwXn9aoj0VwyrX/ipo0lCy8Rxus7x1uLK/kKRlI59t+mYTq+7BW9rDV+UdRhaA
PRL1ApVA2ChdLhdcIU1xr+5Dqe2O1iCyC+qHIAxfvdq376aSslsNLpsQkleyZYsX
xoL2MMSrmAYzqzuXYqxZOxU5OF4w1Jq27z2As0/dF9/Q4r+zTKqdiRv9PrqNyhWh
iOCjckJq0lvp9AlHfjwrnX/yqIVS6y/CW6LeMUfFjdrla6qjtigLT0nmVB2abjUN
LsIpXT0Zg2du8Wb1sW6p8aboCrdyiG6fWpP2dJs0yP0jTtqt3Q==
-----END CERTIFICATE-----