Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          0UJxtZ10+HbRC6TnbMifBnq3Qj/F0kPc5U9spgh1JBo=
Subject key identifier:   81:B5:88:7C:FB:A0:C4:72:9B:62:7C:72:CF:9A:08:8A:F6:7B:B2:5E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6D29BA58582E94ED9D5306B87CF2343BA4750C20
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215152.roa
Signing time:             Tue 02 Jun 2026 08:59:52 +0000
ROA not before:           Tue 02 Jun 2026 08:54:52 +0000
ROA not after:            Tue 01 Jun 2027 08:59:52 +0000
asID:                     215152
IP address blocks:        150.241.254.0/24 maxlen: 24
                          162.141.183.0/24 maxlen: 24
                          167.148.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:29:ba:58:58:2e:94:ed:9d:53:06:b8:7c:f2:34:3b:a4:75:0c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  2 08:54:52 2026 GMT
            Not After : Jun  1 08:59:52 2027 GMT
        Subject: CN=81B5887CFBA0C4729B627C72CF9A088AF67BB25E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8b:f1:4b:8c:f9:d8:b7:d0:a6:91:51:8b:ee:
                    89:cc:04:d9:d8:46:94:71:1a:18:cb:ae:ed:ec:59:
                    e4:e5:13:9c:91:df:c3:bc:82:fe:0b:0d:c0:89:bb:
                    29:87:88:be:10:40:47:ee:73:3c:3b:21:b5:18:35:
                    b2:8a:df:36:73:be:d5:75:72:fe:98:4e:2a:d2:15:
                    c2:76:84:6c:ec:71:95:56:27:e0:a5:df:66:83:61:
                    04:56:f4:5b:83:46:53:10:94:8b:f2:4a:90:dc:4f:
                    d6:83:29:d3:59:f2:5f:92:6c:ef:97:78:52:48:24:
                    f7:c4:4f:05:cf:e7:2a:e2:9e:77:36:90:6b:53:14:
                    1b:ba:38:c4:12:51:d9:f9:d9:2a:d4:4e:dd:8b:22:
                    33:14:87:29:62:0c:60:9f:94:af:ec:bd:37:f0:24:
                    b5:e1:89:b4:10:b0:c7:d6:02:38:bf:8a:71:a4:fc:
                    70:db:aa:d5:8b:d0:f2:0f:e5:fa:84:d3:ab:41:ba:
                    e5:ab:12:00:a0:09:b2:91:bd:64:d0:19:01:21:2f:
                    e1:8f:dd:2b:92:2b:00:8c:7c:4b:4c:31:ac:4c:a8:
                    4a:67:9a:19:15:97:50:40:04:9f:16:90:cf:5b:41:
                    40:fb:a0:98:2b:93:b3:1f:dc:5b:46:9e:f5:f2:70:
                    c0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B5:88:7C:FB:A0:C4:72:9B:62:7C:72:CF:9A:08:8A:F6:7B:B2:5E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.254.0/24
                  162.141.183.0/24
                  167.148.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:d5:07:90:6c:cc:93:05:4d:e4:ff:f5:d2:0b:ae:ec:0a:af:
         8c:a0:5c:99:14:9d:e5:69:4d:3d:3a:7d:f3:e5:e7:a4:8b:37:
         31:ea:4b:24:c8:6a:eb:34:c0:e7:21:4f:7a:d4:11:25:c4:7a:
         ad:f8:86:d5:39:e6:b3:9e:a1:83:8f:c4:50:f1:c4:ed:b2:08:
         09:4f:25:94:00:d8:f9:8f:1d:a0:bb:e8:05:39:bc:f1:10:46:
         38:61:17:95:14:3f:06:9e:c6:27:16:01:d3:6d:b2:b5:3d:de:
         29:e9:d4:56:b6:b6:be:cf:d2:57:a2:02:eb:17:dd:eb:4b:87:
         3b:74:33:69:01:ec:62:86:6d:aa:25:24:30:68:ff:42:df:04:
         0e:0f:f9:87:3c:bc:7e:0f:ae:c5:20:f7:a6:57:ef:63:72:da:
         d0:73:ee:63:f5:cb:ae:a7:4b:7f:11:26:97:08:db:2d:4f:5c:
         b9:94:69:97:e6:1d:f4:75:98:29:a5:26:00:db:e7:5f:87:e2:
         5f:91:6e:80:ff:7e:fc:1f:37:1f:60:60:9a:28:f4:7e:a9:20:
         3d:88:6c:28:e1:d2:de:f6:d4:83:da:ff:c3:a1:41:71:5f:25:
         e6:d7:0e:e2:03:7c:d1:7a:17:c8:a9:36:bd:3f:c9:27:6e:d1:
         b2:cc:ea:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUbSm6WFgulO2dUwa4fPI0O6R1DCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDIwODU0NTJaFw0yNzA2MDEwODU5NTJaMDMxMTAvBgNV
BAMTKDgxQjU4ODdDRkJBMEM0NzI5QjYyN0M3MkNGOUEwODhBRjY3QkIyNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCci/FLjPnYt9CmkVGL7onMBNnY
RpRxGhjLru3sWeTlE5yR38O8gv4LDcCJuymHiL4QQEfuczw7IbUYNbKK3zZzvtV1
cv6YTirSFcJ2hGzscZVWJ+Cl32aDYQRW9FuDRlMQlIvySpDcT9aDKdNZ8l+SbO+X
eFJIJPfETwXP5yrinnc2kGtTFBu6OMQSUdn52SrUTt2LIjMUhyliDGCflK/svTfw
JLXhibQQsMfWAji/inGk/HDbqtWL0PIP5fqE06tBuuWrEgCgCbKRvWTQGQEhL+GP
3SuSKwCMfEtMMaxMqEpnmhkVl1BABJ8WkM9bQUD7oJgrk7Mf3FtGnvXycMD3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUgbWIfPugxHKbYnxyz5oIivZ7sl4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAlvH+
AwQAoo23AwQAp5RUMA0GCSqGSIb3DQEBCwUAA4IBAQBz1QeQbMyTBU3k//XSC67s
Cq+MoFyZFJ3laU09On3z5eekizcx6kskyGrrNMDnIU961BElxHqt+IbVOeaznqGD
j8RQ8cTtsggJTyWUANj5jx2gu+gFObzxEEY4YReVFD8GnsYnFgHTbbK1Pd4p6dRW
tra+z9JXogLrF93rS4c7dDNpAexihm2qJSQwaP9C3wQOD/mHPLx+D67FIPemV+9j
ctrQc+5j9cuup0t/ESaXCNstT1y5lGmX5h30dZgppSYA2+dfh+JfkW6A/378Hzcf
YGCaKPR+qSA9iGwo4dLe9tSD2v/DoUFxXyXm1w7iA3zRehfIqTa9P8knbtGyzOr5
-----END CERTIFICATE-----