Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202615.roa
File:                     AS202615.roa (raw, json)
Hash identifier:          EAfjs+NYn1zCaWSQYrnAvooVIq+teH/bFrelL1ZTUK0=
Subject key identifier:   70:58:2C:2A:B4:D6:3B:EE:B5:BD:AA:04:3F:A6:2B:0B:E3:83:59:8D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5C211C744789A9CBC9343938641CD4484231E510
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202615.roa
Signing time:             Tue 27 Jan 2026 16:09:08 +0000
ROA not before:           Tue 27 Jan 2026 16:04:08 +0000
ROA not after:            Tue 26 Jan 2027 16:09:08 +0000
asID:                     202615
IP address blocks:        2a0f:85c1:e24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:21:1c:74:47:89:a9:cb:c9:34:39:38:64:1c:d4:48:42:31:e5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 27 16:04:08 2026 GMT
            Not After : Jan 26 16:09:08 2027 GMT
        Subject: CN=70582C2AB4D63BEEB5BDAA043FA62B0BE383598D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:be:3c:57:64:d9:3a:5c:60:dc:0a:f1:66:fc:
                    ef:d7:8d:31:ef:50:57:29:10:1c:55:cd:64:20:2e:
                    6c:89:f6:4f:44:bd:d4:4f:b5:1c:30:e0:fb:93:d2:
                    65:0f:6e:9b:47:d2:ed:6f:d7:d4:0f:ee:ae:75:4a:
                    25:45:5d:12:84:3a:c7:08:2e:93:91:52:c4:9d:2e:
                    52:67:7d:d7:4f:29:2f:c2:39:64:db:79:fe:3b:fd:
                    2e:6e:14:ca:2f:03:18:17:b2:6f:45:2c:6d:02:25:
                    2b:27:00:dc:02:0f:a2:23:76:33:14:96:2d:a9:1a:
                    7d:7e:62:2d:56:f2:71:92:28:cb:0b:ef:77:85:2b:
                    70:a8:64:fd:e8:45:02:70:a4:ad:de:2a:c2:ea:86:
                    de:f4:ec:f7:25:99:8d:dd:1b:cd:8b:e9:34:58:c1:
                    ee:7f:9e:f0:42:6d:1f:a0:5b:76:73:b8:60:70:8f:
                    ce:aa:a9:47:87:a6:cf:a5:0a:9f:43:5c:2d:cb:9e:
                    ca:48:90:51:49:7b:44:ee:31:44:64:95:e7:87:fc:
                    f6:7a:c2:b3:8a:df:ee:47:51:7a:63:4a:d0:9a:78:
                    a5:ab:d3:43:ec:5c:ce:27:72:04:7b:b1:f2:16:40:
                    aa:52:6a:e3:ef:1e:e1:2f:61:f6:5f:69:2c:6a:f8:
                    35:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:58:2C:2A:B4:D6:3B:EE:B5:BD:AA:04:3F:A6:2B:0B:E3:83:59:8D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202615.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:e24::/48

    Signature Algorithm: sha256WithRSAEncryption
         d5:a0:91:d6:08:66:c9:f9:6e:c9:71:a8:fc:78:be:54:41:7f:
         c0:92:57:cc:ff:a9:c5:c7:31:09:4f:ad:98:3d:48:bf:7b:5e:
         46:d2:dc:0c:a0:ca:fd:13:53:90:7d:c4:84:23:30:05:07:85:
         42:f0:dd:da:96:79:73:a3:9c:74:89:df:87:84:27:54:b8:d5:
         bc:c5:bb:9b:21:27:c3:00:76:f2:9e:66:b6:ed:b8:c0:9a:41:
         eb:f1:50:ea:31:20:5c:49:6d:c9:bf:ab:44:3d:fc:6c:c5:58:
         e7:02:f8:87:9f:58:ce:a0:58:b7:cc:6b:69:85:0b:16:21:74:
         dd:79:37:6f:7e:09:23:eb:93:52:8a:07:d3:55:80:a0:39:51:
         d8:e4:48:fe:0c:53:f3:0c:af:59:17:a1:bb:86:f6:46:c6:96:
         43:45:55:ec:36:ab:7e:72:1c:6a:3f:91:31:83:3e:ac:69:6f:
         5a:1c:3f:95:04:8f:51:7d:a0:2b:74:b4:7a:16:9f:f7:25:5d:
         b7:b5:a8:8d:7e:a2:f7:28:26:bf:32:b3:2f:bf:3e:f7:a0:66:
         a7:6b:05:41:ac:bb:b6:61:36:ca:a8:e2:07:e3:98:b4:95:38:
         7b:83:47:c4:eb:75:69:81:f0:fc:86:49:ea:78:ff:70:9d:c6:
         79:4d:61:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUXCEcdEeJqcvJNDk4ZBzUSEIx5RAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMjcxNjA0MDhaFw0yNzAxMjYxNjA5MDhaMDMxMTAvBgNV
BAMTKDcwNTgyQzJBQjRENjNCRUVCNUJEQUEwNDNGQTYyQjBCRTM4MzU5OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/vjxXZNk6XGDcCvFm/O/XjTHv
UFcpEBxVzWQgLmyJ9k9EvdRPtRww4PuT0mUPbptH0u1v19QP7q51SiVFXRKEOscI
LpORUsSdLlJnfddPKS/COWTbef47/S5uFMovAxgXsm9FLG0CJSsnANwCD6IjdjMU
li2pGn1+Yi1W8nGSKMsL73eFK3CoZP3oRQJwpK3eKsLqht707PclmY3dG82L6TRY
we5/nvBCbR+gW3ZzuGBwj86qqUeHps+lCp9DXC3LnspIkFFJe0TuMURkleeH/PZ6
wrOK3+5HUXpjStCaeKWr00PsXM4ncgR7sfIWQKpSauPvHuEvYfZfaSxq+DWtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUcFgsKrTWO+61vaoEP6YrC+ODWY0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyNjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ4kMA0GCSqGSIb3DQEBCwUAA4IBAQDVoJHWCGbJ+W7Jcaj8eL5UQX/AklfM/6nF
xzEJT62YPUi/e15G0twMoMr9E1OQfcSEIzAFB4VC8N3alnlzo5x0id+HhCdUuNW8
xbubISfDAHbynma27bjAmkHr8VDqMSBcSW3Jv6tEPfxsxVjnAviHn1jOoFi3zGtp
hQsWIXTdeTdvfgkj65NSigfTVYCgOVHY5Ej+DFPzDK9ZF6G7hvZGxpZDRVXsNqt+
chxqP5Exgz6saW9aHD+VBI9RfaArdLR6Fp/3JV23taiNfqL3KCa/MrMvvz73oGan
awVBrLu2YTbKqOIH45i0lTh7g0fE63VpgfD8hknqeP9wncZ5TWFs
-----END CERTIFICATE-----