Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          WC6j/jmskQDJwuL+jMU5xnJtdZ8jdS3Ky3EyVfdH6PA=
Subject key identifier:   92:43:A0:95:97:3B:D0:17:49:6E:66:47:14:72:5B:F3:2A:F4:95:8E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       749BB31CF107DD1B137AFAC3DF46F173EB05863D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215607.roa
Signing time:             Fri 03 Apr 2026 21:05:10 +0000
ROA not before:           Fri 03 Apr 2026 21:00:10 +0000
ROA not after:            Fri 02 Apr 2027 21:05:10 +0000
asID:                     215607
IP address blocks:        84.75.76.0/24 maxlen: 24
                          178.83.245.0/24 maxlen: 24
                          178.83.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:9b:b3:1c:f1:07:dd:1b:13:7a:fa:c3:df:46:f1:73:eb:05:86:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  3 21:00:10 2026 GMT
            Not After : Apr  2 21:05:10 2027 GMT
        Subject: CN=9243A095973BD017496E664714725BF32AF4958E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b1:04:04:a0:a4:f3:b7:d9:da:8e:1c:6a:e4:
                    af:69:b1:d4:62:68:fd:65:a2:8e:59:45:11:6f:a6:
                    b4:7f:11:35:e1:a5:6b:46:9f:13:3a:af:03:71:33:
                    cd:63:c8:39:f4:e1:ca:74:85:eb:d2:cc:b5:4b:fe:
                    f9:30:85:3e:2c:0d:cf:fd:e0:6a:20:30:f4:84:f0:
                    d4:35:6d:f8:9b:88:b1:7a:80:c2:06:90:71:77:fc:
                    e5:e9:04:9b:54:81:83:fd:b7:08:7c:d9:43:a8:83:
                    f1:a2:0b:6c:75:4e:61:4a:f3:b3:65:e5:35:63:d8:
                    fd:2a:1d:e2:81:75:42:2d:30:7c:ca:45:01:db:ac:
                    e6:a4:41:b7:66:40:09:42:54:8c:87:bf:2b:4e:28:
                    89:a5:48:2d:e5:4c:a8:92:e8:03:8e:12:74:34:61:
                    c4:92:d6:77:92:1b:74:f7:ae:03:f5:6f:8d:ae:32:
                    22:02:6f:51:f8:a0:c4:05:2d:45:8b:ab:ab:86:54:
                    1e:a4:10:82:c7:8f:5c:29:b5:e0:f6:a3:25:45:1c:
                    0a:03:cf:f1:41:7b:ed:fa:00:d2:8e:7d:a9:23:04:
                    0b:75:ad:d1:e1:75:52:c7:26:8b:42:5b:eb:47:ad:
                    cf:a9:a1:22:be:97:e9:ee:82:a6:74:cd:35:be:6e:
                    ea:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:43:A0:95:97:3B:D0:17:49:6E:66:47:14:72:5B:F3:2A:F4:95:8E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.76.0/24
                  178.83.245.0/24
                  178.83.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ad:71:a5:f3:0d:4c:bf:68:9c:88:a1:16:33:9f:d1:b6:53:
         3c:9f:0a:f5:fb:3a:b5:74:1d:bc:23:a5:ad:0b:3f:b9:47:43:
         61:f5:a7:98:0a:d1:cd:c7:e4:65:c5:8c:1e:73:10:23:5b:79:
         ab:fb:71:fc:a8:ee:2d:8f:4a:d4:e2:d5:32:1c:f9:98:19:5f:
         b1:76:b2:e9:1f:74:b8:43:d1:60:98:ab:00:76:9a:35:58:45:
         80:1e:9a:3c:87:da:27:37:1d:bc:e0:39:b6:2b:3d:27:94:c0:
         8e:da:d4:e6:6b:50:08:df:b9:7d:26:aa:1e:2a:24:63:de:be:
         04:b4:b8:93:7c:24:72:95:bb:b9:18:0b:6a:92:f0:3f:c2:58:
         42:fd:54:6f:45:d6:f5:91:60:38:ee:7a:17:12:c6:db:e6:26:
         c5:ba:16:0b:0f:49:d9:c1:ca:dc:be:a2:9a:75:b6:b1:4d:e6:
         13:85:3f:72:e0:49:3e:0d:dc:d7:78:a7:a6:31:4c:f5:13:c0:
         e8:97:23:7a:2c:df:63:01:c4:50:55:66:b7:0e:9d:03:e4:44:
         50:43:43:44:05:c9:ff:29:51:cd:11:6f:ac:d0:df:8e:40:d5:
         05:b2:28:6e:ae:49:82:21:91:9b:1b:5e:25:d6:5d:7c:ce:b6:
         79:65:44:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdJuzHPEH3RsTevrD30bxc+sFhj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDMyMTAwMTBaFw0yNzA0MDIyMTA1MTBaMDMxMTAvBgNV
BAMTKDkyNDNBMDk1OTczQkQwMTc0OTZFNjY0NzE0NzI1QkYzMkFGNDk1OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsQQEoKTzt9najhxq5K9psdRi
aP1loo5ZRRFvprR/ETXhpWtGnxM6rwNxM81jyDn04cp0hevSzLVL/vkwhT4sDc/9
4GogMPSE8NQ1bfibiLF6gMIGkHF3/OXpBJtUgYP9twh82UOog/GiC2x1TmFK87Nl
5TVj2P0qHeKBdUItMHzKRQHbrOakQbdmQAlCVIyHvytOKImlSC3lTKiS6AOOEnQ0
YcSS1neSG3T3rgP1b42uMiICb1H4oMQFLUWLq6uGVB6kEILHj1wpteD2oyVFHAoD
z/FBe+36ANKOfakjBAt1rdHhdVLHJotCW+tHrc+poSK+l+nugqZ0zTW+bur5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUkkOglZc70BdJbmZHFHJb8yr0lY4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVEtM
AwQAslP1AwQAslP8MA0GCSqGSIb3DQEBCwUAA4IBAQAXrXGl8w1Mv2iciKEWM5/R
tlM8nwr1+zq1dB28I6WtCz+5R0Nh9aeYCtHNx+RlxYwecxAjW3mr+3H8qO4tj0rU
4tUyHPmYGV+xdrLpH3S4Q9FgmKsAdpo1WEWAHpo8h9onNx284Dm2Kz0nlMCO2tTm
a1AI37l9JqoeKiRj3r4EtLiTfCRylbu5GAtqkvA/wlhC/VRvRdb1kWA47noXEsbb
5ibFuhYLD0nZwcrcvqKadbaxTeYThT9y4Ek+DdzXeKemMUz1E8DolyN6LN9jAcRQ
VWa3Dp0D5ERQQ0NEBcn/KVHNEW+s0N+OQNUFsihurkmCIZGbG14l1l18zrZ5ZUTI
-----END CERTIFICATE-----