Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          Q9RyfO6f4OWrt6few4KJpeooe136YFYNB6TBLiLr884=
Subject key identifier:   0B:69:76:D4:A8:8C:14:7B:3F:81:6A:D4:4E:79:76:6B:9F:79:64:2B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7486505EE802013E8772338670E0511AA6E59C19
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215287.roa
Signing time:             Sun 27 Apr 2025 16:00:54 +0000
ROA not before:           Sun 27 Apr 2025 15:55:54 +0000
ROA not after:            Sun 26 Apr 2026 16:00:54 +0000
asID:                     215287
IP address blocks:        141.11.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 13:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:86:50:5e:e8:02:01:3e:87:72:33:86:70:e0:51:1a:a6:e5:9c:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 27 15:55:54 2025 GMT
            Not After : Apr 26 16:00:54 2026 GMT
        Subject: CN=0B6976D4A88C147B3F816AD44E79766B9F79642B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ec:3c:e2:3b:bf:fd:ef:ee:e7:86:57:5d:4f:
                    e2:bb:42:43:2e:cd:0d:52:10:17:ff:19:51:bf:f9:
                    f1:d9:6b:eb:cf:13:ab:ec:6e:54:a0:58:d3:c1:c4:
                    55:1b:e9:53:f9:a1:de:7d:c0:0c:80:52:92:94:d9:
                    f9:a8:61:f5:57:68:0f:08:d9:28:af:2f:54:61:58:
                    86:78:ed:6a:33:33:54:1e:5e:d8:7e:64:3d:7f:8b:
                    9c:9b:ad:80:e0:d3:dd:83:ed:38:ca:2e:ca:67:39:
                    32:d0:13:80:1c:aa:95:7b:dd:1c:23:04:2d:9b:21:
                    00:71:7c:9b:5d:87:53:b1:04:90:8d:04:a0:4b:7c:
                    4f:23:d8:9f:82:98:ee:02:b1:f9:f4:44:9f:85:ad:
                    2c:05:c8:69:40:6d:42:d2:2c:92:a2:e9:50:19:26:
                    44:17:6f:16:b7:ac:9e:65:af:9b:83:e6:1f:1a:44:
                    2d:a1:7a:4c:b7:3d:1f:15:64:20:96:11:f1:6e:e8:
                    32:ef:8b:27:af:d7:ac:93:3b:5b:c6:bb:1c:e5:01:
                    67:8e:b5:cb:c6:82:71:fd:08:e8:9e:56:58:a9:b8:
                    1c:1f:45:f9:b0:44:3c:2e:60:a7:8d:6e:19:d8:03:
                    dc:a0:ae:e9:c9:a2:4f:ca:89:a7:a8:12:e8:4e:d5:
                    93:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:69:76:D4:A8:8C:14:7B:3F:81:6A:D4:4E:79:76:6B:9F:79:64:2B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e2:c4:cf:7e:c1:8b:1f:66:71:98:e3:cc:b9:39:fb:2c:10:
         da:f8:6a:00:06:d9:0d:ef:12:05:ee:c1:c7:79:a4:78:4f:f0:
         71:0b:13:d4:ec:04:98:02:ae:42:2b:3a:76:17:e2:41:2b:66:
         fd:af:0e:18:87:ba:d1:4d:7b:23:9d:da:69:63:38:f1:b2:d1:
         54:dc:aa:8c:e1:a0:99:b1:34:1b:b5:49:d2:60:9b:45:89:32:
         e8:bc:21:d9:dc:20:78:cf:e6:70:69:76:6c:9b:c9:86:87:95:
         43:00:a7:c7:6f:bd:03:8e:01:5a:b2:11:6c:46:ce:0f:f7:2a:
         8e:2d:a0:75:7a:2b:5a:60:e6:6a:53:d0:68:a7:5f:05:5a:d7:
         95:20:f1:77:85:5a:5c:34:63:11:ae:56:68:f2:cd:ef:a8:c6:
         1f:1f:85:7b:c6:79:ee:8d:fa:2f:c8:ca:3c:86:3d:f3:56:96:
         3f:7c:17:5e:4d:5c:6b:33:97:5b:b7:ab:42:d6:57:87:fa:2a:
         28:5e:5e:e8:b0:b1:cb:1b:9a:d4:8c:9c:56:33:a8:92:7a:a0:
         61:11:8e:ea:c7:ad:57:da:68:65:51:15:08:4b:ba:6a:f3:e4:
         f6:b6:a7:ca:2b:20:2a:6b:9b:cb:67:75:09:ed:a4:56:05:d4:
         c7:af:59:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdIZQXugCAT6HcjOGcOBRGqblnBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MjcxNTU1NTRaFw0yNjA0MjYxNjAwNTRaMDMxMTAvBgNV
BAMTKDBCNjk3NkQ0QTg4QzE0N0IzRjgxNkFENDRFNzk3NjZCOUY3OTY0MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7DziO7/97+7nhlddT+K7QkMu
zQ1SEBf/GVG/+fHZa+vPE6vsblSgWNPBxFUb6VP5od59wAyAUpKU2fmoYfVXaA8I
2SivL1RhWIZ47WozM1QeXth+ZD1/i5ybrYDg092D7TjKLspnOTLQE4AcqpV73Rwj
BC2bIQBxfJtdh1OxBJCNBKBLfE8j2J+CmO4Csfn0RJ+FrSwFyGlAbULSLJKi6VAZ
JkQXbxa3rJ5lr5uD5h8aRC2heky3PR8VZCCWEfFu6DLviyev16yTO1vGuxzlAWeO
tcvGgnH9COieVlipuBwfRfmwRDwuYKeNbhnYA9ygrunJok/KiaeoEuhO1ZOpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUC2l21KiMFHs/gWrUTnl2a595ZCswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvs
MA0GCSqGSIb3DQEBCwUAA4IBAQCd4sTPfsGLH2ZxmOPMuTn7LBDa+GoABtkN7xIF
7sHHeaR4T/BxCxPU7ASYAq5CKzp2F+JBK2b9rw4Yh7rRTXsjndppYzjxstFU3KqM
4aCZsTQbtUnSYJtFiTLovCHZ3CB4z+ZwaXZsm8mGh5VDAKfHb70DjgFashFsRs4P
9yqOLaB1eitaYOZqU9Bop18FWteVIPF3hVpcNGMRrlZo8s3vqMYfH4V7xnnujfov
yMo8hj3zVpY/fBdeTVxrM5dbt6tC1leH+iooXl7osLHLG5rUjJxWM6iSeqBhEY7q
x61X2mhlURUIS7pq8+T2tqfKKyAqa5vLZ3UJ7aRWBdTHr1ka
-----END CERTIFICATE-----