Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa
File:                     AS215382.roa (raw, json)
Hash identifier:          Bsu/0+nQQl1wx0LlNsSUF50qaPiYBWYtOOABGgU9u/g=
Subject key identifier:   08:2D:37:BD:47:51:D9:6C:34:1D:71:53:6D:79:BE:42:67:C0:B1:3C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       63D8EFAA5312FFCCCE532B037E0DAA45715103BA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa
Signing time:             Fri 25 Jul 2025 08:07:42 +0000
ROA not before:           Fri 25 Jul 2025 08:02:42 +0000
ROA not after:            Fri 24 Jul 2026 08:07:42 +0000
asID:                     215382
IP address blocks:        2a0f:85c1:395::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d8:ef:aa:53:12:ff:cc:ce:53:2b:03:7e:0d:aa:45:71:51:03:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:42 2025 GMT
            Not After : Jul 24 08:07:42 2026 GMT
        Subject: CN=082D37BD4751D96C341D71536D79BE4267C0B13C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:00:ed:fe:47:de:81:07:30:60:83:8d:9e:aa:
                    f3:c4:a1:af:1d:c7:5e:e2:31:f8:cd:6d:06:99:ea:
                    e2:31:0c:f4:02:2a:64:db:b9:72:ab:dd:b8:a9:29:
                    38:90:27:bc:22:fd:7b:84:8f:c2:2c:34:59:8c:78:
                    86:9d:af:ec:48:c6:e9:25:b0:8c:f7:3b:ed:09:5b:
                    8e:f4:0a:82:7f:b9:5b:07:32:bf:f1:19:bf:4d:fe:
                    5c:85:28:d4:bb:2a:5f:23:35:c9:ec:3c:b1:d8:f4:
                    8b:70:3d:d4:d9:b9:90:65:e7:cb:06:19:ad:8d:6d:
                    fe:68:ee:19:04:97:9b:8a:92:cf:bb:e7:41:d1:41:
                    42:25:06:03:86:79:e4:f3:44:aa:f3:8f:0a:25:25:
                    77:04:e3:58:bb:75:fa:bd:db:42:4e:53:74:70:63:
                    07:2d:d4:b1:00:5b:97:ec:c0:d7:c5:e0:3b:d8:41:
                    50:aa:d3:4b:12:c6:11:2a:ae:7c:5c:25:8d:96:dc:
                    f8:8b:b6:02:f6:37:68:38:7d:2e:91:e9:f8:46:26:
                    13:26:e0:73:f9:fd:0e:60:09:03:04:54:f9:32:ae:
                    85:45:aa:a4:59:94:99:42:32:a6:32:4f:79:85:fc:
                    8f:c4:aa:78:ee:71:4b:72:64:1c:c0:f6:99:92:85:
                    76:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2D:37:BD:47:51:D9:6C:34:1D:71:53:6D:79:BE:42:67:C0:B1:3C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215382.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:395::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:7f:fd:7b:d2:be:f7:76:2c:19:29:3b:ef:8f:57:2f:79:70:
         2f:5a:76:29:6d:28:71:28:f1:3e:7c:d2:51:e7:9f:55:ee:7f:
         df:24:af:6c:cc:22:2f:7c:43:c0:2a:8b:1b:e7:5c:f6:aa:5e:
         01:ba:89:66:8a:d4:5d:43:50:2a:8a:ba:7c:f3:89:50:83:9e:
         14:80:94:61:a4:0c:f3:cc:68:f5:c2:6c:63:87:90:9c:e1:a6:
         da:d3:eb:46:bc:bd:7d:8e:76:bd:f9:76:2b:ce:0d:08:49:80:
         45:86:e5:d0:99:10:87:e4:29:0f:78:0c:68:4c:fa:3a:11:20:
         84:c3:b0:22:d1:48:70:a3:15:0b:15:da:f2:a5:48:d8:53:18:
         48:02:ae:ab:62:37:f4:6e:14:ab:23:74:1c:10:5b:d6:71:89:
         25:69:88:18:e6:37:08:5d:5b:e4:87:63:bd:a6:28:59:39:58:
         36:e4:03:56:e2:50:2f:83:25:5d:82:ae:d1:5f:85:20:0d:30:
         d2:10:f7:5b:b2:94:fd:a7:6a:32:fd:36:a1:10:f8:22:2e:c8:
         15:f9:52:86:2d:97:11:b3:92:55:76:0a:56:9e:05:9f:1b:bc:
         06:8b:50:c6:19:8e:53:5d:65:be:13:67:55:f0:08:1b:51:cb:
         4c:b7:81:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUY9jvqlMS/8zOUysDfg2qRXFRA7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDJaFw0yNjA3MjQwODA3NDJaMDMxMTAvBgNV
BAMTKDA4MkQzN0JENDc1MUQ5NkMzNDFENzE1MzZENzlCRTQyNjdDMEIxM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkAO3+R96BBzBgg42eqvPEoa8d
x17iMfjNbQaZ6uIxDPQCKmTbuXKr3bipKTiQJ7wi/XuEj8IsNFmMeIadr+xIxukl
sIz3O+0JW470CoJ/uVsHMr/xGb9N/lyFKNS7Kl8jNcnsPLHY9ItwPdTZuZBl58sG
Ga2Nbf5o7hkEl5uKks+750HRQUIlBgOGeeTzRKrzjwolJXcE41i7dfq920JOU3Rw
Ywct1LEAW5fswNfF4DvYQVCq00sSxhEqrnxcJY2W3PiLtgL2N2g4fS6R6fhGJhMm
4HP5/Q5gCQMEVPkyroVFqqRZlJlCMqYyT3mF/I/EqnjucUtyZBzA9pmShXavAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCC03vUdR2Ww0HXFTbXm+QmfAsTwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MzgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOVMA0GCSqGSIb3DQEBCwUAA4IBAQARf/170r73diwZKTvvj1cveXAvWnYpbShx
KPE+fNJR559V7n/fJK9szCIvfEPAKosb51z2ql4BuolmitRdQ1Aqirp884lQg54U
gJRhpAzzzGj1wmxjh5Cc4aba0+tGvL19jna9+XYrzg0ISYBFhuXQmRCH5CkPeAxo
TPo6ESCEw7Ai0UhwoxULFdrypUjYUxhIAq6rYjf0bhSrI3QcEFvWcYklaYgY5jcI
XVvkh2O9pihZOVg25ANW4lAvgyVdgq7RX4UgDTDSEPdbspT9p2oy/TahEPgiLsgV
+VKGLZcRs5JVdgpWngWfG7wGi1DGGY5TXWW+E2dV8AgbUctMt4Fd
-----END CERTIFICATE-----