Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215142.roa
File:                     AS215142.roa (raw, json)
Hash identifier:          YBtqpKdNr7AITUU3SQxeQYpfu7Y6A4iq1bmurACvQzA=
Subject key identifier:   85:0A:E9:4D:81:D5:9D:65:82:3D:93:64:21:65:4F:A0:52:51:3A:C0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5C793B2AE315EAC11B02753B798039126C7B78B8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215142.roa
Signing time:             Tue 09 Jun 2026 06:47:31 +0000
ROA not before:           Tue 09 Jun 2026 06:42:31 +0000
ROA not after:            Tue 08 Jun 2027 06:47:31 +0000
asID:                     215142
IP address blocks:        2a13:9500:a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:79:3b:2a:e3:15:ea:c1:1b:02:75:3b:79:80:39:12:6c:7b:78:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  9 06:42:31 2026 GMT
            Not After : Jun  8 06:47:31 2027 GMT
        Subject: CN=850AE94D81D59D65823D936421654FA052513AC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4b:c9:20:1a:08:e4:4f:96:2f:a0:d3:69:8c:
                    54:21:62:5c:62:69:77:cc:8a:91:47:60:91:03:7f:
                    0c:75:c6:5e:0d:4c:94:66:85:a2:01:7f:1f:c2:49:
                    88:b2:bc:53:52:d6:a6:df:65:2e:8d:12:34:82:10:
                    15:44:da:93:89:3d:c2:9a:b1:47:e8:d9:fb:b3:1c:
                    74:d1:d4:75:49:48:4c:bf:ad:cc:9e:c7:67:01:da:
                    0e:2e:0b:c0:f6:97:5e:3c:4e:13:b5:3c:9f:81:69:
                    24:16:2c:12:62:16:bf:07:78:d9:52:b7:9f:5a:7b:
                    b9:cd:1b:50:3e:ef:5d:c3:3c:7a:ac:92:e2:f7:fe:
                    5e:ed:82:c8:f8:b8:c8:fc:bb:97:15:23:a3:28:ce:
                    2a:9b:b6:9f:b1:43:f8:9f:ee:b2:47:3c:c4:3d:a3:
                    82:04:9b:7d:1c:5e:9a:3e:58:9c:d7:d4:7f:9c:81:
                    73:97:66:85:14:14:4b:8d:6a:f6:0c:7a:b8:2f:cc:
                    89:25:95:f7:ae:78:c2:3f:47:88:28:d4:e9:45:a6:
                    4b:43:12:63:1c:7c:c3:84:d8:c2:fc:30:4c:53:d0:
                    63:03:6a:ea:62:d7:c0:d0:5b:b7:a2:d3:80:e0:d5:
                    64:9a:2d:85:f4:95:70:39:f7:41:6a:9e:4f:0d:ef:
                    7e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0A:E9:4D:81:D5:9D:65:82:3D:93:64:21:65:4F:A0:52:51:3A:C0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215142.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:d5:4b:75:7f:05:a5:c7:82:44:27:c3:67:ee:fd:8b:32:b0:
         86:bb:78:99:b6:7d:a5:e2:c0:6d:c1:68:3b:76:3a:5f:ca:fc:
         50:6a:76:5c:de:d4:e4:a1:e1:45:2b:9d:a2:25:3b:a3:c3:21:
         d8:57:ac:ca:4b:ec:11:db:63:9c:05:c9:59:55:42:46:55:49:
         bc:3e:85:7a:c3:56:fa:8e:5e:48:b6:5c:a4:88:dd:a7:dc:be:
         6c:28:fa:92:c0:92:56:cd:80:b8:a7:67:8a:e4:a1:37:17:fe:
         20:4d:a6:c7:dd:82:73:5e:c5:3a:a8:33:7d:01:12:a4:2b:f4:
         4e:85:e3:20:44:e1:67:67:3b:75:ea:fb:c0:58:e5:f8:c5:98:
         fb:c3:c2:40:52:a8:18:48:3f:3b:ab:f3:dd:97:f6:c8:09:92:
         97:8c:04:a2:cf:aa:c7:4a:ae:9c:99:2c:4f:54:a0:f9:a5:93:
         59:8f:6c:f8:4b:0f:3e:ba:b6:2d:e5:00:14:19:aa:8f:18:8d:
         80:56:bb:0c:7c:3a:f6:51:72:01:ef:35:b3:6f:57:1d:ed:0b:
         03:ca:b8:b2:91:cb:c0:02:68:2f:b8:54:b9:a6:7b:94:e3:33:
         eb:97:0d:2d:59:c3:e8:07:80:f1:d7:da:2d:a7:d6:ea:93:63:
         5a:70:6f:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUXHk7KuMV6sEbAnU7eYA5Emx7eLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDkwNjQyMzFaFw0yNzA2MDgwNjQ3MzFaMDMxMTAvBgNV
BAMTKDg1MEFFOTREODFENTlENjU4MjNEOTM2NDIxNjU0RkEwNTI1MTNBQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUS8kgGgjkT5YvoNNpjFQhYlxi
aXfMipFHYJEDfwx1xl4NTJRmhaIBfx/CSYiyvFNS1qbfZS6NEjSCEBVE2pOJPcKa
sUfo2fuzHHTR1HVJSEy/rcyex2cB2g4uC8D2l148ThO1PJ+BaSQWLBJiFr8HeNlS
t59ae7nNG1A+713DPHqskuL3/l7tgsj4uMj8u5cVI6Moziqbtp+xQ/if7rJHPMQ9
o4IEm30cXpo+WJzX1H+cgXOXZoUUFEuNavYMergvzIkllfeueMI/R4go1OlFpktD
EmMcfMOE2ML8MExT0GMDaupi18DQW7ei04Dg1WSaLYX0lXA590Fqnk8N736BAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhQrpTYHVnWWCPZNkIWVPoFJROsAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACoMA0GCSqGSIb3DQEBCwUAA4IBAQCV1Ut1fwWlx4JEJ8Nn7v2LMrCGu3iZtn2l
4sBtwWg7djpfyvxQanZc3tTkoeFFK52iJTujwyHYV6zKS+wR22OcBclZVUJGVUm8
PoV6w1b6jl5ItlykiN2n3L5sKPqSwJJWzYC4p2eK5KE3F/4gTabH3YJzXsU6qDN9
ARKkK/ROheMgROFnZzt16vvAWOX4xZj7w8JAUqgYSD87q/Pdl/bICZKXjASiz6rH
Sq6cmSxPVKD5pZNZj2z4Sw8+urYt5QAUGaqPGI2AVrsMfDr2UXIB7zWzb1cd7QsD
yriykcvAAmgvuFS5pnuU4zPrlw0tWcPoB4Dx19otp9bqk2NacG+n
-----END CERTIFICATE-----