Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215794.roa
File:                     AS215794.roa (raw, json)
Hash identifier:          hc1NOnnlUcfT0nqXFlJf1XFafjtBmiP1DUyx5SCP6qg=
Subject key identifier:   67:09:17:42:96:A2:6D:1A:C4:78:EE:C3:7B:3B:AD:54:5B:98:AB:9C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       45E0B9F0F0B9ADBF0B93BD4651DB180A89D66C95
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215794.roa
Signing time:             Thu 26 Feb 2026 04:08:27 +0000
ROA not before:           Thu 26 Feb 2026 04:03:27 +0000
ROA not after:            Thu 25 Feb 2027 04:08:27 +0000
asID:                     215794
IP address blocks:        2a0f:85c1:8f6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e0:b9:f0:f0:b9:ad:bf:0b:93:bd:46:51:db:18:0a:89:d6:6c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 26 04:03:27 2026 GMT
            Not After : Feb 25 04:08:27 2027 GMT
        Subject: CN=6709174296A26D1AC478EEC37B3BAD545B98AB9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:df:c7:c9:41:65:bf:0b:6d:a9:16:bd:90:41:
                    30:e4:56:d5:92:61:bb:1c:b4:e8:8c:b0:8d:bc:df:
                    b0:de:0f:06:99:c3:41:3f:93:62:43:37:1d:ef:fe:
                    e5:97:d7:51:5f:4e:82:13:cc:37:4f:9a:26:85:a0:
                    7c:77:4c:a8:39:39:8b:b4:da:0a:1a:9f:d5:63:93:
                    9c:97:60:8d:ff:df:69:22:c9:ab:b7:3d:23:a4:50:
                    04:c2:f3:8f:cd:a1:db:30:a0:b0:0c:9f:af:93:bf:
                    ca:6a:60:7a:00:b3:fb:98:d8:8e:8b:f5:81:a4:d8:
                    ca:8e:20:c6:c1:09:f3:e7:57:0b:2f:11:c2:73:bd:
                    aa:09:f4:df:13:8a:be:56:fa:4f:53:f5:2d:d5:0c:
                    94:8a:eb:e0:69:b0:61:9b:55:b3:33:99:7c:40:34:
                    44:2a:7a:4b:16:05:76:ab:c8:dc:6d:6e:39:09:5b:
                    55:a6:a6:2f:39:86:2e:2d:1f:5d:9c:a9:31:2d:8f:
                    1d:67:e9:a6:6b:2f:d4:ac:2a:b5:2e:72:26:72:4d:
                    00:0e:b6:29:0f:45:a6:55:3d:11:38:0a:eb:bc:c0:
                    37:4b:93:56:87:08:de:69:01:d0:b2:8d:6b:9a:ee:
                    22:46:24:67:f3:fc:f7:64:9d:2a:29:3d:e8:29:31:
                    f7:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:09:17:42:96:A2:6D:1A:C4:78:EE:C3:7B:3B:AD:54:5B:98:AB:9C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215794.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f6::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:b1:3a:d0:45:54:4a:1e:22:71:60:ee:4c:27:07:3a:19:27:
         1f:2a:5f:9e:1b:4f:36:a6:b6:e9:96:bb:19:3a:4d:3a:4b:98:
         57:1c:a2:dc:83:f7:a1:e9:a8:4e:44:80:d5:5f:a3:c1:3e:fa:
         0e:d9:0e:cb:40:6b:e0:27:ce:c3:11:39:d8:63:37:4e:b2:1c:
         c6:9f:49:8e:49:8f:11:db:c3:ca:9b:37:79:17:17:fa:c2:37:
         17:85:95:59:e3:a7:be:00:bf:7e:cb:bc:d6:ca:a5:cb:aa:8d:
         41:b0:4a:08:b9:72:53:8f:12:db:8c:c8:29:38:05:61:34:fc:
         9b:36:91:b7:54:a5:39:09:d8:53:54:51:1b:d9:c6:6f:60:d4:
         cb:7b:86:38:68:1b:87:ac:1f:e5:55:b1:9e:5f:11:a3:d7:2c:
         ef:dc:8d:3b:ad:7b:e1:38:3f:97:c1:7b:49:e4:81:5a:cd:b7:
         1c:41:4a:9f:87:b2:c2:05:21:50:53:64:86:fa:a9:ee:58:d6:
         77:a6:cb:d3:9a:e5:de:24:a0:30:01:5b:f8:b3:ce:cc:63:c3:
         19:66:a0:e6:e9:1d:02:33:e1:da:4b:08:e4:52:34:30:aa:a9:
         15:f1:2f:d4:52:4a:56:5c:2e:c7:1c:76:e0:6a:6a:c1:cf:c0:
         9d:a3:4e:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUReC58PC5rb8Lk71GUdsYConWbJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjYwNDAzMjdaFw0yNzAyMjUwNDA4MjdaMDMxMTAvBgNV
BAMTKDY3MDkxNzQyOTZBMjZEMUFDNDc4RUVDMzdCM0JBRDU0NUI5OEFCOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv38fJQWW/C22pFr2QQTDkVtWS
YbsctOiMsI2837DeDwaZw0E/k2JDNx3v/uWX11FfToITzDdPmiaFoHx3TKg5OYu0
2goan9Vjk5yXYI3/32kiyau3PSOkUATC84/NodswoLAMn6+Tv8pqYHoAs/uY2I6L
9YGk2MqOIMbBCfPnVwsvEcJzvaoJ9N8Tir5W+k9T9S3VDJSK6+BpsGGbVbMzmXxA
NEQqeksWBXaryNxtbjkJW1Wmpi85hi4tH12cqTEtjx1n6aZrL9SsKrUuciZyTQAO
tikPRaZVPRE4Cuu8wDdLk1aHCN5pAdCyjWua7iJGJGfz/PdknSopPegpMffZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUZwkXQpaibRrEeO7DezutVFuYq5wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Nzk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQj2MA0GCSqGSIb3DQEBCwUAA4IBAQBRsTrQRVRKHiJxYO5MJwc6GScfKl+eG082
prbplrsZOk06S5hXHKLcg/eh6ahORIDVX6PBPvoO2Q7LQGvgJ87DETnYYzdOshzG
n0mOSY8R28PKmzd5Fxf6wjcXhZVZ46e+AL9+y7zWyqXLqo1BsEoIuXJTjxLbjMgp
OAVhNPybNpG3VKU5CdhTVFEb2cZvYNTLe4Y4aBuHrB/lVbGeXxGj1yzv3I07rXvh
OD+XwXtJ5IFazbccQUqfh7LCBSFQU2SG+qnuWNZ3psvTmuXeJKAwAVv4s87MY8MZ
ZqDm6R0CM+HaSwjkUjQwqqkV8S/UUkpWXC7HHHbgamrBz8Cdo07Z
-----END CERTIFICATE-----