Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa
File:                     AS215453.roa (raw, json)
Hash identifier:          ZELTeV83BnGWjKFKaskSwyQwcLVNyeHqT9M1TFJjXS8=
Subject key identifier:   2B:13:88:67:93:98:79:FF:A4:E6:E7:1C:E5:73:08:9B:F8:4D:1B:AC
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       109E82F9EABADCDD08D9E761184FC6D2087B0F8F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa
Signing time:             Thu 05 Feb 2026 16:03:51 +0000
ROA not before:           Thu 05 Feb 2026 15:58:51 +0000
ROA not after:            Thu 04 Feb 2027 16:03:51 +0000
asID:                     215453
IP address blocks:        141.11.200.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9e:82:f9:ea:ba:dc:dd:08:d9:e7:61:18:4f:c6:d2:08:7b:0f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  5 15:58:51 2026 GMT
            Not After : Feb  4 16:03:51 2027 GMT
        Subject: CN=2B138867939879FFA4E6E71CE573089BF84D1BAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:78:bf:72:ba:3a:fb:5d:05:5e:1a:73:60:b5:
                    5e:45:29:03:3f:29:e3:cb:9b:ac:89:e1:b9:ad:83:
                    75:c6:19:93:45:dc:92:8d:24:17:6d:a8:7c:36:6b:
                    d2:de:89:a0:7e:69:6b:04:91:35:30:8a:91:c6:00:
                    c6:eb:c5:e3:2d:b8:e2:1c:62:58:3e:fd:e1:46:17:
                    0e:2f:1a:3f:63:f3:c2:42:b2:ae:39:70:8f:88:94:
                    90:70:d6:20:74:0d:d6:ad:3a:b0:53:f8:e9:2c:af:
                    db:70:59:57:6d:46:b1:d7:67:ac:4f:7e:26:4c:c5:
                    b2:72:51:b8:a5:f6:44:48:59:49:59:bd:57:d7:b3:
                    9c:64:6f:e5:80:b2:90:4e:45:a8:91:01:4b:25:27:
                    d2:60:e5:73:61:fe:3e:9b:7a:de:87:87:9c:6d:16:
                    e0:b3:09:7f:62:7d:40:22:c0:a1:35:57:ea:d4:d3:
                    23:73:63:ec:b2:c4:3f:06:b6:ae:79:9e:02:a8:43:
                    fb:43:c9:1f:ca:4b:23:13:d6:3f:27:b5:b5:9f:c4:
                    cf:f2:d9:98:45:db:61:bf:e2:a0:84:c6:83:98:78:
                    c7:4b:e0:d5:0d:32:86:6b:d6:ca:d8:08:c0:86:fc:
                    a9:e5:b4:11:da:21:1c:39:b0:56:5e:63:7c:cb:a9:
                    82:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:13:88:67:93:98:79:FF:A4:E6:E7:1C:E5:73:08:9B:F8:4D:1B:AC
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:6c:ae:74:0b:c1:19:da:d7:fa:7a:1f:c8:2e:59:d1:5a:0b:
         70:69:96:74:18:df:08:bc:7b:54:a5:80:83:90:d3:4d:af:9a:
         90:a3:8d:18:96:11:55:68:d8:97:40:c0:2c:5a:89:04:90:b4:
         4f:a2:c9:41:fc:24:48:64:7c:ea:b1:6b:8f:9f:bd:24:fe:35:
         47:cb:c1:0c:2d:a4:51:b6:54:e8:37:16:a2:83:cb:bb:dc:e7:
         a6:c4:ec:5b:4f:9f:9f:6b:9a:3e:bb:1a:2c:d5:aa:d7:4b:4a:
         91:e2:0f:88:83:59:a4:f4:4f:fd:77:e4:c5:0e:e2:6e:98:82:
         ca:59:ba:77:43:aa:38:25:de:3b:86:56:5e:51:bb:38:1f:b9:
         2c:d8:2f:2e:37:02:4a:72:53:2a:7c:89:19:b7:07:2b:1a:ee:
         73:59:1a:7e:16:f3:db:e4:bd:70:82:00:02:e4:d6:bf:20:19:
         88:18:55:0c:b3:44:68:1c:6e:25:8c:bb:46:a9:d1:a0:46:d8:
         48:97:d4:57:e3:86:53:d7:88:40:53:2d:f7:a7:24:64:c9:fc:
         27:73:d6:49:14:61:5b:80:31:2b:67:70:90:4b:cd:ff:b7:fc:
         35:d5:65:1d:8f:2c:94:f3:58:f3:4e:ed:9f:d6:8c:88:50:e4:
         96:7f:c8:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEJ6C+eq63N0I2edhGE/G0gh7D48wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMDUxNTU4NTFaFw0yNzAyMDQxNjAzNTFaMDMxMTAvBgNV
BAMTKDJCMTM4ODY3OTM5ODc5RkZBNEU2RTcxQ0U1NzMwODlCRjg0RDFCQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0eL9yujr7XQVeGnNgtV5FKQM/
KePLm6yJ4bmtg3XGGZNF3JKNJBdtqHw2a9LeiaB+aWsEkTUwipHGAMbrxeMtuOIc
Ylg+/eFGFw4vGj9j88JCsq45cI+IlJBw1iB0DdatOrBT+Oksr9twWVdtRrHXZ6xP
fiZMxbJyUbil9kRIWUlZvVfXs5xkb+WAspBORaiRAUslJ9Jg5XNh/j6bet6Hh5xt
FuCzCX9ifUAiwKE1V+rU0yNzY+yyxD8Gtq55ngKoQ/tDyR/KSyMT1j8ntbWfxM/y
2ZhF22G/4qCExoOYeMdL4NUNMoZr1srYCMCG/KnltBHaIRw5sFZeY3zLqYJVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKxOIZ5OYef+k5ucc5XMIm/hNG6wwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1NDUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvI
MA0GCSqGSIb3DQEBCwUAA4IBAQAxbK50C8EZ2tf6eh/ILlnRWgtwaZZ0GN8IvHtU
pYCDkNNNr5qQo40YlhFVaNiXQMAsWokEkLRPoslB/CRIZHzqsWuPn70k/jVHy8EM
LaRRtlToNxaig8u73OemxOxbT5+fa5o+uxos1arXS0qR4g+Ig1mk9E/9d+TFDuJu
mILKWbp3Q6o4Jd47hlZeUbs4H7ks2C8uNwJKclMqfIkZtwcrGu5zWRp+FvPb5L1w
ggAC5Na/IBmIGFUMs0RoHG4ljLtGqdGgRthIl9RX44ZT14hAUy33pyRkyfwnc9ZJ
FGFbgDErZ3CQS83/t/w11WUdjyyU81jzTu2f1oyIUOSWf8g2
-----END CERTIFICATE-----