Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215286.roa
File:                     AS215286.roa (raw, json)
Hash identifier:          IoD89DPbOsZXua/HPTudUWYQHr9S+iHC95xq+R6L0kk=
Subject key identifier:   A1:25:3D:1C:07:7C:5D:4B:25:FE:29:A1:09:01:A8:07:CF:B6:3F:B9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0E841C90EADD4385FEC6618F3B9A29AE87E7C1BD
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215286.roa
Signing time:             Sat 14 Feb 2026 12:17:14 +0000
ROA not before:           Sat 14 Feb 2026 12:12:14 +0000
ROA not after:            Sat 13 Feb 2027 12:17:14 +0000
asID:                     215286
IP address blocks:        194.60.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:84:1c:90:ea:dd:43:85:fe:c6:61:8f:3b:9a:29:ae:87:e7:c1:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 14 12:12:14 2026 GMT
            Not After : Feb 13 12:17:14 2027 GMT
        Subject: CN=A1253D1C077C5D4B25FE29A10901A807CFB63FB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ee:7e:68:bb:62:ed:a7:73:59:26:f7:aa:3b:
                    84:ae:e0:03:bc:7c:26:64:b8:b2:ce:cd:56:2b:01:
                    bd:4b:b0:95:ef:8d:4b:2e:21:df:e1:29:26:04:9f:
                    fa:75:be:95:07:d3:8f:b5:ca:e7:c4:65:16:fd:e4:
                    b8:cc:12:22:41:1c:b1:7f:d7:06:66:ca:b2:80:00:
                    a3:9a:30:09:f8:72:18:32:47:a7:e1:96:c3:62:59:
                    7b:4a:68:ff:91:3d:66:2a:ce:03:8a:4e:03:50:83:
                    d6:fa:bc:0b:37:73:04:ba:85:5c:d1:a3:df:36:85:
                    75:dd:86:c5:27:2d:40:8c:44:21:51:1e:eb:64:f0:
                    96:e6:41:9d:8b:38:07:07:99:b7:6f:83:63:fb:3f:
                    dd:9e:0f:64:76:b4:47:f4:06:72:fc:27:4c:11:94:
                    2f:5b:b8:b7:1b:b9:e6:f3:a7:3d:1a:6b:ac:59:61:
                    fd:c6:64:d8:a5:aa:67:81:25:f0:ff:a5:da:a1:0f:
                    2b:ab:0c:09:42:e2:bf:f2:02:19:59:d7:ae:95:1f:
                    e4:b5:e0:a9:34:6c:ef:58:a8:6a:87:7f:65:7d:4b:
                    ed:e1:f3:08:61:ac:ad:44:7d:67:3e:6f:68:b3:68:
                    c8:e2:7f:54:a3:33:ab:49:23:c9:f3:04:03:9e:d6:
                    13:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:25:3D:1C:07:7C:5D:4B:25:FE:29:A1:09:01:A8:07:CF:B6:3F:B9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:56:de:1d:f7:4f:a5:eb:81:8c:41:ab:80:d9:ce:92:94:41:
         1d:19:b2:cf:6f:93:4c:f8:06:15:71:b9:a3:47:ec:e6:8c:77:
         e1:4c:b1:22:d8:58:89:76:7c:0f:23:be:75:4c:3f:d5:f6:9f:
         05:be:a5:1f:cc:4b:1c:5b:ac:c2:81:c1:0d:db:8d:cb:4e:6e:
         84:8e:ca:93:4b:bb:55:91:ad:f2:3d:b1:a1:cd:72:70:90:e5:
         b3:12:39:ca:a2:07:45:2e:37:0d:99:b9:b9:80:b6:fb:52:a4:
         e6:1c:ea:49:18:0e:6e:59:24:b4:03:85:12:37:a6:4f:ff:84:
         54:15:52:94:e6:c1:e0:71:da:df:78:98:e8:e9:94:11:41:0d:
         ef:44:0f:4a:61:0b:ed:b0:01:6d:97:92:3c:5d:f1:a2:ae:c9:
         cb:74:1b:95:e6:13:2c:9d:84:ec:73:28:2e:cb:52:b6:35:d9:
         00:d9:67:de:50:2c:2d:89:b7:bf:f8:6b:c1:d5:37:47:47:74:
         19:8b:ad:c3:c4:7f:e1:71:dc:d7:0e:62:d9:9c:ab:1d:c7:b6:
         90:d7:4f:32:71:8f:f4:91:05:56:51:ee:a5:fc:dc:96:83:1f:
         3a:31:72:a7:b5:ad:99:7d:6a:0b:7d:c0:a9:95:c4:7a:58:92:
         d7:ab:45:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDoQckOrdQ4X+xmGPO5oprofnwb0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMTQxMjEyMTRaFw0yNzAyMTMxMjE3MTRaMDMxMTAvBgNV
BAMTKEExMjUzRDFDMDc3QzVENEIyNUZFMjlBMTA5MDFBODA3Q0ZCNjNGQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd7n5ou2Ltp3NZJveqO4Su4AO8
fCZkuLLOzVYrAb1LsJXvjUsuId/hKSYEn/p1vpUH04+1yufEZRb95LjMEiJBHLF/
1wZmyrKAAKOaMAn4chgyR6fhlsNiWXtKaP+RPWYqzgOKTgNQg9b6vAs3cwS6hVzR
o982hXXdhsUnLUCMRCFRHutk8JbmQZ2LOAcHmbdvg2P7P92eD2R2tEf0BnL8J0wR
lC9buLcbuebzpz0aa6xZYf3GZNilqmeBJfD/pdqhDyurDAlC4r/yAhlZ166VH+S1
4Kk0bO9YqGqHf2V9S+3h8whhrK1EfWc+b2izaMjif1SjM6tJI8nzBAOe1hMPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoSU9HAd8XUsl/imhCQGoB8+2P7kwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1Mjg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxd
MA0GCSqGSIb3DQEBCwUAA4IBAQAAVt4d90+l64GMQauA2c6SlEEdGbLPb5NM+AYV
cbmjR+zmjHfhTLEi2FiJdnwPI751TD/V9p8FvqUfzEscW6zCgcEN243LTm6EjsqT
S7tVka3yPbGhzXJwkOWzEjnKogdFLjcNmbm5gLb7UqTmHOpJGA5uWSS0A4USN6ZP
/4RUFVKU5sHgcdrfeJjo6ZQRQQ3vRA9KYQvtsAFtl5I8XfGirsnLdBuV5hMsnYTs
cyguy1K2NdkA2WfeUCwtibe/+GvB1TdHR3QZi63DxH/hcdzXDmLZnKsdx7aQ108y
cY/0kQVWUe6l/NyWgx86MXKnta2ZfWoLfcCplcR6WJLXq0WL
-----END CERTIFICATE-----