Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215154.roa
File:                     AS215154.roa (raw, json)
Hash identifier:          J+y+ogDrxx/3FPtV+/0D9B4vP3zCuhyggLUPS7zg6Xo=
Subject key identifier:   6A:86:23:27:4E:07:2A:DD:D1:66:BE:4E:AA:7A:56:29:EA:ED:FF:AA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0EDC572CA8F4E045B579804986FEFF1B3C478BAA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215154.roa
Signing time:             Fri 25 Jul 2025 08:07:35 +0000
ROA not before:           Fri 25 Jul 2025 08:02:35 +0000
ROA not after:            Fri 24 Jul 2026 08:07:35 +0000
asID:                     215154
IP address blocks:        2a0f:85c1:3b1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:dc:57:2c:a8:f4:e0:45:b5:79:80:49:86:fe:ff:1b:3c:47:8b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:35 2025 GMT
            Not After : Jul 24 08:07:35 2026 GMT
        Subject: CN=6A8623274E072ADDD166BE4EAA7A5629EAEDFFAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:32:21:84:9a:ef:59:3f:6a:4b:7e:03:c4:4e:
                    70:8a:bb:92:eb:5a:9a:e1:f9:a7:b6:fd:af:f2:96:
                    f3:5a:66:d8:f2:86:27:f4:d4:ca:19:55:20:67:84:
                    a7:66:10:e3:29:60:6e:8c:ed:8e:9e:1f:8a:9e:10:
                    3f:24:8b:dd:f7:09:d5:fc:37:e8:ce:74:a8:aa:de:
                    90:5e:2c:62:a3:9a:1a:b8:2c:8e:0c:41:5e:6b:6c:
                    95:dc:16:00:39:34:f5:4f:4f:ad:78:aa:4f:f8:bb:
                    e8:df:a3:90:25:47:85:c4:11:d4:71:f8:44:64:8a:
                    9d:68:e0:cf:3d:e6:1e:ea:d5:10:2f:d8:82:09:2a:
                    40:2c:31:6b:ff:9c:2e:b9:47:0f:ae:cf:6c:de:70:
                    07:3e:cc:3d:f4:4e:95:e8:98:5e:bf:d5:72:ae:25:
                    41:c7:67:bf:af:56:c4:cd:12:e1:d5:f1:94:d3:2f:
                    26:49:a4:67:03:8d:65:61:93:ae:2d:fd:73:68:93:
                    85:1e:2f:af:a0:94:ab:63:af:da:09:8b:e2:4b:50:
                    71:ba:6b:a2:db:b5:81:27:0f:a9:d8:e0:d6:c6:ec:
                    01:dd:0f:11:f5:8e:44:7d:6d:bd:fd:81:21:3b:2a:
                    38:5b:7d:75:4b:54:cf:ff:1f:a5:64:f7:5e:e6:66:
                    d1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:86:23:27:4E:07:2A:DD:D1:66:BE:4E:AA:7A:56:29:EA:ED:FF:AA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b1::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:2b:93:b5:18:3f:fe:de:fb:e0:a7:02:a3:a6:47:42:c6:94:
         86:bf:f2:c1:60:9e:0e:d0:be:b6:77:de:bc:e9:0b:d4:8f:51:
         e1:c8:de:5a:c5:59:7a:c2:5f:09:46:6f:81:fd:a0:52:22:be:
         be:f3:4f:31:8a:9d:10:42:3f:87:8f:ba:96:67:a9:12:86:aa:
         be:1f:26:38:c0:93:d2:e1:17:77:d6:24:15:78:bd:9d:a7:d7:
         46:ca:4c:21:58:d9:7d:41:48:6f:a3:12:86:99:63:27:1d:c2:
         f5:85:ea:80:ed:4b:62:42:fb:5e:09:47:52:71:a0:f0:b6:d2:
         a7:75:61:16:fb:be:45:fc:68:f2:35:7e:9b:df:39:f8:f4:6b:
         cc:2d:dc:89:a1:28:35:3f:36:71:9a:6d:ff:1e:c7:a9:2a:41:
         7f:a2:8c:f4:df:10:d4:72:19:10:60:01:a5:9e:64:bf:5a:3a:
         36:66:77:7e:34:31:cf:8e:a3:7d:08:81:e7:62:90:d5:92:80:
         d3:46:66:72:d6:f7:99:53:4d:90:3a:f0:09:d3:b7:53:ea:16:
         d7:78:95:e8:53:56:54:f0:4c:15:3f:9a:0a:f5:d3:d3:c4:97:
         b3:a3:d6:5b:a5:a1:50:aa:54:0a:83:0e:4d:3d:c2:2e:8f:ec:
         1b:9b:7b:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDtxXLKj04EW1eYBJhv7/GzxHi6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzVaFw0yNjA3MjQwODA3MzVaMDMxMTAvBgNV
BAMTKDZBODYyMzI3NEUwNzJBREREMTY2QkU0RUFBN0E1NjI5RUFFREZGQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiMiGEmu9ZP2pLfgPETnCKu5Lr
Wprh+ae2/a/ylvNaZtjyhif01MoZVSBnhKdmEOMpYG6M7Y6eH4qeED8ki933CdX8
N+jOdKiq3pBeLGKjmhq4LI4MQV5rbJXcFgA5NPVPT614qk/4u+jfo5AlR4XEEdRx
+ERkip1o4M895h7q1RAv2IIJKkAsMWv/nC65Rw+uz2zecAc+zD30TpXomF6/1XKu
JUHHZ7+vVsTNEuHV8ZTTLyZJpGcDjWVhk64t/XNok4UeL6+glKtjr9oJi+JLUHG6
a6LbtYEnD6nY4NbG7AHdDxH1jkR9bb39gSE7KjhbfXVLVM//H6Vk917mZtHBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaoYjJ04HKt3RZr5OqnpWKert/6owHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOxMA0GCSqGSIb3DQEBCwUAA4IBAQAtK5O1GD/+3vvgpwKjpkdCxpSGv/LBYJ4O
0L62d9686QvUj1HhyN5axVl6wl8JRm+B/aBSIr6+808xip0QQj+Hj7qWZ6kShqq+
HyY4wJPS4Rd31iQVeL2dp9dGykwhWNl9QUhvoxKGmWMnHcL1heqA7UtiQvteCUdS
caDwttKndWEW+75F/GjyNX6b3zn49GvMLdyJoSg1PzZxmm3/HsepKkF/ooz03xDU
chkQYAGlnmS/Wjo2Znd+NDHPjqN9CIHnYpDVkoDTRmZy1veZU02QOvAJ07dT6hbX
eJXoU1ZU8EwVP5oK9dPTxJezo9ZbpaFQqlQKgw5NPcIuj+wbm3ui
-----END CERTIFICATE-----