Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215108.roa
File:                     AS215108.roa (raw, json)
Hash identifier:          1Z0SYGLZ/BaZ8nCulcgd2L8oKBIedDrOnOaue1badBY=
Subject key identifier:   ED:72:23:36:29:FC:15:69:77:60:9F:1B:9B:7B:9E:69:F1:BB:60:C4
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       51092A0000D5C5B899F8C21D1122DE3EF10E8452
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215108.roa
Signing time:             Fri 25 Jul 2025 08:07:44 +0000
ROA not before:           Fri 25 Jul 2025 08:02:44 +0000
ROA not after:            Fri 24 Jul 2026 08:07:44 +0000
asID:                     215108
IP address blocks:        2a0f:85c1:3bf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:09:2a:00:00:d5:c5:b8:99:f8:c2:1d:11:22:de:3e:f1:0e:84:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:44 2025 GMT
            Not After : Jul 24 08:07:44 2026 GMT
        Subject: CN=ED72233629FC156977609F1B9B7B9E69F1BB60C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2a:cc:6a:81:ee:7b:2e:c3:2c:9c:df:bf:ea:
                    b9:c3:e1:a5:0e:71:a8:a3:f2:2b:63:5d:aa:a4:84:
                    51:d0:d4:5c:8c:a3:d8:22:23:f1:d4:cf:72:95:15:
                    a1:c0:46:01:74:3f:94:86:c9:98:b5:68:4a:a7:b7:
                    ce:b5:af:15:ec:b8:5c:25:1a:16:07:5a:06:06:50:
                    fb:33:73:77:08:4c:69:c9:36:1f:53:ed:04:50:a9:
                    21:3f:9a:a3:ce:0b:ab:31:fe:a9:ee:4b:2a:a8:3e:
                    06:7d:24:f0:bd:6c:b0:23:e1:10:e7:66:51:ca:77:
                    8f:8f:72:5e:bc:61:23:0e:0e:65:68:4b:de:85:ac:
                    ca:52:5a:18:5c:1d:87:25:25:67:e2:eb:4e:14:35:
                    e6:c0:6e:2d:08:d3:7f:c0:0d:8d:4e:0f:a8:62:fb:
                    5f:12:15:55:28:2a:12:ef:d4:85:e2:62:b0:aa:fb:
                    b0:06:e6:b4:e3:9b:5a:f3:6a:3f:04:8a:b0:f2:fd:
                    8e:7c:3e:60:26:f9:99:37:31:b7:d4:32:a2:9c:ba:
                    62:c7:7b:de:43:ef:33:92:a1:86:64:13:10:ed:74:
                    d7:8f:85:df:57:06:d0:dd:10:5a:c4:36:99:e2:b9:
                    55:63:e4:38:8c:45:24:01:6f:fb:ed:1c:97:39:de:
                    da:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:72:23:36:29:FC:15:69:77:60:9F:1B:9B:7B:9E:69:F1:BB:60:C4
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215108.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3bf::/48

    Signature Algorithm: sha256WithRSAEncryption
         ec:42:24:43:10:fb:7c:5a:9f:82:d5:87:07:90:eb:fb:24:9e:
         90:29:c4:43:13:fb:65:55:f5:e1:e5:45:a5:7b:47:03:82:cd:
         2e:dd:29:02:e4:d4:b9:44:4f:84:8d:00:e7:ff:bd:10:84:61:
         cb:b5:0e:83:9a:b1:a8:d9:02:38:98:d4:4f:28:82:1b:65:bb:
         11:e1:4b:2c:f4:ce:d5:8b:93:e6:c2:f1:b0:2a:fb:30:48:33:
         c1:ce:f7:39:5a:06:ed:fd:12:95:28:fe:ac:e7:e7:8c:47:a1:
         91:1a:3b:ee:c5:3b:c9:de:1d:84:8a:bd:af:cd:8b:4e:f7:b9:
         8b:03:bb:09:d9:4a:5c:52:77:5b:39:51:7b:4f:d6:84:2f:bf:
         f5:e8:27:81:09:17:9f:7f:62:ae:5b:fe:0c:97:c9:8b:8a:03:
         29:bd:e0:e6:f5:f5:bc:fb:6d:ad:c9:c1:83:f4:3c:63:e2:c6:
         dc:3d:b9:c1:44:3a:c1:70:cd:2e:ba:49:60:0d:dd:6a:17:bd:
         82:a7:9e:98:77:2e:50:e3:0d:07:15:38:dd:7c:a7:69:22:d9:
         d1:61:49:b9:08:43:40:f7:87:da:fc:ef:9b:7c:57:a0:06:91:
         38:87:94:63:10:8f:36:01:80:1a:0b:8d:37:03:f6:ac:57:c5:
         24:c6:7e:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUQkqAADVxbiZ+MIdESLePvEOhFIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDRaFw0yNjA3MjQwODA3NDRaMDMxMTAvBgNV
BAMTKEVENzIyMzM2MjlGQzE1Njk3NzYwOUYxQjlCN0I5RTY5RjFCQjYwQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAKsxqge57LsMsnN+/6rnD4aUO
caij8itjXaqkhFHQ1FyMo9giI/HUz3KVFaHARgF0P5SGyZi1aEqnt861rxXsuFwl
GhYHWgYGUPszc3cITGnJNh9T7QRQqSE/mqPOC6sx/qnuSyqoPgZ9JPC9bLAj4RDn
ZlHKd4+Pcl68YSMODmVoS96FrMpSWhhcHYclJWfi604UNebAbi0I03/ADY1OD6hi
+18SFVUoKhLv1IXiYrCq+7AG5rTjm1rzaj8EirDy/Y58PmAm+Zk3MbfUMqKcumLH
e95D7zOSoYZkExDtdNePhd9XBtDdEFrENpniuVVj5DiMRSQBb/vtHJc53toBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU7XIjNin8FWl3YJ8bm3ueafG7YMQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO/MA0GCSqGSIb3DQEBCwUAA4IBAQDsQiRDEPt8Wp+C1YcHkOv7JJ6QKcRDE/tl
VfXh5UWle0cDgs0u3SkC5NS5RE+EjQDn/70QhGHLtQ6DmrGo2QI4mNRPKIIbZbsR
4Uss9M7Vi5PmwvGwKvswSDPBzvc5Wgbt/RKVKP6s5+eMR6GRGjvuxTvJ3h2Eir2v
zYtO97mLA7sJ2UpcUndbOVF7T9aEL7/16CeBCReff2KuW/4Ml8mLigMpveDm9fW8
+22tycGD9Dxj4sbcPbnBRDrBcM0uuklgDd1qF72Cp56Ydy5Q4w0HFTjdfKdpItnR
YUm5CENA94fa/O+bfFegBpE4h5RjEI82AYAaC403A/asV8Ukxn6j
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:13:27 2025 by rpki-client