Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215674.roa
File:                     AS215674.roa (raw, json)
Hash identifier:          qh+tqH3BN0r3lR8cjpSGLpnj+2qMUloK5D9cEI/EGGw=
Subject key identifier:   65:BC:4A:66:52:70:63:7C:93:F2:0C:D5:AC:E1:C3:AF:AF:99:84:68
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6F1295DD6055FE347A8BC1E706D2B422A45E1FD6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215674.roa
Signing time:             Fri 25 Jul 2025 08:07:45 +0000
ROA not before:           Fri 25 Jul 2025 08:02:45 +0000
ROA not after:            Fri 24 Jul 2026 08:07:45 +0000
asID:                     215674
IP address blocks:        2a0f:85c1:359::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:12:95:dd:60:55:fe:34:7a:8b:c1:e7:06:d2:b4:22:a4:5e:1f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:45 2025 GMT
            Not After : Jul 24 08:07:45 2026 GMT
        Subject: CN=65BC4A665270637C93F20CD5ACE1C3AFAF998468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:86:be:81:75:35:57:ef:0d:66:d0:3c:30:80:
                    97:62:4c:3d:41:f6:23:84:b2:ec:0c:fb:79:ee:77:
                    9b:45:ab:4a:68:12:39:4b:c4:c3:c2:4e:05:85:1f:
                    80:b9:e0:49:6a:bf:62:57:8a:43:c6:05:bf:06:22:
                    bf:9a:8a:35:41:7d:8f:ab:bb:3e:7c:6c:1d:86:11:
                    32:78:5d:b7:d0:26:30:3e:7d:6d:eb:be:d8:ba:ab:
                    d3:2d:0d:65:34:12:d1:c1:02:b0:15:4b:17:fc:c5:
                    f2:a7:92:6e:2f:b0:85:88:12:9e:e0:a3:38:d2:e4:
                    ca:4d:24:64:a8:f2:40:f5:20:8a:90:ac:36:95:62:
                    c3:54:5a:63:b5:66:e9:92:b3:a9:68:8e:8c:5c:89:
                    82:37:35:78:ec:cb:8f:32:b5:16:ab:fc:af:6c:74:
                    cb:04:71:0b:13:2e:52:9e:8b:01:64:f5:2a:25:b3:
                    3a:d5:06:cb:05:60:de:2e:c1:bc:e6:ab:23:1b:8a:
                    0b:26:18:a6:7c:fa:f8:24:7e:d4:09:e7:b3:4e:b4:
                    b4:ce:a2:0e:3d:56:f0:0d:66:6d:b8:30:eb:fe:1e:
                    44:a9:a1:81:d3:23:8e:b3:90:df:9f:cc:0d:ee:42:
                    5a:ea:ed:16:32:71:f4:19:7e:5a:e1:0b:13:aa:5b:
                    6f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BC:4A:66:52:70:63:7C:93:F2:0C:D5:AC:E1:C3:AF:AF:99:84:68
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215674.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:359::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:07:35:30:34:6c:d0:32:27:a0:7b:4d:2c:4b:16:42:f6:ce:
         1d:58:08:02:19:e1:be:33:70:65:94:14:36:77:69:8b:b0:67:
         74:1b:8f:c3:f1:41:3f:e7:63:01:16:48:11:03:31:b6:49:6a:
         ed:37:eb:58:30:03:2b:8b:48:39:00:ad:70:84:27:aa:e6:1f:
         b8:06:b2:ca:cb:65:60:75:5f:94:68:29:f1:ad:42:0b:04:2b:
         9c:73:a6:be:90:bc:b2:b1:78:d5:8f:65:d2:cc:80:6e:3a:d9:
         28:67:76:ea:13:62:8a:53:36:75:a4:d6:07:fd:99:58:fd:b0:
         2e:21:a5:c2:8b:51:4f:e9:be:96:6b:bf:5b:59:53:5c:5c:2a:
         2d:da:2b:61:e6:49:a4:6c:3f:ba:74:e1:eb:a2:c7:a5:25:b2:
         ed:89:ea:8c:c7:5e:3d:d5:02:b7:90:cd:df:54:3e:93:3a:e1:
         03:06:29:8f:df:6a:67:54:3f:47:39:27:07:25:aa:9c:f3:65:
         9e:5e:ee:a3:48:65:c5:6c:c3:b1:5c:10:41:41:83:c4:88:48:
         99:99:ff:17:0f:75:5b:a6:82:01:a9:de:62:51:9c:04:aa:f7:
         0a:df:ae:38:e9:6f:6b:b5:58:87:6b:d8:75:e1:9c:77:67:cb:
         5c:ab:76:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbxKV3WBV/jR6i8HnBtK0IqReH9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDVaFw0yNjA3MjQwODA3NDVaMDMxMTAvBgNV
BAMTKDY1QkM0QTY2NTI3MDYzN0M5M0YyMENENUFDRTFDM0FGQUY5OTg0NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQhr6BdTVX7w1m0DwwgJdiTD1B
9iOEsuwM+3nud5tFq0poEjlLxMPCTgWFH4C54Elqv2JXikPGBb8GIr+aijVBfY+r
uz58bB2GETJ4XbfQJjA+fW3rvti6q9MtDWU0EtHBArAVSxf8xfKnkm4vsIWIEp7g
ozjS5MpNJGSo8kD1IIqQrDaVYsNUWmO1ZumSs6lojoxciYI3NXjsy48ytRar/K9s
dMsEcQsTLlKeiwFk9SolszrVBssFYN4uwbzmqyMbigsmGKZ8+vgkftQJ57NOtLTO
og49VvANZm24MOv+HkSpoYHTI46zkN+fzA3uQlrq7RYycfQZflrhCxOqW2/xAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUZbxKZlJwY3yT8gzVrOHDr6+ZhGgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Njc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNZMA0GCSqGSIb3DQEBCwUAA4IBAQBgBzUwNGzQMiege00sSxZC9s4dWAgCGeG+
M3BllBQ2d2mLsGd0G4/D8UE/52MBFkgRAzG2SWrtN+tYMAMri0g5AK1whCeq5h+4
BrLKy2VgdV+UaCnxrUILBCucc6a+kLyysXjVj2XSzIBuOtkoZ3bqE2KKUzZ1pNYH
/ZlY/bAuIaXCi1FP6b6Wa79bWVNcXCot2ith5kmkbD+6dOHroselJbLtieqMx149
1QK3kM3fVD6TOuEDBimP32pnVD9HOScHJaqc82WeXu6jSGXFbMOxXBBBQYPEiEiZ
mf8XD3VbpoIBqd5iUZwEqvcK36446W9rtViHa9h14Zx3Z8tcq3YT
-----END CERTIFICATE-----