Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa
File:                     AS215791.roa (raw, json)
Hash identifier:          pDe+WeoZN5C8paUoD1OTpab9DNClK+PLAnN5EivtHzM=
Subject key identifier:   73:C3:32:75:65:CA:97:F8:AD:8B:8D:49:8F:72:73:E5:8A:A3:ED:DA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6A7F094F2A562243D21E0B7347D19491C4004775
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa
Signing time:             Fri 25 Jul 2025 08:07:37 +0000
ROA not before:           Fri 25 Jul 2025 08:02:37 +0000
ROA not after:            Fri 24 Jul 2026 08:07:37 +0000
asID:                     215791
IP address blocks:        2a0f:85c1:348::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7f:09:4f:2a:56:22:43:d2:1e:0b:73:47:d1:94:91:c4:00:47:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:37 2025 GMT
            Not After : Jul 24 08:07:37 2026 GMT
        Subject: CN=73C3327565CA97F8AD8B8D498F7273E58AA3EDDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:40:05:5c:c0:01:57:6a:c6:f2:e5:2d:e8:96:
                    fb:0a:0f:cc:43:05:5d:24:31:4a:5f:d0:7a:86:d3:
                    1b:58:d7:e2:91:d1:bb:df:64:8f:56:03:ba:eb:38:
                    2b:74:23:56:b1:61:60:39:3a:15:c0:41:20:32:db:
                    a9:bc:b1:17:ac:1a:60:3d:54:3d:bf:a0:a1:e3:7a:
                    cc:12:bf:3e:ef:18:31:98:75:83:43:bf:5e:ab:b2:
                    d4:37:51:ca:f9:a3:5a:30:11:5d:13:d5:87:f2:dd:
                    5d:25:61:1b:5d:52:53:17:66:58:fa:60:a6:b6:b7:
                    2a:de:b2:af:06:6d:7f:7f:b4:96:fa:76:7d:ba:4c:
                    f8:60:a0:66:13:ca:4e:ee:9c:0e:77:1f:50:61:cd:
                    c7:00:c0:36:13:87:e3:d1:ff:dd:95:04:8f:99:3f:
                    d0:81:ae:41:60:13:c9:03:53:47:50:f5:98:20:44:
                    50:c8:dd:15:98:82:32:20:3a:4d:c6:47:38:3f:a3:
                    b6:9b:e5:60:04:33:3f:80:4e:1e:53:95:8c:05:62:
                    8d:a8:e4:13:14:0d:d6:67:b0:c6:21:81:98:5e:99:
                    ef:ef:b2:a7:39:d1:c7:60:a6:1c:39:17:c5:b7:e2:
                    cb:14:fd:a1:27:e7:4b:51:e4:9a:6f:f5:9f:8b:c4:
                    fc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C3:32:75:65:CA:97:F8:AD:8B:8D:49:8F:72:73:E5:8A:A3:ED:DA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:348::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:81:a4:df:7d:9f:72:f5:b4:9e:8c:88:a6:9c:f2:d8:66:55:
         9b:56:e2:ed:0d:f8:50:aa:e0:c4:71:42:26:8a:c7:a8:dc:56:
         cf:87:10:a7:d8:ca:2b:92:60:aa:f6:f0:c6:77:5c:ab:47:dc:
         c3:45:0b:26:72:47:d2:90:ea:e0:0d:2f:1a:aa:18:6f:86:d8:
         ce:cc:1d:bf:d4:17:53:28:7c:8d:ee:06:9a:75:12:da:af:e5:
         ff:0e:86:0d:e0:ec:66:91:c9:bf:cd:5b:15:dd:85:5f:2f:86:
         d0:a5:b8:dc:6d:f5:1c:ec:7c:87:d7:19:f2:29:1e:32:6c:bd:
         5d:61:47:0b:dd:2c:a1:0c:3c:5c:41:d2:ef:8b:e8:9f:c4:40:
         2f:cd:a3:48:fa:09:13:57:97:0f:43:4f:a9:25:85:d0:26:59:
         be:53:b4:54:a2:29:f3:90:38:3f:69:b8:b6:5d:f6:97:e9:60:
         36:21:c3:f9:5f:68:47:58:be:93:66:20:55:79:c9:53:0d:08:
         e9:cc:05:d6:f0:3e:a3:26:fc:47:af:73:50:04:16:71:7f:48:
         ae:bb:3b:23:c0:bb:11:4f:27:1c:b5:26:dc:34:49:c1:72:a7:
         4b:7e:b8:37:7c:1a:1d:2c:2b:09:09:12:63:ec:a5:01:ff:f2:
         32:f1:08:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUan8JTypWIkPSHgtzR9GUkcQAR3UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzdaFw0yNjA3MjQwODA3MzdaMDMxMTAvBgNV
BAMTKDczQzMzMjc1NjVDQTk3RjhBRDhCOEQ0OThGNzI3M0U1OEFBM0VEREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzQAVcwAFXasby5S3olvsKD8xD
BV0kMUpf0HqG0xtY1+KR0bvfZI9WA7rrOCt0I1axYWA5OhXAQSAy26m8sResGmA9
VD2/oKHjeswSvz7vGDGYdYNDv16rstQ3Ucr5o1owEV0T1Yfy3V0lYRtdUlMXZlj6
YKa2tyresq8GbX9/tJb6dn26TPhgoGYTyk7unA53H1BhzccAwDYTh+PR/92VBI+Z
P9CBrkFgE8kDU0dQ9ZggRFDI3RWYgjIgOk3GRzg/o7ab5WAEMz+ATh5TlYwFYo2o
5BMUDdZnsMYhgZheme/vsqc50cdgphw5F8W34ssU/aEn50tR5Jpv9Z+LxPy1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUc8MydWXKl/iti41Jj3Jz5Yqj7dowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNIMA0GCSqGSIb3DQEBCwUAA4IBAQA+gaTffZ9y9bSejIimnPLYZlWbVuLtDfhQ
quDEcUImiseo3FbPhxCn2MorkmCq9vDGd1yrR9zDRQsmckfSkOrgDS8aqhhvhtjO
zB2/1BdTKHyN7gaadRLar+X/DoYN4Oxmkcm/zVsV3YVfL4bQpbjcbfUc7HyH1xny
KR4ybL1dYUcL3SyhDDxcQdLvi+ifxEAvzaNI+gkTV5cPQ0+pJYXQJlm+U7RUoinz
kDg/abi2XfaX6WA2IcP5X2hHWL6TZiBVeclTDQjpzAXW8D6jJvxHr3NQBBZxf0iu
uzsjwLsRTycctSbcNEnBcqdLfrg3fBodLCsJCRJj7KUB//Iy8QgP
-----END CERTIFICATE-----