Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          9wqtbTk94yqzyP98Ccz4046sfq/DrklL7m8GRajRc+0=
Subject key identifier:   32:CE:9B:A3:C3:3C:15:37:48:90:96:12:E4:4E:9C:C0:F6:B7:79:92
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5C08E289B4DFB84D75D5A90B0DAFEEDFB2B55688
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
Signing time:             Sat 12 Jul 2025 16:54:13 +0000
ROA not before:           Sat 12 Jul 2025 16:49:13 +0000
ROA not after:            Sat 11 Jul 2026 16:54:13 +0000
asID:                     215703
IP address blocks:        179.61.132.0/24 maxlen: 24
                          191.96.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:08:e2:89:b4:df:b8:4d:75:d5:a9:0b:0d:af:ee:df:b2:b5:56:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 12 16:49:13 2025 GMT
            Not After : Jul 11 16:54:13 2026 GMT
        Subject: CN=32CE9BA3C33C153748909612E44E9CC0F6B77992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:19:27:53:3e:bc:1d:e9:74:d9:95:08:bd:38:
                    2f:96:7a:49:18:6d:81:b8:71:7e:3e:db:0d:3a:85:
                    31:23:b2:d8:72:7d:a0:07:4c:fc:cb:1e:54:dc:15:
                    4e:2d:82:9d:50:6c:06:b7:17:f1:27:5a:ed:0e:a3:
                    de:2a:82:9b:c5:76:27:ed:e0:d3:d1:04:71:3c:42:
                    85:a6:2a:95:cf:34:5e:7b:3e:68:f9:c8:9a:b7:b0:
                    25:03:da:01:d8:ac:fe:b8:f5:d3:68:b7:95:82:d8:
                    78:30:be:02:59:72:d5:32:a0:de:70:c4:f3:d5:2c:
                    69:f4:cb:49:37:23:f1:e8:85:27:16:94:e8:8c:80:
                    09:8c:84:82:a7:f0:d9:cd:06:9d:19:77:46:7e:cc:
                    98:66:c0:05:c8:c1:d7:ab:b1:d1:04:a0:b5:dd:6a:
                    48:d2:49:7e:fb:a4:d2:50:b0:54:6e:cf:5d:a8:50:
                    f7:9a:56:31:75:55:52:cd:92:f8:1a:a4:e9:4b:0f:
                    75:d2:fa:a8:43:19:97:f3:2d:f8:12:9c:1f:e5:69:
                    24:eb:b0:7d:11:f3:b4:cc:a3:17:1d:84:3a:a4:96:
                    42:b7:a6:ce:e7:92:df:bc:4c:b2:7c:23:b9:78:95:
                    b1:c3:56:6b:47:c4:f8:1f:5f:93:88:26:5a:01:be:
                    dc:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CE:9B:A3:C3:3C:15:37:48:90:96:12:E4:4E:9C:C0:F6:B7:79:92
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.132.0/24
                  191.96.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:90:d5:ac:40:9b:92:ee:18:c2:5b:b2:eb:42:be:53:e6:49:
         1a:96:a1:ee:c6:e2:8a:2d:8c:a2:c2:1b:6e:35:03:cb:10:b7:
         ca:31:ba:c3:79:ee:d8:8c:7a:13:55:44:a6:86:fb:d3:72:0b:
         7a:b9:2a:e4:09:6b:07:03:3c:66:69:d2:6a:a0:b5:e9:1e:ff:
         a1:76:fe:a9:0f:a6:cc:a4:31:fd:93:a7:86:d0:7a:66:da:c6:
         40:1c:3a:58:d8:d9:e1:d2:1b:b9:47:17:ea:1b:23:b7:07:8d:
         d0:7d:12:36:15:46:c8:3b:98:b5:53:78:21:ca:bc:64:ad:49:
         59:67:07:f4:ba:c6:c9:e6:b8:9f:98:8b:3d:87:f3:e7:d7:4c:
         8a:c8:af:39:ca:a7:18:b2:f8:79:83:eb:5e:9f:ad:57:94:c9:
         80:06:f6:80:32:f8:d1:af:92:6c:db:e2:15:d4:a4:b5:b0:03:
         fb:d3:c4:4a:29:05:c0:65:43:5e:e4:dd:fa:f0:a0:23:4c:56:
         a4:3f:fa:01:24:2d:f5:76:52:19:dc:f5:08:0a:a3:0d:98:49:
         bd:38:10:31:b5:93:4d:77:74:ca:ce:c3:12:43:45:00:88:90:
         8a:9a:be:04:e8:b9:35:b5:0b:17:4b:9a:7d:3c:2b:b3:cd:45:
         c6:75:dd:27
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUXAjiibTfuE111akLDa/u37K1VogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTIxNjQ5MTNaFw0yNjA3MTExNjU0MTNaMDMxMTAvBgNV
BAMTKDMyQ0U5QkEzQzMzQzE1Mzc0ODkwOTYxMkU0NEU5Q0MwRjZCNzc5OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCGSdTPrwd6XTZlQi9OC+WekkY
bYG4cX4+2w06hTEjsthyfaAHTPzLHlTcFU4tgp1QbAa3F/EnWu0Oo94qgpvFdift
4NPRBHE8QoWmKpXPNF57Pmj5yJq3sCUD2gHYrP649dNot5WC2HgwvgJZctUyoN5w
xPPVLGn0y0k3I/HohScWlOiMgAmMhIKn8NnNBp0Zd0Z+zJhmwAXIwdersdEEoLXd
akjSSX77pNJQsFRuz12oUPeaVjF1VVLNkvgapOlLD3XS+qhDGZfzLfgSnB/laSTr
sH0R87TMoxcdhDqklkK3ps7nkt+8TLJ8I7l4lbHDVmtHxPgfX5OIJloBvtxBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUMs6bo8M8FTdIkJYS5E6cwPa3eZIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz2E
AwQAv2BeMA0GCSqGSIb3DQEBCwUAA4IBAQBRkNWsQJuS7hjCW7LrQr5T5kkalqHu
xuKKLYyiwhtuNQPLELfKMbrDee7YjHoTVUSmhvvTcgt6uSrkCWsHAzxmadJqoLXp
Hv+hdv6pD6bMpDH9k6eG0Hpm2sZAHDpY2Nnh0hu5RxfqGyO3B43QfRI2FUbIO5i1
U3ghyrxkrUlZZwf0usbJ5rifmIs9h/Pn10yKyK85yqcYsvh5g+ten61XlMmABvaA
MvjRr5Js2+IV1KS1sAP708RKKQXAZUNe5N368KAjTFakP/oBJC31dlIZ3PUICqMN
mEm9OBAxtZNNd3TKzsMSQ0UAiJCKmr4E6Lk1tQsXS5p9PCuzzUXGdd0n
-----END CERTIFICATE-----