Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          sOnFXDROjmtYXJ4dIHpBsvqKhL4YmN5fCAYndN8VJj8=
Subject key identifier:   27:88:77:E7:64:05:BF:50:85:A8:14:AB:B2:8B:6B:09:3A:E1:14:CC
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3BF7A004FF958320C9B583A56CF866D6C4BA6DD2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215304.roa
Signing time:             Sun 26 Oct 2025 15:01:46 +0000
ROA not before:           Sun 26 Oct 2025 14:56:46 +0000
ROA not after:            Sun 25 Oct 2026 15:01:46 +0000
asID:                     215304
IP address blocks:        143.20.22.0/24 maxlen: 24
                          143.20.146.0/24 maxlen: 24
                          143.20.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:f7:a0:04:ff:95:83:20:c9:b5:83:a5:6c:f8:66:d6:c4:ba:6d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 14:56:46 2025 GMT
            Not After : Oct 25 15:01:46 2026 GMT
        Subject: CN=278877E76405BF5085A814ABB28B6B093AE114CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:73:dc:fa:0e:e8:51:1a:e7:57:7f:55:bb:1f:
                    58:0c:d0:dc:e6:43:5f:60:60:66:b9:6d:6e:61:fa:
                    ef:3a:f9:65:42:96:98:45:80:e6:ae:48:62:df:b9:
                    b4:77:83:6c:6e:2b:8c:b4:ba:64:ee:fd:8c:5d:40:
                    d5:d6:6f:25:81:82:8a:49:67:cd:68:26:07:e2:d6:
                    28:65:79:b3:a5:12:64:aa:22:94:9d:9d:39:70:53:
                    87:a6:9b:35:7b:e7:e6:89:6d:6e:dc:fb:20:3b:fe:
                    c9:0f:bc:ff:43:f8:bc:84:86:d9:18:d2:44:59:f0:
                    0b:8e:7f:03:f2:77:32:cc:ce:77:de:c6:cb:b5:97:
                    46:e5:23:4e:92:2e:05:9f:c1:bc:30:e8:7a:d3:f6:
                    ea:56:eb:fa:42:1e:d7:b2:ae:aa:9f:22:a9:74:7d:
                    e6:27:ff:94:7b:d6:80:c6:18:f4:dc:ca:81:d1:fc:
                    13:30:e3:13:69:b3:1b:de:6c:c5:af:5c:39:6d:8c:
                    3f:27:30:b3:18:ed:7d:df:be:3e:05:fe:59:7c:22:
                    02:d5:5c:64:20:dc:34:89:a0:3a:5f:aa:8c:3d:26:
                    94:90:1d:1b:1b:04:86:ef:cd:42:94:40:a7:52:1e:
                    96:c9:20:5c:12:f0:56:67:d6:21:6b:38:20:25:42:
                    53:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:88:77:E7:64:05:BF:50:85:A8:14:AB:B2:8B:6B:09:3A:E1:14:CC
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.22.0/24
                  143.20.146.0/24
                  143.20.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:11:2f:85:0e:9b:a5:ee:4a:8a:37:2a:fd:82:f1:66:02:33:
         08:d7:5c:39:55:eb:2d:a3:e7:d2:87:0a:7b:73:af:c6:91:35:
         94:aa:d6:46:79:7d:e7:4b:73:90:5c:91:e1:a5:49:c4:db:22:
         74:76:16:f0:1f:ab:30:e7:fb:b9:bf:4d:c3:e0:aa:78:d6:49:
         f8:f3:8e:29:5a:19:25:90:d1:a7:10:ef:63:5a:23:a8:84:02:
         df:38:2d:b8:a7:ca:ce:72:ef:71:ec:47:de:4b:95:24:b8:99:
         7b:d8:f9:29:b3:75:de:cc:ca:69:f2:70:01:e1:fd:de:0a:d4:
         1e:d7:d9:76:2e:24:81:f0:ee:77:8a:79:4a:c4:6d:65:d6:38:
         fd:00:5f:d2:84:2b:fc:6e:80:80:20:fa:5a:5c:1e:bf:ff:bd:
         6f:02:b0:ef:11:c1:6b:44:48:3d:61:56:cf:b3:f5:14:fe:35:
         47:ab:84:87:8b:e3:9c:0a:e0:82:fc:2e:15:36:63:f0:bf:e9:
         b2:13:42:5e:ce:d8:5c:c1:2e:9d:47:51:78:cd:53:ef:71:a6:
         d8:c5:52:2e:33:5f:b3:99:7b:17:89:b3:da:cc:3d:ea:85:4b:
         2e:00:4a:9c:d4:08:09:d6:e5:7c:85:1c:5c:bb:13:fd:03:3e:
         7a:cf:27:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUO/egBP+VgyDJtYOlbPhm1sS6bdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYxNDU2NDZaFw0yNjEwMjUxNTAxNDZaMDMxMTAvBgNV
BAMTKDI3ODg3N0U3NjQwNUJGNTA4NUE4MTRBQkIyOEI2QjA5M0FFMTE0Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSc9z6DuhRGudXf1W7H1gM0Nzm
Q19gYGa5bW5h+u86+WVClphFgOauSGLfubR3g2xuK4y0umTu/YxdQNXWbyWBgopJ
Z81oJgfi1ihlebOlEmSqIpSdnTlwU4emmzV75+aJbW7c+yA7/skPvP9D+LyEhtkY
0kRZ8AuOfwPydzLMznfexsu1l0blI06SLgWfwbww6HrT9upW6/pCHteyrqqfIql0
feYn/5R71oDGGPTcyoHR/BMw4xNpsxvebMWvXDltjD8nMLMY7X3fvj4F/ll8IgLV
XGQg3DSJoDpfqow9JpSQHRsbBIbvzUKUQKdSHpbJIFwS8FZn1iFrOCAlQlM5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUJ4h352QFv1CFqBSrsotrCTrhFMwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQW
AwQAjxSSAwQAjxSUMA0GCSqGSIb3DQEBCwUAA4IBAQBOES+FDpul7kqKNyr9gvFm
AjMI11w5Vesto+fShwp7c6/GkTWUqtZGeX3nS3OQXJHhpUnE2yJ0dhbwH6sw5/u5
v03D4Kp41kn4844pWhklkNGnEO9jWiOohALfOC24p8rOcu9x7EfeS5UkuJl72Pkp
s3XezMpp8nAB4f3eCtQe19l2LiSB8O53inlKxG1l1jj9AF/ShCv8boCAIPpaXB6/
/71vArDvEcFrREg9YVbPs/UU/jVHq4SHi+OcCuCC/C4VNmPwv+myE0JezthcwS6d
R1F4zVPvcabYxVIuM1+zmXsXibPazD3qhUsuAEqc1AgJ1uV8hRxcuxP9Az56zyeK
-----END CERTIFICATE-----