Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa
File:                     AS215144.roa (raw, json)
Hash identifier:          f13TIGKSERjGjpOPMventwdJn+Q0ue8ye56kyI2lIvA=
Subject key identifier:   86:C2:9F:3A:FC:75:99:DC:61:94:FC:76:BE:D5:7A:AC:5D:BF:B8:7C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       71F93BF84FA270648304C154E2FF2D7211BBE6A1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa
Signing time:             Fri 15 May 2026 11:47:13 +0000
ROA not before:           Fri 15 May 2026 11:42:13 +0000
ROA not after:            Fri 14 May 2027 11:47:13 +0000
asID:                     215144
IP address blocks:        2a13:9500:91::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f9:3b:f8:4f:a2:70:64:83:04:c1:54:e2:ff:2d:72:11:bb:e6:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 15 11:42:13 2026 GMT
            Not After : May 14 11:47:13 2027 GMT
        Subject: CN=86C29F3AFC7599DC6194FC76BED57AAC5DBFB87C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:a5:b4:67:a3:e3:6f:a3:dc:33:c3:b9:67:04:
                    69:14:55:a2:c0:ca:12:a1:01:a6:a3:3d:e3:81:46:
                    ac:a7:df:d1:a9:1f:f2:4d:84:64:2a:85:50:4d:77:
                    fe:3f:16:55:0e:4d:21:b2:0a:74:d9:17:7c:82:b0:
                    76:ef:93:ba:d4:d2:a5:85:0e:ee:bb:45:db:e5:fc:
                    c6:05:3b:9d:38:19:ab:1a:42:a6:81:07:39:52:03:
                    98:e6:e2:9b:f0:59:8f:1d:11:6d:99:de:0c:88:57:
                    f8:fc:c9:fa:5a:b7:a0:fb:ca:71:73:2c:9b:cc:05:
                    85:dc:b4:a5:71:05:ce:8b:ed:ba:c6:e6:e8:ee:24:
                    ca:f0:11:63:ca:c3:ec:d2:af:b7:5e:9e:eb:12:89:
                    a0:a2:49:38:50:c3:22:fe:6a:56:81:14:f7:9a:65:
                    e4:34:4e:98:92:44:ea:74:20:59:5e:65:a9:54:41:
                    c9:51:25:44:f2:b2:fb:df:37:4a:c3:76:68:b4:bc:
                    1a:2b:be:2c:3e:b5:dd:1d:1d:a3:5c:ca:9e:59:1f:
                    00:65:fe:8c:4f:b6:79:3f:9e:1a:6d:bf:ff:7d:59:
                    8d:32:fd:39:72:a9:11:36:c1:a8:a0:2c:21:4d:09:
                    87:78:61:fb:07:f7:53:db:e6:f3:01:46:e1:35:65:
                    3e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C2:9F:3A:FC:75:99:DC:61:94:FC:76:BE:D5:7A:AC:5D:BF:B8:7C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:91::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:70:84:df:c1:d6:92:d3:60:6e:ef:6f:0f:7d:a6:a6:92:e9:
         97:4d:4a:ad:02:29:fe:9b:c5:4c:57:34:b6:df:7c:5c:f2:2a:
         69:d7:75:e8:b3:10:41:2f:9a:1f:e1:09:09:97:be:db:ac:d6:
         0b:6a:f0:b6:c4:d6:78:9e:52:21:98:b4:28:cb:0f:90:52:96:
         13:aa:5b:fc:fc:dc:c8:cf:34:1e:11:d9:12:fa:8a:a5:24:5f:
         06:64:51:1c:18:15:94:9b:60:2e:34:43:0a:47:af:ac:a8:44:
         bf:4a:39:fd:8a:30:ae:69:b5:5a:73:bb:f7:34:f9:57:c5:1e:
         f2:3c:ad:05:70:b8:7e:f3:cd:c7:d0:e2:5d:f7:e9:f7:7b:3b:
         39:a0:e1:af:ba:0e:15:3d:2b:50:68:3f:3b:f6:a2:ae:d0:80:
         fc:3b:0b:de:ee:7c:5a:b6:cf:d1:ec:0a:77:e5:24:39:32:87:
         ac:e2:c3:b9:74:0d:f8:36:cc:5d:98:b4:e2:b6:e0:c9:05:0e:
         af:f5:d3:27:26:bf:2b:5c:56:63:19:63:11:1f:d7:d7:2d:90:
         7c:05:95:9b:2f:87:fb:50:1f:9d:e6:2d:ca:96:62:50:db:8f:
         43:1a:68:40:a3:17:fd:f7:a2:20:ca:ef:dd:5d:03:85:25:68:
         17:75:08:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcfk7+E+icGSDBMFU4v8tchG75qEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTUxMTQyMTNaFw0yNzA1MTQxMTQ3MTNaMDMxMTAvBgNV
BAMTKDg2QzI5RjNBRkM3NTk5REM2MTk0RkM3NkJFRDU3QUFDNURCRkI4N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlpbRno+Nvo9wzw7lnBGkUVaLA
yhKhAaajPeOBRqyn39GpH/JNhGQqhVBNd/4/FlUOTSGyCnTZF3yCsHbvk7rU0qWF
Du67Rdvl/MYFO504GasaQqaBBzlSA5jm4pvwWY8dEW2Z3gyIV/j8yfpat6D7ynFz
LJvMBYXctKVxBc6L7brG5ujuJMrwEWPKw+zSr7denusSiaCiSThQwyL+alaBFPea
ZeQ0TpiSROp0IFleZalUQclRJUTysvvfN0rDdmi0vBorviw+td0dHaNcyp5ZHwBl
/oxPtnk/nhptv/99WY0y/TlyqRE2waigLCFNCYd4YfsH91Pb5vMBRuE1ZT4TAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhsKfOvx1mdxhlPx2vtV6rF2/uHwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MTQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACRMA0GCSqGSIb3DQEBCwUAA4IBAQCncITfwdaS02Bu728PfaamkumXTUqtAin+
m8VMVzS233xc8ipp13XosxBBL5of4QkJl77brNYLavC2xNZ4nlIhmLQoyw+QUpYT
qlv8/NzIzzQeEdkS+oqlJF8GZFEcGBWUm2AuNEMKR6+sqES/Sjn9ijCuabVac7v3
NPlXxR7yPK0FcLh+883H0OJd9+n3ezs5oOGvug4VPStQaD879qKu0ID8Owve7nxa
ts/R7Ap35SQ5Moes4sO5dA34NsxdmLTituDJBQ6v9dMnJr8rXFZjGWMRH9fXLZB8
BZWbL4f7UB+d5i3KlmJQ249DGmhAoxf996Igyu/dXQOFJWgXdQjD
-----END CERTIFICATE-----