Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215062.roa
File:                     AS215062.roa (raw, json)
Hash identifier:          Pven78Pidsa0GKvjZ3vj1cDnx+zXrrwW0OYV8E6F7pE=
Subject key identifier:   4E:65:E8:20:DD:07:A6:FF:39:64:68:3C:83:96:EE:B9:89:EC:CF:EC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       106C8E87965F6B8D3919B0B8DDD1615E06E9CFBF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215062.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     215062
IP address blocks:        2a0f:85c1:3c7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:6c:8e:87:96:5f:6b:8d:39:19:b0:b8:dd:d1:61:5e:06:e9:cf:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=4E65E820DD07A6FF3964683C8396EEB989ECCFEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8a:8f:2d:fc:7d:27:63:79:cb:3d:c5:73:32:
                    de:42:ff:63:4d:b6:b1:c0:43:6a:3c:03:05:ad:a6:
                    02:78:bb:36:38:c1:62:66:2b:c7:1e:f7:ff:a5:ae:
                    ce:5d:4a:78:7a:35:28:93:01:ab:fa:86:dc:1b:56:
                    20:e8:76:62:f3:0e:bb:5b:1d:c5:27:17:d4:eb:16:
                    b7:7e:a8:dc:eb:d1:69:dd:cb:e8:b4:56:90:4a:d8:
                    36:40:41:d7:40:2b:1e:17:7b:c7:45:d0:17:14:1d:
                    eb:61:9b:70:80:8c:0c:6a:6d:a9:6c:d0:88:f0:1f:
                    dc:80:7a:f9:97:e9:cd:85:d0:7a:f2:a8:ab:f7:ca:
                    24:0d:56:6a:68:fb:f4:f0:d6:0d:c3:5c:97:52:d5:
                    6a:8c:c7:0d:ef:70:49:02:ea:a1:30:c8:94:72:40:
                    ab:fb:f3:35:a5:f1:e6:55:a0:f5:3c:35:92:9d:78:
                    d7:86:08:ae:d0:d7:ce:8a:d6:fd:0f:2b:91:0a:da:
                    54:f7:64:cd:1e:34:eb:1e:a0:9e:86:33:47:9e:ec:
                    fd:5c:69:22:53:9c:58:26:19:7d:de:05:02:b1:00:
                    ec:5f:a1:a4:d4:1e:0d:c8:a4:7c:76:c0:c8:b7:4b:
                    5c:7a:03:3a:46:18:78:2c:85:c7:c2:db:ca:fc:3b:
                    c8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:65:E8:20:DD:07:A6:FF:39:64:68:3C:83:96:EE:B9:89:EC:CF:EC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215062.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         df:f3:ab:5b:ae:db:65:cc:13:a2:c6:48:ca:c1:98:36:c9:88:
         03:61:d2:83:1f:8a:27:0c:71:1c:00:b1:12:ef:77:19:35:57:
         4e:39:11:da:f5:9e:b1:ef:87:fa:d0:6e:34:79:1c:1c:74:40:
         e3:04:29:35:2f:e1:b2:c3:1d:41:6d:15:2e:a6:52:2b:5d:1e:
         e5:45:68:21:91:33:30:8f:98:07:59:66:fb:b6:9d:74:04:e3:
         be:54:37:f8:5d:b3:9b:ac:ae:9a:10:d5:80:79:c5:f5:97:eb:
         9b:63:d2:b5:42:19:cc:da:e5:80:03:43:e8:17:fd:bb:5a:38:
         c4:0c:58:72:7e:8c:b7:ab:2c:10:20:c8:3b:70:c3:32:a7:ec:
         8c:16:3d:3d:19:80:07:5e:74:84:c6:c3:5c:bd:8d:9f:cd:17:
         fe:35:8e:30:b9:16:a1:26:57:86:53:d5:1a:c2:97:58:75:c7:
         65:62:67:34:16:b0:52:73:4d:da:27:8b:39:5b:a6:87:c1:15:
         76:0c:c8:1f:70:ed:25:c6:60:37:75:ac:24:79:37:b6:98:95:
         73:0e:2b:fe:a8:a6:73:c0:28:4c:26:bb:c7:de:83:59:d0:5a:
         ca:b9:14:a8:71:63:95:bf:7f:c4:55:7b:93:37:56:ad:55:a3:
         24:ae:ee:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEGyOh5Zfa405GbC43dFhXgbpz78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKDRFNjVFODIwREQwN0E2RkYzOTY0NjgzQzgzOTZFRUI5ODlFQ0NGRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMio8t/H0nY3nLPcVzMt5C/2NN
trHAQ2o8AwWtpgJ4uzY4wWJmK8ce9/+lrs5dSnh6NSiTAav6htwbViDodmLzDrtb
HcUnF9TrFrd+qNzr0Wndy+i0VpBK2DZAQddAKx4Xe8dF0BcUHethm3CAjAxqbals
0IjwH9yAevmX6c2F0HryqKv3yiQNVmpo+/Tw1g3DXJdS1WqMxw3vcEkC6qEwyJRy
QKv78zWl8eZVoPU8NZKdeNeGCK7Q186K1v0PK5EK2lT3ZM0eNOseoJ6GM0ee7P1c
aSJTnFgmGX3eBQKxAOxfoaTUHg3IpHx2wMi3S1x6AzpGGHgshcfC28r8O8gvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTmXoIN0Hpv85ZGg8g5buuYnsz+wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MDYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPHMA0GCSqGSIb3DQEBCwUAA4IBAQDf86tbrttlzBOixkjKwZg2yYgDYdKDH4on
DHEcALES73cZNVdOORHa9Z6x74f60G40eRwcdEDjBCk1L+Gywx1BbRUuplIrXR7l
RWghkTMwj5gHWWb7tp10BOO+VDf4XbObrK6aENWAecX1l+ubY9K1QhnM2uWAA0Po
F/27WjjEDFhyfoy3qywQIMg7cMMyp+yMFj09GYAHXnSExsNcvY2fzRf+NY4wuRah
JleGU9UawpdYdcdlYmc0FrBSc03aJ4s5W6aHwRV2DMgfcO0lxmA3dawkeTe2mJVz
Div+qKZzwChMJrvH3oNZ0FrKuRSocWOVv3/EVXuTN1atVaMkru6y
-----END CERTIFICATE-----