Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa
File:                     AS215255.roa (raw, json)
Hash identifier:          lFoKnkxemz4fcO1cvrnWj30pLEYhoxznv/vbIjEsFUo=
Subject key identifier:   DD:2E:B6:C4:73:33:BC:72:3A:97:28:5E:9B:B3:35:B9:52:D0:2B:0A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0865BC5FF2547A8BD0FD60336AA74F4E21748394
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa
Signing time:             Fri 25 Jul 2025 08:07:37 +0000
ROA not before:           Fri 25 Jul 2025 08:02:37 +0000
ROA not after:            Fri 24 Jul 2026 08:07:37 +0000
asID:                     215255
IP address blocks:        2a0f:85c1:39f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:65:bc:5f:f2:54:7a:8b:d0:fd:60:33:6a:a7:4f:4e:21:74:83:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:37 2025 GMT
            Not After : Jul 24 08:07:37 2026 GMT
        Subject: CN=DD2EB6C47333BC723A97285E9BB335B952D02B0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ba:b0:cb:1f:14:a5:8f:f7:31:12:b4:07:33:
                    c4:fc:60:b0:57:1c:2b:c8:79:6c:ae:ef:31:a2:44:
                    dc:98:0e:5e:a6:05:65:cb:36:e5:92:49:d1:0c:95:
                    e3:b6:19:50:d3:b8:04:2b:64:f0:c4:49:1a:06:ab:
                    7a:ea:72:b4:e1:30:88:e6:28:87:8d:9d:35:4c:f5:
                    ad:40:58:19:c5:4b:8d:a6:e7:45:04:21:a3:6a:e7:
                    91:42:38:d5:d0:3b:49:56:52:32:74:ce:e3:2b:8b:
                    c0:88:44:7a:97:f9:14:00:13:e9:38:d4:c3:07:29:
                    29:3b:62:30:fe:d1:d2:3d:e6:cf:8f:fd:21:4b:9b:
                    6b:c3:ff:d8:a5:f5:e4:f2:90:a6:d6:9b:8f:c3:32:
                    23:39:33:85:23:cb:24:83:f5:70:c2:08:a3:d5:3a:
                    0a:48:93:34:3b:46:3d:65:7a:3b:b8:fc:d6:6b:fc:
                    52:ac:1e:81:1c:21:aa:38:e4:c2:e7:2d:af:14:69:
                    fb:87:eb:fb:45:50:b1:96:0b:d7:f1:f2:eb:8e:dd:
                    eb:f5:f7:71:b6:4b:35:bc:c9:57:e8:10:64:5c:21:
                    94:1e:47:b0:c4:ef:8d:67:77:2c:04:86:cc:49:fd:
                    f2:37:12:ae:66:5b:3b:00:6c:3c:5c:49:11:93:c7:
                    db:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2E:B6:C4:73:33:BC:72:3A:97:28:5E:9B:B3:35:B9:52:D0:2B:0A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215255.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39f::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:dc:01:1a:53:5a:07:f1:38:d4:ba:df:0b:80:2e:84:a7:46:
         74:f5:e5:aa:15:4d:e4:d5:d7:bf:b0:ae:63:23:6f:e1:f6:2d:
         58:51:74:ef:46:a1:35:7e:dc:65:85:10:b6:b9:6a:f3:93:ac:
         06:4a:e1:79:46:5e:0e:b6:11:e6:67:94:b5:b8:d3:c0:df:71:
         23:8b:f1:fd:aa:6a:23:a8:6c:8b:98:55:23:7f:33:a2:3c:3d:
         a3:d0:9b:58:cd:f2:26:68:82:a3:07:3e:7d:ef:13:fe:86:4b:
         26:6c:68:d5:57:21:cc:39:d5:83:31:ad:ef:c5:98:00:fa:d8:
         c2:bd:b3:d9:93:d2:5b:a1:4b:73:50:a4:17:d9:94:6c:5b:97:
         8b:10:f5:20:73:77:a6:8b:3b:35:0d:41:52:7b:8e:b2:b3:a4:
         e9:e3:c4:9c:15:18:90:6b:91:5d:ce:72:93:71:d5:39:34:e1:
         81:a3:57:ac:67:32:6c:c7:83:32:55:bf:53:67:b2:08:23:ee:
         fd:10:78:0d:58:8c:37:bf:2b:21:3f:51:d4:73:e3:cb:1f:7d:
         6b:52:f6:a0:e0:72:ac:21:6a:34:77:fb:57:64:f3:c0:a2:0a:
         88:36:e8:d9:3e:49:7c:c4:15:34:69:e9:f3:d1:12:3e:94:09:
         6a:fd:b5:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCGW8X/JUeovQ/WAzaqdPTiF0g5QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzdaFw0yNjA3MjQwODA3MzdaMDMxMTAvBgNV
BAMTKEREMkVCNkM0NzMzM0JDNzIzQTk3Mjg1RTlCQjMzNUI5NTJEMDJCMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuurDLHxSlj/cxErQHM8T8YLBX
HCvIeWyu7zGiRNyYDl6mBWXLNuWSSdEMleO2GVDTuAQrZPDESRoGq3rqcrThMIjm
KIeNnTVM9a1AWBnFS42m50UEIaNq55FCONXQO0lWUjJ0zuMri8CIRHqX+RQAE+k4
1MMHKSk7YjD+0dI95s+P/SFLm2vD/9il9eTykKbWm4/DMiM5M4UjyySD9XDCCKPV
OgpIkzQ7Rj1leju4/NZr/FKsHoEcIao45MLnLa8UafuH6/tFULGWC9fx8uuO3ev1
93G2SzW8yVfoEGRcIZQeR7DE741ndywEhsxJ/fI3Eq5mWzsAbDxcSRGTx9vzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3S62xHMzvHI6lyhem7M1uVLQKwowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOfMA0GCSqGSIb3DQEBCwUAA4IBAQCn3AEaU1oH8TjUut8LgC6Ep0Z09eWqFU3k
1de/sK5jI2/h9i1YUXTvRqE1ftxlhRC2uWrzk6wGSuF5Rl4OthHmZ5S1uNPA33Ej
i/H9qmojqGyLmFUjfzOiPD2j0JtYzfImaIKjBz597xP+hksmbGjVVyHMOdWDMa3v
xZgA+tjCvbPZk9JboUtzUKQX2ZRsW5eLEPUgc3emizs1DUFSe46ys6Tp48ScFRiQ
a5FdznKTcdU5NOGBo1esZzJsx4MyVb9TZ7III+79EHgNWIw3vyshP1HUc+PLH31r
Uvag4HKsIWo0d/tXZPPAogqINujZPkl8xBU0aenz0RI+lAlq/bX/
-----END CERTIFICATE-----