Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215532.roa
File:                     AS215532.roa (raw, json)
Hash identifier:          Ru4lgDUKyX4//+cl+ZqY+REYNNqOKjjlSrDYJsYvcDo=
Subject key identifier:   8D:46:82:04:63:19:17:B1:09:08:52:18:34:18:86:24:0B:83:C4:C2
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3A6170BABC8FFEB372398EFE2AC97FEB82328AC1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215532.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     215532
IP address blocks:        2a0f:85c1:36d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:61:70:ba:bc:8f:fe:b3:72:39:8e:fe:2a:c9:7f:eb:82:32:8a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=8D468204631917B109085218341886240B83C4C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5d:b2:2c:1b:c1:4c:3f:80:4d:08:2d:5a:80:
                    80:74:8a:32:23:9c:fa:1f:f0:52:f8:55:e7:f5:c3:
                    c8:94:bf:cf:1d:69:a3:e1:7e:17:aa:44:9b:ff:0e:
                    40:85:02:b6:fb:ba:e6:40:f7:e6:6a:30:67:70:2b:
                    08:2d:38:96:07:6d:e7:4e:6a:41:91:58:63:5c:02:
                    15:dd:c7:db:d9:79:b4:62:19:7b:7c:a4:d4:9f:1e:
                    34:d0:1f:8a:c9:78:02:43:fd:1d:a1:f4:eb:56:8a:
                    8d:a7:be:b7:a1:96:b4:ca:10:e7:78:c0:f0:2b:8a:
                    b1:99:25:01:ed:ec:67:c4:f6:8c:b8:d9:a6:ff:14:
                    99:fa:37:9c:bb:b6:04:a5:9c:2a:8a:41:5a:3a:54:
                    0c:c3:ea:89:52:ca:f9:cf:f9:b2:60:c5:b3:6a:62:
                    5a:79:81:8b:31:dd:dc:e9:99:74:70:db:38:4c:96:
                    e8:7a:3c:59:b2:91:9d:d8:ff:99:93:d4:9e:90:89:
                    e4:1e:dd:4a:54:d9:3d:15:98:ad:47:e9:33:d3:ae:
                    5a:9d:fb:55:5f:9f:a5:52:cf:ff:8b:81:a9:be:92:
                    94:a7:b7:e8:86:f3:26:3d:6d:78:46:34:ee:cf:68:
                    c7:c6:d7:1d:02:bc:6a:96:ce:88:47:78:de:f3:86:
                    5b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:46:82:04:63:19:17:B1:09:08:52:18:34:18:86:24:0B:83:C4:C2
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:36d::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:cc:c6:43:2c:9d:d5:5b:c8:27:f8:47:91:1c:2a:e0:b7:f2:
         9d:e9:da:8e:94:31:64:41:a8:f3:b3:6e:0e:fc:ff:97:05:e0:
         0c:66:be:57:5d:32:14:54:63:d3:1e:ba:1c:7f:02:0c:19:b1:
         4c:87:aa:f3:c4:b8:10:2c:8b:99:57:c7:15:c9:96:69:93:fa:
         89:67:c6:23:59:9d:0b:9b:06:64:66:ef:65:1b:08:1d:88:76:
         84:67:aa:4b:b1:72:42:f5:0f:e8:c1:89:e7:32:75:b3:6a:a9:
         9c:ab:d3:c1:c4:13:62:3b:93:cb:97:9e:98:3a:f4:20:16:03:
         d1:e2:58:bf:80:2f:0b:50:90:1b:ff:d7:f8:2a:a5:ba:db:aa:
         97:cd:4a:6c:ec:76:86:40:e1:60:a1:05:92:a9:cf:56:b2:7b:
         8d:ea:53:86:18:80:52:00:f2:0d:e3:14:50:69:66:9d:2d:39:
         b8:c3:71:80:9d:34:60:e5:f0:a7:4c:2e:5c:f8:c3:4c:48:57:
         51:b9:c1:f6:be:26:95:e0:32:6c:1a:0c:a3:70:21:a0:de:c0:
         2a:c1:9b:f8:6b:42:47:41:19:dd:76:01:a8:65:28:22:8e:f6:
         4f:2e:83:cf:6e:94:d5:73:3a:a1:5b:5f:57:4a:27:22:8c:bf:
         7d:7e:d5:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOmFwuryP/rNyOY7+Ksl/64IyisEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKDhENDY4MjA0NjMxOTE3QjEwOTA4NTIxODM0MTg4NjI0MEI4M0M0QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2XbIsG8FMP4BNCC1agIB0ijIj
nPof8FL4Vef1w8iUv88daaPhfheqRJv/DkCFArb7uuZA9+ZqMGdwKwgtOJYHbedO
akGRWGNcAhXdx9vZebRiGXt8pNSfHjTQH4rJeAJD/R2h9OtWio2nvrehlrTKEOd4
wPArirGZJQHt7GfE9oy42ab/FJn6N5y7tgSlnCqKQVo6VAzD6olSyvnP+bJgxbNq
Ylp5gYsx3dzpmXRw2zhMluh6PFmykZ3Y/5mT1J6QieQe3UpU2T0VmK1H6TPTrlqd
+1Vfn6VSz/+Lgam+kpSnt+iG8yY9bXhGNO7PaMfG1x0CvGqWzohHeN7zhlv3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUjUaCBGMZF7EJCFIYNBiGJAuDxMIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNtMA0GCSqGSIb3DQEBCwUAA4IBAQAuzMZDLJ3VW8gn+EeRHCrgt/Kd6dqOlDFk
Qajzs24O/P+XBeAMZr5XXTIUVGPTHrocfwIMGbFMh6rzxLgQLIuZV8cVyZZpk/qJ
Z8YjWZ0LmwZkZu9lGwgdiHaEZ6pLsXJC9Q/owYnnMnWzaqmcq9PBxBNiO5PLl56Y
OvQgFgPR4li/gC8LUJAb/9f4KqW626qXzUps7HaGQOFgoQWSqc9WsnuN6lOGGIBS
APIN4xRQaWadLTm4w3GAnTRg5fCnTC5c+MNMSFdRucH2viaV4DJsGgyjcCGg3sAq
wZv4a0JHQRnddgGoZSgijvZPLoPPbpTVczqhW19XSicijL99ftXD
-----END CERTIFICATE-----