Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa
File:                     AS215368.roa (raw, json)
Hash identifier:          bZkh2U9GDSB/GPCCCyEVK5m6R6c5wKZ6KfHIHOFUdrY=
Subject key identifier:   38:79:73:8E:09:AE:B8:7F:8A:22:D1:BB:A8:B4:1D:C7:83:AB:80:A7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       32C6ADE35583CB9327B60F91FBD32ABDC467A3D8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa
Signing time:             Fri 25 Jul 2025 08:07:45 +0000
ROA not before:           Fri 25 Jul 2025 08:02:45 +0000
ROA not after:            Fri 24 Jul 2026 08:07:45 +0000
asID:                     215368
IP address blocks:        2a0f:85c1:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:c6:ad:e3:55:83:cb:93:27:b6:0f:91:fb:d3:2a:bd:c4:67:a3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:45 2025 GMT
            Not After : Jul 24 08:07:45 2026 GMT
        Subject: CN=3879738E09AEB87F8A22D1BBA8B41DC783AB80A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:28:d7:df:e8:0c:5f:e8:c7:17:7e:55:e7:79:
                    64:c5:61:a5:40:f3:2b:4b:7b:d8:eb:99:6b:93:af:
                    eb:99:11:d8:e4:16:d1:9c:9f:76:b8:d8:b9:df:ad:
                    91:e5:f8:d9:1b:b2:2e:7a:14:cc:c8:a4:b5:0b:53:
                    a6:90:2c:d3:57:6a:f6:b7:fd:a9:9c:af:6f:c2:65:
                    27:6c:b6:11:4f:f7:5a:d8:5c:a3:dc:7f:03:ba:ae:
                    46:18:fe:58:ea:ed:74:7e:6f:74:c1:d8:46:f3:5c:
                    20:db:19:9b:28:7a:05:3d:63:91:4c:99:8a:23:28:
                    62:04:7c:e1:f2:21:69:60:f0:28:1f:a2:ba:6c:e7:
                    24:50:51:85:e3:35:71:d5:e5:43:4f:b6:32:67:01:
                    a2:e3:ee:d6:f8:56:7a:f5:dd:5c:ea:37:ab:a5:fc:
                    85:5c:0a:1e:19:dd:3b:da:00:71:59:1e:d1:b7:ed:
                    5a:52:8b:fd:47:bb:c7:c6:45:c9:0d:a7:ba:36:cc:
                    0a:c9:bf:2b:79:59:72:ad:28:bc:0a:7e:b8:a4:71:
                    ec:8a:43:17:8d:78:50:b6:8d:ee:cd:d4:38:89:ff:
                    95:b1:5f:31:65:0f:0e:ab:71:1b:35:6f:e8:73:02:
                    9e:02:18:84:b1:78:15:93:eb:22:21:18:87:1b:06:
                    40:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:79:73:8E:09:AE:B8:7F:8A:22:D1:BB:A8:B4:1D:C7:83:AB:80:A7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:21:20:36:b5:f7:5c:eb:a9:15:35:4e:3d:01:81:2f:3e:b5:
         b4:b4:4b:ca:42:09:23:4e:42:03:cb:7c:29:16:28:98:f8:1c:
         7a:24:5b:7c:00:cd:b3:c1:a6:a7:c9:f6:ae:a1:90:64:e8:d4:
         71:44:e1:fb:9e:f4:7b:6c:cf:e7:40:d0:fb:56:86:ae:fc:02:
         55:74:08:ad:01:c6:83:07:65:46:c9:9d:5f:84:00:09:23:be:
         e4:b7:43:c6:0e:3d:13:4e:df:a9:cd:27:87:bd:64:5e:3f:64:
         eb:46:ab:a0:74:e8:69:59:6a:56:b7:e6:ed:5e:0c:d3:d9:23:
         73:c6:ac:a0:04:e3:47:d7:d1:fd:b8:41:d9:b5:44:56:5b:2e:
         0e:54:c0:60:ea:72:3e:0e:50:61:95:97:75:9a:50:6c:7f:95:
         85:a4:f2:2f:75:53:12:92:ca:f1:3c:21:30:53:14:03:49:00:
         b5:10:3c:4b:58:b9:c6:f1:22:a6:aa:a6:7f:46:d0:5b:e1:8b:
         76:20:84:b8:b0:e6:c9:15:d3:2b:9f:71:16:44:e8:f1:1f:0e:
         16:51:3b:e3:c4:ec:59:e0:a3:b1:38:b2:d2:6e:21:0e:fc:52:
         88:17:15:e2:ed:3d:d2:8e:15:aa:87:69:da:e6:46:6d:b7:cf:
         e3:9b:14:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMsat41WDy5Mntg+R+9MqvcRno9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDVaFw0yNjA3MjQwODA3NDVaMDMxMTAvBgNV
BAMTKDM4Nzk3MzhFMDlBRUI4N0Y4QTIyRDFCQkE4QjQxREM3ODNBQjgwQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+KNff6Axf6McXflXneWTFYaVA
8ytLe9jrmWuTr+uZEdjkFtGcn3a42LnfrZHl+Nkbsi56FMzIpLULU6aQLNNXava3
/amcr2/CZSdsthFP91rYXKPcfwO6rkYY/ljq7XR+b3TB2EbzXCDbGZsoegU9Y5FM
mYojKGIEfOHyIWlg8Cgforps5yRQUYXjNXHV5UNPtjJnAaLj7tb4Vnr13VzqN6ul
/IVcCh4Z3TvaAHFZHtG37VpSi/1Hu8fGRckNp7o2zArJvyt5WXKtKLwKfrikceyK
QxeNeFC2je7N1DiJ/5WxXzFlDw6rcRs1b+hzAp4CGISxeBWT6yIhGIcbBkAlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOHlzjgmuuH+KItG7qLQdx4OrgKcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQABMA0GCSqGSIb3DQEBCwUAA4IBAQB3ISA2tfdc66kVNU49AYEvPrW0tEvKQgkj
TkIDy3wpFiiY+Bx6JFt8AM2zwaanyfauoZBk6NRxROH7nvR7bM/nQND7Voau/AJV
dAitAcaDB2VGyZ1fhAAJI77kt0PGDj0TTt+pzSeHvWReP2TrRqugdOhpWWpWt+bt
XgzT2SNzxqygBONH19H9uEHZtURWWy4OVMBg6nI+DlBhlZd1mlBsf5WFpPIvdVMS
ksrxPCEwUxQDSQC1EDxLWLnG8SKmqqZ/RtBb4Yt2IIS4sObJFdMrn3EWROjxHw4W
UTvjxOxZ4KOxOLLSbiEO/FKIFxXi7T3SjhWqh2na5kZtt8/jmxRc
-----END CERTIFICATE-----