Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215135.roa
File:                     AS215135.roa (raw, json)
Hash identifier:          pHax6BVi1dr35Bh+9qsyVTJRi7164GD6v1CM66LbwSo=
Subject key identifier:   D1:BD:B5:23:F2:ED:5A:F2:6C:44:90:C5:08:ED:95:E6:21:71:84:4B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3A7BFA736B77849205E6A9AC994A64654011AA82
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215135.roa
Signing time:             Fri 25 Jul 2025 08:07:35 +0000
ROA not before:           Fri 25 Jul 2025 08:02:35 +0000
ROA not after:            Fri 24 Jul 2026 08:07:35 +0000
asID:                     215135
IP address blocks:        2a0f:85c1:3b9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:7b:fa:73:6b:77:84:92:05:e6:a9:ac:99:4a:64:65:40:11:aa:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:35 2025 GMT
            Not After : Jul 24 08:07:35 2026 GMT
        Subject: CN=D1BDB523F2ED5AF26C4490C508ED95E62171844B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9c:39:77:cc:27:c8:a2:3e:c5:de:3a:79:ef:
                    81:ba:bd:94:f5:82:f7:cb:1c:6c:72:05:1a:d6:e2:
                    7b:30:81:19:bb:ef:59:f8:b3:a9:c6:89:3b:ee:80:
                    79:09:9c:e1:9c:4d:a2:6f:da:d4:29:ed:c1:0e:a9:
                    1e:1c:ff:36:ce:e4:8b:4e:3e:23:df:71:a3:9b:b9:
                    2e:ad:bd:fc:4f:80:18:d3:a9:e4:59:47:6f:01:43:
                    14:27:67:cc:27:21:e2:1e:a8:ae:80:c4:d2:c2:aa:
                    44:57:04:04:60:05:23:10:ea:ae:b9:1f:e6:02:18:
                    70:ad:59:20:0f:a3:3b:25:69:d8:50:e3:0d:39:1e:
                    4a:ab:5d:1d:fc:d9:3c:a4:c5:c1:09:ee:e0:1f:1a:
                    67:56:9b:70:3c:cf:14:a0:6a:14:ec:cb:7d:0a:59:
                    32:84:61:c4:92:98:e7:b5:04:30:5e:52:13:c9:29:
                    8a:b5:8c:c1:78:1b:ce:a4:e8:d6:b9:94:f8:61:c0:
                    e1:e6:bf:05:56:ef:0b:e6:b9:c3:3d:df:7c:ba:cb:
                    e1:f5:49:4c:e0:7f:b0:3f:d9:7a:b2:05:3f:e1:bf:
                    99:69:a9:70:4b:25:17:b0:18:00:19:70:64:19:2e:
                    d6:c7:8d:5e:5f:a0:b6:60:62:d2:a7:aa:55:e6:96:
                    b9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BD:B5:23:F2:ED:5A:F2:6C:44:90:C5:08:ED:95:E6:21:71:84:4B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b9::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:09:fd:6c:2c:ad:23:40:27:8a:02:d0:70:a2:bb:12:8c:18:
         75:02:31:17:7a:96:4f:e6:df:47:64:ab:bf:48:7f:a0:e8:da:
         29:3e:ec:eb:90:04:38:91:f0:39:66:32:f8:29:e1:bc:3f:1d:
         95:ad:79:19:ce:7a:93:29:d4:36:84:38:f3:98:76:bd:09:f2:
         24:06:b3:37:85:ff:6b:f9:92:36:d3:57:6b:96:b9:72:0e:3a:
         6f:5d:73:a6:12:e2:80:4f:1f:28:20:e1:e7:e1:7c:a9:fa:6c:
         b7:93:d1:07:01:60:4e:9b:5b:10:e4:12:e9:72:a0:7c:fe:89:
         fc:50:6b:df:ce:2c:ca:10:14:c3:d4:7f:6f:ab:60:8f:99:cb:
         a7:66:ca:25:e6:5e:b2:b3:44:38:1d:d6:c1:62:3b:2d:5b:7f:
         10:1b:91:7b:0e:bf:8a:ba:ac:71:70:ce:d2:e3:9b:81:37:57:
         8a:aa:4e:15:a5:05:d2:15:b5:25:b0:96:1b:87:dc:72:29:a7:
         66:b3:17:d3:ed:5c:0e:26:ba:01:89:2d:ec:9f:07:ee:50:dd:
         06:68:e7:9a:51:9c:35:2c:9a:85:48:7f:76:58:d4:e9:14:50:
         f7:2f:29:6d:57:5b:42:89:fd:92:c3:3b:95:97:a2:c4:ef:4b:
         b7:31:1a:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOnv6c2t3hJIF5qmsmUpkZUARqoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzVaFw0yNjA3MjQwODA3MzVaMDMxMTAvBgNV
BAMTKEQxQkRCNTIzRjJFRDVBRjI2QzQ0OTBDNTA4RUQ5NUU2MjE3MTg0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDnDl3zCfIoj7F3jp574G6vZT1
gvfLHGxyBRrW4nswgRm771n4s6nGiTvugHkJnOGcTaJv2tQp7cEOqR4c/zbO5ItO
PiPfcaObuS6tvfxPgBjTqeRZR28BQxQnZ8wnIeIeqK6AxNLCqkRXBARgBSMQ6q65
H+YCGHCtWSAPozsladhQ4w05HkqrXR382TykxcEJ7uAfGmdWm3A8zxSgahTsy30K
WTKEYcSSmOe1BDBeUhPJKYq1jMF4G86k6Na5lPhhwOHmvwVW7wvmucM933y6y+H1
SUzgf7A/2XqyBT/hv5lpqXBLJRewGAAZcGQZLtbHjV5foLZgYtKnqlXmlrl5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU0b21I/LtWvJsRJDFCO2V5iFxhEswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQO5MA0GCSqGSIb3DQEBCwUAA4IBAQAACf1sLK0jQCeKAtBworsSjBh1AjEXepZP
5t9HZKu/SH+g6NopPuzrkAQ4kfA5ZjL4KeG8Px2VrXkZznqTKdQ2hDjzmHa9CfIk
BrM3hf9r+ZI201drlrlyDjpvXXOmEuKATx8oIOHn4Xyp+my3k9EHAWBOm1sQ5BLp
cqB8/on8UGvfzizKEBTD1H9vq2CPmcunZsol5l6ys0Q4HdbBYjstW38QG5F7Dr+K
uqxxcM7S45uBN1eKqk4VpQXSFbUlsJYbh9xyKadmsxfT7VwOJroBiS3snwfuUN0G
aOeaUZw1LJqFSH92WNTpFFD3LyltV1tCif2SwzuVl6LE70u3MRot
-----END CERTIFICATE-----