Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215207.roa
File:                     AS215207.roa (raw, json)
Hash identifier:          I0Xd3oTl+yzVAiAL0g8cOowawJK/MZdLoNif4N9Ec9g=
Subject key identifier:   BE:4F:9C:37:37:75:9A:FE:48:29:14:82:C2:58:9A:EA:05:CC:90:8E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5265D676A195155EE98CB9E037C7B2B289F0E930
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215207.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     215207
IP address blocks:        2a0f:85c1:3aa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 14:26:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:65:d6:76:a1:95:15:5e:e9:8c:b9:e0:37:c7:b2:b2:89:f0:e9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=BE4F9C3737759AFE48291482C2589AEA05CC908E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:52:7a:bf:20:99:5d:af:24:a6:fb:d8:9f:86:
                    ab:d4:fd:66:ef:77:c1:6f:8e:80:88:75:8f:b9:6c:
                    06:b1:67:96:ae:c0:b1:6f:92:76:75:e2:cf:d5:cf:
                    aa:7c:dc:16:ae:1f:3e:87:a9:09:1a:be:9f:b8:d9:
                    08:90:88:6c:fe:c9:35:2c:42:46:9f:88:d3:f7:18:
                    66:85:25:01:ab:60:4c:f5:7f:8d:13:1f:00:1e:a8:
                    3c:7d:39:88:03:72:4c:44:8d:a2:b8:d2:c4:0e:fb:
                    73:e0:e7:fb:26:b2:ad:6e:4e:f0:d9:b4:a3:d5:93:
                    31:a3:ea:a0:35:02:cd:f5:3f:16:f0:9b:db:5e:b6:
                    04:21:01:b5:4f:1f:c2:a1:1b:74:0e:27:b5:6b:da:
                    0b:00:8c:de:c3:e4:b7:17:0e:32:fc:3f:67:49:2d:
                    86:4f:64:55:27:b2:ea:e2:73:c2:f3:f4:15:50:d7:
                    6b:52:ba:f4:80:55:3f:fe:6f:4d:73:a9:1c:e8:f0:
                    95:60:ab:8d:c4:f5:90:95:ae:46:dd:15:38:ea:0a:
                    37:31:28:d0:a9:77:37:ff:5f:02:52:a9:bc:9f:3a:
                    18:fc:83:9e:1a:96:97:f4:6f:05:87:b9:64:22:af:
                    0a:01:2c:f7:06:7a:7b:9a:1c:d1:71:50:d9:9d:4b:
                    07:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4F:9C:37:37:75:9A:FE:48:29:14:82:C2:58:9A:EA:05:CC:90:8E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215207.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3aa::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:f2:71:ba:9a:4b:d9:42:70:a0:0b:d1:1e:c1:e3:4d:bc:65:
         5a:1e:15:d2:0b:84:0b:2a:32:1a:d9:31:d7:72:63:16:36:4c:
         e1:fb:ae:38:0b:bd:d4:1b:8f:ff:2f:a0:82:59:c5:75:90:2a:
         a3:a1:ba:3d:51:70:12:5c:73:40:69:a3:cc:c0:8e:7a:8f:e9:
         92:dd:7b:0d:f0:61:17:41:04:3d:fd:16:88:6a:b9:54:0c:42:
         c9:0b:0e:96:72:a7:ab:4c:75:ae:6b:cd:22:82:5b:1f:a4:8e:
         a4:64:b9:00:87:2b:fa:7f:a5:9f:eb:89:e4:b3:e8:a6:4c:69:
         6d:1a:98:f9:3a:05:e0:fe:b4:3d:d8:8c:15:de:c5:5c:17:fc:
         a9:27:be:a9:0b:df:e0:ab:93:ce:2c:8d:99:c4:88:b8:7d:a9:
         de:a9:7d:d9:e9:dd:04:32:1f:3a:ca:60:f7:7e:14:8d:e2:b6:
         6e:70:44:22:7e:4e:6e:db:07:aa:28:e9:f3:89:2b:97:d8:1a:
         e0:df:23:ed:a4:47:08:32:e2:83:e7:e4:82:4c:ec:f8:7e:9a:
         cf:6b:47:5c:dc:47:2d:3a:78:2e:5c:8f:c2:63:16:34:06:f9:
         22:c1:d6:10:25:84:07:3c:1c:81:68:90:b1:13:fd:9a:1a:1c:
         a2:76:28:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUmXWdqGVFV7pjLngN8eysonw6TAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKEJFNEY5QzM3Mzc3NTlBRkU0ODI5MTQ4MkMyNTg5QUVBMDVDQzkwOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Unq/IJldrySm+9ifhqvU/Wbv
d8FvjoCIdY+5bAaxZ5auwLFvknZ14s/Vz6p83BauHz6HqQkavp+42QiQiGz+yTUs
QkafiNP3GGaFJQGrYEz1f40THwAeqDx9OYgDckxEjaK40sQO+3Pg5/smsq1uTvDZ
tKPVkzGj6qA1As31Pxbwm9tetgQhAbVPH8KhG3QOJ7Vr2gsAjN7D5LcXDjL8P2dJ
LYZPZFUnsuric8Lz9BVQ12tSuvSAVT/+b01zqRzo8JVgq43E9ZCVrkbdFTjqCjcx
KNCpdzf/XwJSqbyfOhj8g54alpf0bwWHuWQirwoBLPcGenuaHNFxUNmdSweTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvk+cNzd1mv5IKRSCwlia6gXMkI4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOqMA0GCSqGSIb3DQEBCwUAA4IBAQBW8nG6mkvZQnCgC9EeweNNvGVaHhXSC4QL
KjIa2THXcmMWNkzh+644C73UG4//L6CCWcV1kCqjobo9UXASXHNAaaPMwI56j+mS
3XsN8GEXQQQ9/RaIarlUDELJCw6WcqerTHWua80iglsfpI6kZLkAhyv6f6Wf64nk
s+imTGltGpj5OgXg/rQ92IwV3sVcF/ypJ76pC9/gq5POLI2ZxIi4faneqX3Z6d0E
Mh86ymD3fhSN4rZucEQifk5u2weqKOnziSuX2Brg3yPtpEcIMuKD5+SCTOz4fprP
a0dc3EctOnguXI/CYxY0BvkiwdYQJYQHPByBaJCxE/2aGhyidii5
-----END CERTIFICATE-----