Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215672.roa
File:                     AS215672.roa (raw, json)
Hash identifier:          62yj3C9xCPXRuTg5565yAhwmbjOPD8pYTD2UbMYvLtQ=
Subject key identifier:   EF:1D:FF:6D:C3:7C:75:9A:00:40:EC:E6:D4:5A:B2:BB:B1:80:1C:A5
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       31F3F994D58CCFDE25B038FF9C00ABD8EF5B0A76
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215672.roa
Signing time:             Fri 06 Feb 2026 14:22:58 +0000
ROA not before:           Fri 06 Feb 2026 14:17:58 +0000
ROA not after:            Fri 05 Feb 2027 14:22:58 +0000
asID:                     215672
IP address blocks:        141.11.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:f3:f9:94:d5:8c:cf:de:25:b0:38:ff:9c:00:ab:d8:ef:5b:0a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  6 14:17:58 2026 GMT
            Not After : Feb  5 14:22:58 2027 GMT
        Subject: CN=EF1DFF6DC37C759A0040ECE6D45AB2BBB1801CA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fd:16:45:2e:12:b4:18:83:b3:08:7d:5e:94:
                    f2:7a:85:a1:d7:8e:5e:08:67:d8:95:a4:d0:4c:0c:
                    ea:7b:d2:da:89:aa:10:03:a8:15:d8:fb:eb:8e:bd:
                    9d:65:71:c2:34:ea:9f:d6:44:c0:07:5a:e5:39:a3:
                    30:98:9b:01:fd:47:76:95:00:38:85:05:02:76:1a:
                    33:74:5e:9c:ad:a8:32:50:74:44:d3:38:d3:4f:80:
                    26:90:4c:f7:ae:16:45:5f:b2:70:94:ae:33:ea:17:
                    fe:35:10:d0:22:22:62:d7:3c:a4:6c:56:65:1b:a2:
                    0f:55:16:47:20:8e:94:61:30:28:17:a8:e8:5f:a3:
                    e2:6c:20:91:cf:ce:a1:db:69:05:7c:b2:d9:9e:e3:
                    b1:51:2e:94:e9:49:23:be:4e:cf:2e:60:a4:84:2d:
                    6c:12:ce:dd:da:8e:76:55:c8:e8:c5:8b:8b:42:a4:
                    09:03:dc:db:7f:c0:e5:79:b9:50:55:24:35:31:4c:
                    d9:0a:92:ed:8f:47:3f:50:d8:12:07:8f:75:ab:df:
                    02:40:5f:6d:0f:87:1d:fb:98:03:d9:54:60:af:b5:
                    d4:f3:4b:db:c7:ba:55:40:40:50:94:07:28:df:fd:
                    08:25:31:45:d7:92:e4:f2:ff:28:18:97:3c:de:51:
                    1a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1D:FF:6D:C3:7C:75:9A:00:40:EC:E6:D4:5A:B2:BB:B1:80:1C:A5
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:eb:ea:68:07:91:63:b3:0c:20:51:62:1f:49:0e:47:89:96:
         0d:bc:c2:43:94:a6:f3:2d:ff:9d:c7:db:29:8f:51:b2:3a:3e:
         88:ba:dc:ca:90:e0:f9:42:61:e2:53:18:21:58:32:e6:05:b4:
         44:d8:d6:f1:19:1a:7a:3e:66:c8:6f:e6:8f:5f:4b:6d:df:99:
         4c:ae:6b:26:8e:2e:3e:38:5d:34:98:d4:98:3c:27:8b:a8:10:
         16:72:73:85:da:af:6a:4b:93:86:bf:ca:8b:c9:8c:67:62:a9:
         f6:3c:cb:fc:36:f5:87:1c:e1:46:2f:e0:82:89:b4:9e:53:f3:
         1f:25:88:42:9f:5b:c8:e0:40:68:4f:29:97:18:80:08:fc:85:
         db:9f:99:f5:85:c5:f3:e0:8c:b3:5e:f8:25:8d:1e:fd:6c:4d:
         e1:ce:b1:d8:9d:b3:11:7c:a1:f7:aa:6b:7d:b3:b1:b6:66:0d:
         75:10:16:09:0e:2f:fc:f1:5e:3e:e6:92:b1:ad:80:ab:99:e4:
         8c:f2:c6:80:6d:fd:1b:29:d6:52:55:8d:18:3c:15:91:fa:a7:
         76:0b:7b:d3:be:d9:9f:b2:89:92:44:b3:bf:b9:52:ff:a5:61:
         8d:7c:98:47:5a:3f:60:5c:a4:80:b1:5e:f6:5d:61:ff:88:4c:
         35:42:c3:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMfP5lNWMz94lsDj/nACr2O9bCnYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMDYxNDE3NThaFw0yNzAyMDUxNDIyNThaMDMxMTAvBgNV
BAMTKEVGMURGRjZEQzM3Qzc1OUEwMDQwRUNFNkQ0NUFCMkJCQjE4MDFDQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi/RZFLhK0GIOzCH1elPJ6haHX
jl4IZ9iVpNBMDOp70tqJqhADqBXY++uOvZ1lccI06p/WRMAHWuU5ozCYmwH9R3aV
ADiFBQJ2GjN0XpytqDJQdETTONNPgCaQTPeuFkVfsnCUrjPqF/41ENAiImLXPKRs
VmUbog9VFkcgjpRhMCgXqOhfo+JsIJHPzqHbaQV8stme47FRLpTpSSO+Ts8uYKSE
LWwSzt3ajnZVyOjFi4tCpAkD3Nt/wOV5uVBVJDUxTNkKku2PRz9Q2BIHj3Wr3wJA
X20Phx37mAPZVGCvtdTzS9vHulVAQFCUByjf/QglMUXXkuTy/ygYlzzeURrtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7x3/bcN8dZoAQOzm1Fqyu7GAHKUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1NjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvb
MA0GCSqGSIb3DQEBCwUAA4IBAQCf6+poB5FjswwgUWIfSQ5HiZYNvMJDlKbzLf+d
x9spj1GyOj6IutzKkOD5QmHiUxghWDLmBbRE2NbxGRp6PmbIb+aPX0tt35lMrmsm
ji4+OF00mNSYPCeLqBAWcnOF2q9qS5OGv8qLyYxnYqn2PMv8NvWHHOFGL+CCibSe
U/MfJYhCn1vI4EBoTymXGIAI/IXbn5n1hcXz4IyzXvgljR79bE3hzrHYnbMRfKH3
qmt9s7G2Zg11EBYJDi/88V4+5pKxrYCrmeSM8saAbf0bKdZSVY0YPBWR+qd2C3vT
vtmfsomSRLO/uVL/pWGNfJhHWj9gXKSAsV72XWH/iEw1QsNa
-----END CERTIFICATE-----