Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa
File:                     AS215727.roa (raw, json)
Hash identifier:          esXN3TfX/M8B+pgs2UTz5oPWOdiYGWhEuSyGJXsxd2k=
Subject key identifier:   78:7B:2E:4B:81:2A:36:D0:9C:73:92:1D:EB:58:02:89:F0:BC:5A:48
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7C4090547F85F2C9E6D0F0A12BE4C669EB02B856
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa
Signing time:             Wed 18 Feb 2026 00:00:10 +0000
ROA not before:           Tue 17 Feb 2026 23:55:10 +0000
ROA not after:            Wed 17 Feb 2027 00:00:10 +0000
asID:                     215727
IP address blocks:        82.23.134.0/24 maxlen: 24
                          82.24.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:40:90:54:7f:85:f2:c9:e6:d0:f0:a1:2b:e4:c6:69:eb:02:b8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 17 23:55:10 2026 GMT
            Not After : Feb 17 00:00:10 2027 GMT
        Subject: CN=787B2E4B812A36D09C73921DEB580289F0BC5A48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7f:77:25:22:09:7a:71:5b:ee:bf:b5:c6:1b:
                    04:4c:e0:35:dc:9b:21:51:16:43:1d:8a:d0:da:6e:
                    fc:01:02:71:b4:c2:c2:d8:9d:3e:3a:88:ea:72:79:
                    26:3c:6c:90:f1:48:ab:e9:b5:24:43:4b:39:75:67:
                    7f:64:75:a1:e9:3b:43:18:04:44:be:84:17:0f:d2:
                    31:96:33:5d:27:84:2c:fa:ab:0e:bd:86:b4:a3:a3:
                    3a:31:d2:16:64:13:cd:fb:c9:c0:2a:61:4c:67:dd:
                    b4:9e:14:ba:0e:21:0b:54:08:db:74:7a:83:c4:a1:
                    f7:d6:45:a6:4b:3f:df:a1:c6:40:73:24:e1:26:17:
                    71:96:74:91:0f:94:08:ec:8a:ab:e4:31:3f:49:35:
                    78:18:32:31:7c:73:aa:dc:70:a3:17:4a:39:ee:73:
                    2b:b9:82:1b:7e:f0:a6:3a:74:23:55:5f:3a:4e:ab:
                    4f:ea:6e:db:58:ba:cb:40:dd:eb:3a:b8:cd:5f:eb:
                    7f:26:3c:2c:1f:ab:04:99:6e:17:52:f1:24:9e:97:
                    1d:7d:5c:ec:12:99:24:57:a4:73:16:40:38:ef:8d:
                    6e:c5:4e:d7:25:f9:75:34:e9:84:9a:04:f4:c8:80:
                    84:b6:f4:2d:c7:aa:a6:89:ee:c2:12:ec:d8:e6:cb:
                    a6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:7B:2E:4B:81:2A:36:D0:9C:73:92:1D:EB:58:02:89:F0:BC:5A:48
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.134.0/24
                  82.24.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:cd:34:c2:18:9d:61:81:95:e9:03:30:32:fb:4d:2f:fc:12:
         4a:1d:9e:5d:bd:de:e1:b1:65:5c:72:af:54:a7:89:05:40:26:
         de:cf:ab:f3:ef:8f:ea:b1:4a:f3:d3:a3:67:d1:a5:e7:e6:2b:
         69:94:e7:a2:66:8c:db:cf:1e:14:27:f6:42:af:c2:b3:99:11:
         4a:32:79:f7:fb:2f:1d:aa:7b:9e:ba:47:ef:0c:c5:99:66:76:
         2b:1d:1c:32:48:ed:cd:4d:16:82:8e:a2:30:53:3e:14:d3:fb:
         31:31:c6:23:62:d0:53:11:6c:fa:42:c9:40:c1:a9:5f:71:e7:
         d2:71:12:e6:81:fc:6c:1b:f4:10:af:60:08:12:f9:dd:cb:05:
         28:56:b4:93:71:aa:3b:07:6e:80:71:49:08:5d:b5:a9:0b:4d:
         34:b6:27:63:af:31:ad:cb:d3:bd:2f:01:6b:09:3a:b6:85:12:
         7e:f0:24:00:25:9f:35:b2:04:c1:56:e1:b9:e0:7c:65:07:91:
         73:23:13:29:5e:c4:34:b5:47:e5:14:02:12:e1:bf:d5:91:72:
         18:5f:75:32:5e:60:da:50:0f:4a:5c:d7:ba:3b:ee:10:f3:72:
         67:2f:e8:f2:fa:15:41:dc:35:71:b7:a8:0f:2a:35:ba:9c:e3:
         e3:0d:a1:a5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfECQVH+F8snm0PChK+TGaesCuFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTcyMzU1MTBaFw0yNzAyMTcwMDAwMTBaMDMxMTAvBgNV
BAMTKDc4N0IyRTRCODEyQTM2RDA5QzczOTIxREVCNTgwMjg5RjBCQzVBNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRf3clIgl6cVvuv7XGGwRM4DXc
myFRFkMditDabvwBAnG0wsLYnT46iOpyeSY8bJDxSKvptSRDSzl1Z39kdaHpO0MY
BES+hBcP0jGWM10nhCz6qw69hrSjozox0hZkE837ycAqYUxn3bSeFLoOIQtUCNt0
eoPEoffWRaZLP9+hxkBzJOEmF3GWdJEPlAjsiqvkMT9JNXgYMjF8c6rccKMXSjnu
cyu5ght+8KY6dCNVXzpOq0/qbttYustA3es6uM1f638mPCwfqwSZbhdS8SSelx19
XOwSmSRXpHMWQDjvjW7FTtcl+XU06YSaBPTIgIS29C3HqqaJ7sIS7Njmy6bJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUeHsuS4EqNtCcc5Id61gCifC8WkgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NzI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUheG
AwQAUhivMA0GCSqGSIb3DQEBCwUAA4IBAQBWzTTCGJ1hgZXpAzAy+00v/BJKHZ5d
vd7hsWVccq9Up4kFQCbez6vz74/qsUrz06Nn0aXn5itplOeiZozbzx4UJ/ZCr8Kz
mRFKMnn3+y8dqnueukfvDMWZZnYrHRwySO3NTRaCjqIwUz4U0/sxMcYjYtBTEWz6
QslAwalfcefScRLmgfxsG/QQr2AIEvndywUoVrSTcao7B26AcUkIXbWpC000tidj
rzGty9O9LwFrCTq2hRJ+8CQAJZ81sgTBVuG54HxlB5FzIxMpXsQ0tUflFAIS4b/V
kXIYX3UyXmDaUA9KXNe6O+4Q83JnL+jy+hVB3DVxt6gPKjW6nOPjDaGl
-----END CERTIFICATE-----