Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          Xr5xuHUgVGAS6OTwtOyU/bIB9QzPt2pHuuspoZIgCgs=
Subject key identifier:   6C:CC:39:E6:D2:B4:1A:17:3D:5E:B3:9A:A0:C0:77:4C:FA:FE:BB:86
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       27C21795EABE85893A2F953188336041CB4C5EB0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
Signing time:             Tue 15 Apr 2025 23:19:05 +0000
ROA not before:           Tue 15 Apr 2025 23:14:05 +0000
ROA not after:            Tue 14 Apr 2026 23:19:05 +0000
asID:                     215304
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.166.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:c2:17:95:ea:be:85:89:3a:2f:95:31:88:33:60:41:cb:4c:5e:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 15 23:14:05 2025 GMT
            Not After : Apr 14 23:19:05 2026 GMT
        Subject: CN=6CCC39E6D2B41A173D5EB39AA0C0774CFAFEBB86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ff:66:32:cb:70:59:16:af:be:36:81:fd:97:
                    65:a8:25:e8:6e:3d:d0:3f:2b:87:bb:2d:a0:61:36:
                    b4:ea:bc:f7:e4:5a:a6:81:50:db:2d:6f:3c:de:b0:
                    3b:9a:ea:35:14:b0:88:1f:b2:08:55:77:60:76:bf:
                    93:68:62:6f:4e:c9:55:25:7f:86:6f:34:81:aa:f8:
                    44:4a:64:d2:8e:0a:74:11:f2:4c:d0:c2:cd:e3:0b:
                    ae:e4:3e:c5:3b:71:5d:3f:57:55:c4:b3:6a:8c:ec:
                    5f:36:70:1e:c5:eb:af:51:3e:92:46:54:74:dc:95:
                    d9:a0:e6:b8:f6:71:d3:3a:a3:9c:05:3b:0e:8e:7b:
                    18:cf:50:15:e7:56:c8:03:3c:99:00:f7:43:a0:0b:
                    52:12:cc:17:46:c1:a1:ba:05:cd:f1:fb:ab:43:f9:
                    20:1a:23:f6:7f:c8:b2:b3:e6:21:34:a6:f8:d4:85:
                    f5:35:a3:2f:23:2e:84:f8:c8:71:c6:29:e6:c6:d6:
                    0b:fa:b6:d7:5a:10:d8:06:3b:53:84:30:9c:4a:ce:
                    87:61:99:45:b9:c5:8f:2f:7b:cb:65:1e:b6:47:18:
                    52:c8:82:fc:be:d0:1e:6c:00:31:d8:a1:c5:9d:26:
                    8a:64:bb:45:4b:69:8a:35:c6:3c:8c:95:d9:cf:a4:
                    d5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:CC:39:E6:D2:B4:1A:17:3D:5E:B3:9A:A0:C0:77:4C:FA:FE:BB:86
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.166.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ea:52:ba:7a:b2:32:76:07:86:ad:af:28:10:a2:fb:4b:c9:
         33:99:e8:f1:da:94:7b:30:0e:b6:11:3f:be:98:6b:b2:21:d1:
         b6:3c:ba:46:39:d1:67:57:83:6c:1e:b6:62:4d:8f:cb:7f:49:
         50:83:e6:f7:98:d2:cb:49:4d:59:0b:fc:db:86:bf:c8:16:5b:
         bf:66:83:a8:2c:fb:84:15:3f:64:08:a6:97:a7:1b:ca:db:83:
         a0:7c:25:40:29:06:d9:38:a2:a8:23:de:c3:6c:09:8d:eb:76:
         e4:bc:61:c1:f4:28:75:c9:a4:cb:48:20:40:c0:60:af:ea:5f:
         66:7d:e2:b4:45:b2:12:ce:81:49:cb:f0:35:53:57:e7:97:75:
         1f:2e:12:6f:f2:3d:0b:99:1c:28:68:3d:ba:0e:a0:d5:4f:46:
         d4:c6:58:98:96:d7:5f:90:fd:1f:3d:7f:6e:95:40:d8:8b:3c:
         3e:6c:9a:5a:03:63:38:f6:b9:80:1f:37:d4:97:46:d3:b3:f8:
         dd:f1:10:78:24:a5:21:aa:7e:a8:67:a7:5e:6f:96:a2:22:65:
         72:08:a6:32:14:7a:86:97:93:87:54:33:42:28:73:6a:b5:3d:
         b7:3b:b9:fc:6c:71:83:7f:e2:79:82:6e:51:9d:68:4a:ce:e1:
         5f:28:74:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJ8IXleq+hYk6L5UxiDNgQctMXrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTUyMzE0MDVaFw0yNjA0MTQyMzE5MDVaMDMxMTAvBgNV
BAMTKDZDQ0MzOUU2RDJCNDFBMTczRDVFQjM5QUEwQzA3NzRDRkFGRUJCODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE/2Yyy3BZFq++NoH9l2WoJehu
PdA/K4e7LaBhNrTqvPfkWqaBUNstbzzesDua6jUUsIgfsghVd2B2v5NoYm9OyVUl
f4ZvNIGq+ERKZNKOCnQR8kzQws3jC67kPsU7cV0/V1XEs2qM7F82cB7F669RPpJG
VHTcldmg5rj2cdM6o5wFOw6OexjPUBXnVsgDPJkA90OgC1ISzBdGwaG6Bc3x+6tD
+SAaI/Z/yLKz5iE0pvjUhfU1oy8jLoT4yHHGKebG1gv6ttdaENgGO1OEMJxKzodh
mUW5xY8ve8tlHrZHGFLIgvy+0B5sADHYocWdJopku0VLaYo1xjyMldnPpNXrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUbMw55tK0Ghc9XrOaoMB3TPr+u4YwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQts
AwQAjQumAwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQAV6lK6erIydgeGra8oEKL7
S8kzmejx2pR7MA62ET++mGuyIdG2PLpGOdFnV4NsHrZiTY/Lf0lQg+b3mNLLSU1Z
C/zbhr/IFlu/ZoOoLPuEFT9kCKaXpxvK24OgfCVAKQbZOKKoI97DbAmN63bkvGHB
9Ch1yaTLSCBAwGCv6l9mfeK0RbISzoFJy/A1U1fnl3UfLhJv8j0LmRwoaD26DqDV
T0bUxliYltdfkP0fPX9ulUDYizw+bJpaA2M49rmAHzfUl0bTs/jd8RB4JKUhqn6o
Z6deb5aiImVyCKYyFHqGl5OHVDNCKHNqtT23O7n8bHGDf+J5gm5RnWhKzuFfKHT0
-----END CERTIFICATE-----