Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215898.roa
File:                     AS215898.roa (raw, json)
Hash identifier:          hCHoheODDwYoqUbJ/F8qJ2QVMajTKBy0dzM66pRe1AQ=
Subject key identifier:   69:97:E4:75:E8:44:B6:6D:19:45:13:47:2B:DA:D2:1D:2E:73:7F:69
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6E688D3D1C027E88503EAE36260BEB856B86D0D0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215898.roa
Signing time:             Thu 19 Feb 2026 16:01:43 +0000
ROA not before:           Thu 19 Feb 2026 15:56:43 +0000
ROA not after:            Thu 18 Feb 2027 16:01:43 +0000
asID:                     215898
IP address blocks:        185.158.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 01:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:68:8d:3d:1c:02:7e:88:50:3e:ae:36:26:0b:eb:85:6b:86:d0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 19 15:56:43 2026 GMT
            Not After : Feb 18 16:01:43 2027 GMT
        Subject: CN=6997E475E844B66D194513472BDAD21D2E737F69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:cd:a9:ca:a0:59:3c:52:87:c1:27:9a:15:
                    64:14:c9:53:7f:24:53:35:96:b0:b4:48:13:a8:c0:
                    55:a9:9b:c8:c3:59:67:c4:cd:77:dc:aa:f7:b2:c1:
                    54:03:74:27:af:6f:02:fe:a1:9f:49:81:97:66:70:
                    7a:be:04:66:12:57:8c:61:dd:f6:74:3d:a4:01:e3:
                    c6:e9:d1:bf:2c:67:61:c2:48:35:8a:e2:7d:92:ac:
                    fa:e5:20:49:b4:ed:78:20:19:6d:96:1e:67:dc:e2:
                    c7:40:05:a6:b0:83:d3:bd:88:c3:70:8b:0e:74:d7:
                    24:ea:d0:89:25:a5:21:85:a4:c5:d7:08:7c:bb:31:
                    b6:a7:df:34:20:d3:64:83:e2:04:20:1f:11:f1:e9:
                    e3:63:e6:16:96:2c:a3:50:55:81:29:34:fc:fa:b8:
                    a7:36:55:6b:18:70:a4:74:5e:24:9c:b1:3a:c4:cb:
                    9a:3d:35:22:ee:69:16:57:67:33:ef:8c:8d:b0:e7:
                    e3:6d:64:13:2f:86:28:be:c6:b3:87:30:69:a8:80:
                    ad:bb:9d:dd:93:d9:74:d5:03:6b:5a:d3:f7:d1:bf:
                    86:25:52:1d:64:c3:0f:8d:60:e9:6d:e3:d9:a5:57:
                    fa:ef:72:c5:3d:cb:a3:1e:5e:e3:73:75:8c:a8:f5:
                    2d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:97:E4:75:E8:44:B6:6D:19:45:13:47:2B:DA:D2:1D:2E:73:7F:69
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:54:40:06:86:ac:f0:cb:ff:e5:02:b8:af:be:ad:90:46:5e:
         ac:10:f8:04:6d:c8:90:df:28:89:b6:af:e8:3c:e6:90:7e:45:
         d1:89:90:f8:39:8a:5e:ef:f4:13:bc:93:48:64:73:ab:7d:1d:
         e1:9d:92:b9:96:5a:bb:72:8c:c9:eb:43:54:59:82:d0:20:f4:
         f1:50:15:ed:25:d0:8e:d4:7c:fa:19:bf:ac:78:88:40:93:5a:
         95:ea:f1:d3:5b:0c:e4:88:1b:1f:5c:33:31:46:17:85:30:7d:
         ee:82:61:9b:e0:ce:8a:24:58:c6:d2:1c:36:77:5f:ae:45:00:
         31:aa:f9:ca:70:39:8f:3a:87:7f:55:16:ce:a5:c5:70:12:df:
         45:9d:f2:c0:e2:73:f0:c0:50:b8:2a:13:7a:b7:9f:56:3a:c6:
         2f:12:31:a1:c8:e1:18:1e:ff:8d:e0:6f:d8:dc:78:62:54:ce:
         01:3d:0b:1b:d6:89:10:4c:b5:97:cd:6f:de:0f:af:6f:85:1d:
         28:ba:58:ae:32:d5:ec:dd:78:7a:95:3c:3d:19:bb:48:2b:6a:
         46:46:4f:b2:ae:9e:d8:d5:29:96:8d:d9:fd:08:f2:74:40:3a:
         ee:ad:75:95:79:5e:3f:99:0c:2a:da:e4:45:91:f5:d3:96:c4:
         fc:0a:b9:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbmiNPRwCfohQPq42JgvrhWuG0NAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTkxNTU2NDNaFw0yNzAyMTgxNjAxNDNaMDMxMTAvBgNV
BAMTKDY5OTdFNDc1RTg0NEI2NkQxOTQ1MTM0NzJCREFEMjFEMkU3MzdGNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUbM2pyqBZPFKHwSeaFWQUyVN/
JFM1lrC0SBOowFWpm8jDWWfEzXfcqveywVQDdCevbwL+oZ9JgZdmcHq+BGYSV4xh
3fZ0PaQB48bp0b8sZ2HCSDWK4n2SrPrlIEm07XggGW2WHmfc4sdABaawg9O9iMNw
iw501yTq0IklpSGFpMXXCHy7Mban3zQg02SD4gQgHxHx6eNj5haWLKNQVYEpNPz6
uKc2VWsYcKR0XiScsTrEy5o9NSLuaRZXZzPvjI2w5+NtZBMvhii+xrOHMGmogK27
nd2T2XTVA2ta0/fRv4YlUh1kww+NYOlt49mlV/rvcsU9y6MeXuNzdYyo9S0fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaZfkdehEtm0ZRRNHK9rSHS5zf2kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1ODk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ6X
MA0GCSqGSIb3DQEBCwUAA4IBAQCHVEAGhqzwy//lArivvq2QRl6sEPgEbciQ3yiJ
tq/oPOaQfkXRiZD4OYpe7/QTvJNIZHOrfR3hnZK5llq7cozJ60NUWYLQIPTxUBXt
JdCO1Hz6Gb+seIhAk1qV6vHTWwzkiBsfXDMxRheFMH3ugmGb4M6KJFjG0hw2d1+u
RQAxqvnKcDmPOod/VRbOpcVwEt9FnfLA4nPwwFC4KhN6t59WOsYvEjGhyOEYHv+N
4G/Y3HhiVM4BPQsb1okQTLWXzW/eD69vhR0ouliuMtXs3Xh6lTw9GbtIK2pGRk+y
rp7Y1SmWjdn9CPJ0QDrurXWVeV4/mQwq2uRFkfXTlsT8Crni
-----END CERTIFICATE-----