Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215171.roa
File:                     AS215171.roa (raw, json)
Hash identifier:          sA9lXINiu8J7U6+mKcc07/T3yC97oSrWxSsxZxsRO1g=
Subject key identifier:   55:4B:56:58:8C:C1:E4:4B:C7:BF:BC:13:20:08:A6:52:51:4F:93:C0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       326DF735C7C73CE08D5DCB3CC992992C73DCFDCA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215171.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     215171
IP address blocks:        2a0f:85c1:3ae::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:6d:f7:35:c7:c7:3c:e0:8d:5d:cb:3c:c9:92:99:2c:73:dc:fd:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=554B56588CC1E44BC7BFBC132008A652514F93C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c5:f2:54:e4:30:7b:c1:26:49:11:59:d6:32:
                    72:d5:3a:e5:93:62:7c:df:65:36:47:a0:e8:5b:0d:
                    42:69:53:1a:7d:60:5b:22:ba:ab:db:08:21:2a:cd:
                    0b:58:58:d1:e0:a0:df:13:79:a6:98:99:f5:9d:c4:
                    36:79:29:2b:13:13:d0:54:48:39:7e:ca:ec:d3:c2:
                    a1:64:3a:f4:c5:58:d0:ba:c0:f4:94:00:3e:3d:a5:
                    33:93:43:07:cc:64:dd:e6:ca:7e:ab:79:81:ab:5a:
                    58:09:78:57:30:19:19:f7:15:16:32:7e:64:54:70:
                    77:ae:84:ab:e0:ee:d2:c1:80:e1:aa:5e:3b:17:ff:
                    60:08:9a:0a:b0:ab:9d:af:fd:b2:7a:f0:14:80:23:
                    6b:12:e4:76:20:04:96:68:03:21:ea:e4:33:6a:17:
                    d5:f1:43:c1:00:be:e7:88:5b:fa:c2:9d:2f:16:ab:
                    e1:83:57:68:8c:16:aa:5c:a9:d9:7d:18:4e:eb:8c:
                    02:19:7c:fe:42:06:20:41:06:2e:2f:42:b7:3e:c1:
                    2b:41:84:3a:8b:c7:d6:75:eb:26:e1:78:85:48:6a:
                    43:2a:0e:59:d6:19:a7:ab:20:8d:a5:c7:d3:86:9d:
                    ba:ad:ea:3c:93:74:d7:6a:cd:7d:bd:ac:70:09:b7:
                    3b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:4B:56:58:8C:C1:E4:4B:C7:BF:BC:13:20:08:A6:52:51:4F:93:C0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ae::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:43:55:64:17:60:d1:f5:0d:39:2c:3a:d1:31:f5:85:5e:a8:
         19:72:2b:1a:dd:1c:7a:6c:e8:46:51:01:f3:11:69:82:bd:14:
         f8:e1:85:ab:de:30:20:b4:8a:91:96:85:a3:c7:86:08:50:39:
         14:90:8d:f5:63:94:27:c4:df:b5:3b:e0:8e:44:f8:de:27:89:
         4b:be:bd:9d:2c:a7:8b:7e:85:e1:b6:37:75:40:c2:4c:17:38:
         9c:ac:c5:cb:7d:cf:57:cb:a9:dc:eb:5e:ca:a5:8a:b2:3c:94:
         8a:6c:d2:9e:59:db:fb:6a:7e:d4:05:c6:00:4e:9b:a3:f9:3a:
         be:42:71:c9:dc:76:ec:0a:d2:b4:fa:a3:50:d5:8a:d1:86:96:
         97:ba:ea:0e:06:09:44:1d:b1:c4:d3:d4:bc:33:21:78:51:b4:
         42:57:29:c5:30:90:0b:8c:d5:e0:a4:1b:a1:e0:ba:f6:55:49:
         94:2c:80:de:95:4e:a1:da:5e:bb:7a:9f:4c:13:9d:27:c0:d3:
         8d:47:f3:59:52:df:d5:9e:c1:50:3d:19:59:87:89:97:f3:23:
         d9:87:e1:3d:54:fe:e3:3a:08:4b:51:ed:29:02:a3:55:cb:e8:
         7f:b1:41:0e:e7:cd:d1:9a:a9:68:24:1f:75:b9:a9:8e:e0:85:
         7f:11:55:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMm33NcfHPOCNXcs8yZKZLHPc/cowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKDU1NEI1NjU4OENDMUU0NEJDN0JGQkMxMzIwMDhBNjUyNTE0RjkzQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClxfJU5DB7wSZJEVnWMnLVOuWT
YnzfZTZHoOhbDUJpUxp9YFsiuqvbCCEqzQtYWNHgoN8TeaaYmfWdxDZ5KSsTE9BU
SDl+yuzTwqFkOvTFWNC6wPSUAD49pTOTQwfMZN3myn6reYGrWlgJeFcwGRn3FRYy
fmRUcHeuhKvg7tLBgOGqXjsX/2AImgqwq52v/bJ68BSAI2sS5HYgBJZoAyHq5DNq
F9XxQ8EAvueIW/rCnS8Wq+GDV2iMFqpcqdl9GE7rjAIZfP5CBiBBBi4vQrc+wStB
hDqLx9Z16ybheIVIakMqDlnWGaerII2lx9OGnbqt6jyTdNdqzX29rHAJtzthAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVUtWWIzB5EvHv7wTIAimUlFPk8AwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOuMA0GCSqGSIb3DQEBCwUAA4IBAQCPQ1VkF2DR9Q05LDrRMfWFXqgZcisa3Rx6
bOhGUQHzEWmCvRT44YWr3jAgtIqRloWjx4YIUDkUkI31Y5QnxN+1O+CORPjeJ4lL
vr2dLKeLfoXhtjd1QMJMFzicrMXLfc9Xy6nc617KpYqyPJSKbNKeWdv7an7UBcYA
Tpuj+Tq+QnHJ3HbsCtK0+qNQ1YrRhpaXuuoOBglEHbHE09S8MyF4UbRCVynFMJAL
jNXgpBuh4Lr2VUmULIDelU6h2l67ep9ME50nwNONR/NZUt/VnsFQPRlZh4mX8yPZ
h+E9VP7jOghLUe0pAqNVy+h/sUEO583RmqloJB91uamO4IV/EVW7
-----END CERTIFICATE-----