Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa
File:                     AS215676.roa (raw, json)
Hash identifier:          02z7Cdad/QoYcHmzJ4zNd1w3kE4VNVsb8272TEgQSx8=
Subject key identifier:   D4:F3:A7:49:D8:6E:8D:B9:9C:B4:26:32:B9:E9:B0:EB:D7:35:8E:20
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2E6F70CA6EC8E658E6C8DE646EC166734B021042
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa
Signing time:             Fri 25 Jul 2025 08:07:39 +0000
ROA not before:           Fri 25 Jul 2025 08:02:39 +0000
ROA not after:            Fri 24 Jul 2026 08:07:39 +0000
asID:                     215676
IP address blocks:        2a0f:85c1:355::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:6f:70:ca:6e:c8:e6:58:e6:c8:de:64:6e:c1:66:73:4b:02:10:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:39 2025 GMT
            Not After : Jul 24 08:07:39 2026 GMT
        Subject: CN=D4F3A749D86E8DB99CB42632B9E9B0EBD7358E20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a5:ce:b9:a1:a1:9a:32:a9:ec:50:1c:fc:66:
                    4f:e9:a1:99:7c:af:cc:74:bd:85:15:a0:95:8f:fb:
                    b1:c7:0f:0e:89:97:a5:cf:79:2a:b0:95:e4:29:f2:
                    8c:1d:03:a9:8b:4a:ba:46:1e:1a:21:de:72:47:3f:
                    eb:6c:ad:59:f5:ef:71:90:c3:25:17:28:e7:3a:ac:
                    dd:a4:cc:19:77:01:72:59:61:59:f1:45:c5:12:44:
                    53:cd:d6:75:f6:34:89:e7:24:18:67:e2:77:9a:10:
                    93:c4:12:95:d8:84:6a:d2:a0:3e:32:c4:7a:df:8d:
                    f8:5c:0d:d0:bb:0f:23:65:91:0a:81:39:3c:f1:ac:
                    33:7b:a4:d0:5e:cb:b2:80:eb:fd:fc:d4:a1:ba:ba:
                    2d:dd:2d:5b:6e:c4:b6:30:e1:79:e9:81:28:c2:f2:
                    11:52:a4:a2:ad:82:10:a3:98:d3:b7:2f:40:10:21:
                    19:16:82:8c:6f:da:fd:dd:cf:98:e0:4c:1c:c4:72:
                    24:dd:7b:46:b8:41:f8:52:96:db:c5:d8:8e:a7:df:
                    1e:77:55:e3:13:66:7d:6c:0c:c8:98:d6:9e:24:58:
                    b1:40:2b:0b:67:b3:6f:52:a2:c1:a2:c4:85:7f:b5:
                    24:c7:c5:7e:30:2f:53:c3:2d:47:de:df:84:e5:c5:
                    33:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F3:A7:49:D8:6E:8D:B9:9C:B4:26:32:B9:E9:B0:EB:D7:35:8E:20
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:355::/48

    Signature Algorithm: sha256WithRSAEncryption
         d3:2c:99:25:23:41:fe:49:7f:e6:de:7b:ee:14:7a:c2:0d:97:
         a3:79:55:07:af:a2:70:0f:b9:22:4c:2f:69:41:bc:62:1a:58:
         53:be:bc:a2:7b:04:f3:11:52:9f:d2:bb:ce:e2:e9:20:0a:02:
         2b:e1:79:b8:db:1d:57:8d:ec:ff:e2:2a:b0:3d:d0:44:a9:84:
         d6:5c:29:51:18:f9:b5:c6:0b:33:70:0c:02:c5:1d:db:7d:d6:
         ff:ce:22:8f:e8:5f:e5:42:cd:0b:1c:c9:a6:c6:90:68:01:68:
         9b:de:61:b3:bc:05:36:32:43:1f:ce:20:9b:4d:39:b7:27:6e:
         89:26:56:0c:33:cb:b1:14:d2:8f:7a:fa:ec:fe:6d:39:9e:c7:
         98:4c:74:5a:4e:78:c3:4f:54:0e:38:d2:3d:27:9b:8f:9c:8b:
         c9:15:6e:f7:da:b8:d4:0c:c7:21:cb:67:4c:de:07:b1:51:38:
         20:5d:d1:09:f4:5d:3b:3d:11:b4:3d:bf:d9:b5:67:9b:f9:ca:
         79:6a:18:09:b0:02:c6:be:fe:5b:c3:2c:e6:12:69:a1:63:a2:
         23:c0:25:47:aa:fa:c0:18:8e:64:a1:6c:10:dd:26:55:05:27:
         3a:1a:12:4d:ff:fb:5f:60:98:49:8c:0e:4d:3c:70:21:b4:5c:
         bb:ac:48:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULm9wym7I5ljmyN5kbsFmc0sCEEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzlaFw0yNjA3MjQwODA3MzlaMDMxMTAvBgNV
BAMTKEQ0RjNBNzQ5RDg2RThEQjk5Q0I0MjYzMkI5RTlCMEVCRDczNThFMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCpc65oaGaMqnsUBz8Zk/poZl8
r8x0vYUVoJWP+7HHDw6Jl6XPeSqwleQp8owdA6mLSrpGHhoh3nJHP+tsrVn173GQ
wyUXKOc6rN2kzBl3AXJZYVnxRcUSRFPN1nX2NInnJBhn4neaEJPEEpXYhGrSoD4y
xHrfjfhcDdC7DyNlkQqBOTzxrDN7pNBey7KA6/381KG6ui3dLVtuxLYw4XnpgSjC
8hFSpKKtghCjmNO3L0AQIRkWgoxv2v3dz5jgTBzEciTde0a4QfhSltvF2I6n3x53
VeMTZn1sDMiY1p4kWLFAKwtns29SosGixIV/tSTHxX4wL1PDLUfe34TlxTPbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1POnSdhujbmctCYyuemw69c1jiAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Njc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNVMA0GCSqGSIb3DQEBCwUAA4IBAQDTLJklI0H+SX/m3nvuFHrCDZejeVUHr6Jw
D7kiTC9pQbxiGlhTvryiewTzEVKf0rvO4ukgCgIr4Xm42x1Xjez/4iqwPdBEqYTW
XClRGPm1xgszcAwCxR3bfdb/ziKP6F/lQs0LHMmmxpBoAWib3mGzvAU2MkMfziCb
TTm3J26JJlYMM8uxFNKPevrs/m05nseYTHRaTnjDT1QOONI9J5uPnIvJFW732rjU
DMchy2dM3gexUTggXdEJ9F07PRG0Pb/ZtWeb+cp5ahgJsALGvv5bwyzmEmmhY6Ij
wCVHqvrAGI5koWwQ3SZVBSc6GhJN//tfYJhJjA5NPHAhtFy7rEjE
-----END CERTIFICATE-----