Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          fRklhFzOXwiI+mkep5obieGEdAkFUhgsauv7CFN84ic=
Subject key identifier:   FE:81:02:FF:61:43:6D:9F:6B:74:99:5E:5C:94:B7:70:CD:28:90:F9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       090AE60816EA94312949996A5E6F24CD4BCB02EC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa
Signing time:             Mon 18 May 2026 06:58:03 +0000
ROA not before:           Mon 18 May 2026 06:53:03 +0000
ROA not after:            Mon 17 May 2027 06:58:03 +0000
asID:                     215287
IP address blocks:        162.141.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:0a:e6:08:16:ea:94:31:29:49:99:6a:5e:6f:24:cd:4b:cb:02:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 18 06:53:03 2026 GMT
            Not After : May 17 06:58:03 2027 GMT
        Subject: CN=FE8102FF61436D9F6B74995E5C94B770CD2890F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:98:1e:45:97:40:5d:45:25:79:b5:05:1f:39:
                    54:e5:03:a5:5a:f3:39:b4:a6:e8:a6:4c:cc:92:a4:
                    2d:4f:5a:b8:fa:4f:49:be:78:6c:d2:c7:66:a0:a4:
                    d9:ee:54:75:cc:33:39:87:3c:38:4b:ce:1b:67:85:
                    e2:b8:ea:cb:02:66:02:18:70:17:c9:13:02:c9:be:
                    7b:c4:f8:ff:84:95:63:de:29:26:1a:86:e7:fb:53:
                    11:f7:fc:d8:5e:bd:ba:dc:00:e1:d3:d2:81:13:13:
                    ef:bd:d6:eb:8c:81:5f:bb:25:df:a4:44:28:7d:cd:
                    cf:44:20:cf:1e:99:25:58:42:c0:df:4d:bf:b0:14:
                    e6:61:88:b1:4e:56:43:4c:43:69:20:33:ec:d4:f4:
                    4a:b2:5f:6f:a3:7b:6a:47:32:90:9d:67:77:5d:7a:
                    ab:9b:ab:e2:f2:ae:96:ee:be:76:ab:3b:56:ed:76:
                    cb:ce:8f:f4:0d:3b:4f:55:90:96:32:83:c6:7c:d9:
                    b5:b7:dd:98:14:d3:14:2d:ef:2c:51:21:07:37:ba:
                    52:a3:8b:30:d7:21:7d:76:29:70:0e:79:eb:34:21:
                    39:d4:7e:8b:c2:a1:33:5e:7c:26:3f:08:44:6b:8c:
                    db:98:50:0e:8a:b8:d3:f2:24:22:c3:f9:86:d9:31:
                    52:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:81:02:FF:61:43:6D:9F:6B:74:99:5E:5C:94:B7:70:CD:28:90:F9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:39:8b:0c:70:3c:11:49:99:84:af:d1:e9:5f:ed:9e:df:b0:
         e5:17:33:f5:6f:cc:6c:eb:53:85:f6:e8:e0:7b:be:0d:25:28:
         f4:c5:3a:e6:2c:cc:cd:f0:3b:34:05:96:68:a3:92:b8:1e:0d:
         19:f8:75:34:51:e0:be:be:8a:09:86:bd:6a:73:f2:c2:d7:27:
         c3:95:0f:01:4b:ff:f1:40:32:88:59:0b:d7:2e:e5:75:37:94:
         f3:e5:c6:37:7c:26:72:2f:a0:3d:58:a5:82:af:d1:1c:b0:9f:
         9d:04:17:43:49:94:c2:7c:6b:b7:8b:0a:8c:42:b8:b1:41:f3:
         a4:59:c3:47:e7:e9:2a:7a:a1:6f:54:62:0a:6e:4c:2f:c5:ea:
         d2:07:5d:a0:c9:00:9e:80:d5:64:92:48:53:63:9a:9b:59:8e:
         9c:5f:18:6e:66:25:14:4c:b9:e9:09:29:4d:1c:62:86:20:f5:
         20:6a:a7:16:86:e2:83:50:59:eb:4a:d9:89:11:76:b2:1e:2a:
         13:e8:6b:d1:eb:4a:2a:75:48:0b:fb:ac:5a:88:f5:15:4e:b0:
         b3:22:c5:33:1c:e6:5e:21:b9:36:ca:dc:f0:59:2e:4b:6d:8c:
         cb:58:7f:70:03:b9:d8:ec:5a:0b:d2:a5:0d:5c:b3:48:2a:ff:
         17:87:13:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCQrmCBbqlDEpSZlqXm8kzUvLAuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTgwNjUzMDNaFw0yNzA1MTcwNjU4MDNaMDMxMTAvBgNV
BAMTKEZFODEwMkZGNjE0MzZEOUY2Qjc0OTk1RTVDOTRCNzcwQ0QyODkwRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfmB5Fl0BdRSV5tQUfOVTlA6Va
8zm0puimTMySpC1PWrj6T0m+eGzSx2agpNnuVHXMMzmHPDhLzhtnheK46ssCZgIY
cBfJEwLJvnvE+P+ElWPeKSYahuf7UxH3/NhevbrcAOHT0oETE++91uuMgV+7Jd+k
RCh9zc9EIM8emSVYQsDfTb+wFOZhiLFOVkNMQ2kgM+zU9EqyX2+je2pHMpCdZ3dd
equbq+LyrpbuvnarO1btdsvOj/QNO09VkJYyg8Z82bW33ZgU0xQt7yxRIQc3ulKj
izDXIX12KXAOees0ITnUfovCoTNefCY/CERrjNuYUA6KuNPyJCLD+YbZMVKjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/oEC/2FDbZ9rdJleXJS3cM0okPkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo0F
MA0GCSqGSIb3DQEBCwUAA4IBAQBKOYsMcDwRSZmEr9HpX+2e37DlFzP1b8xs61OF
9ujge74NJSj0xTrmLMzN8Ds0BZZoo5K4Hg0Z+HU0UeC+vooJhr1qc/LC1yfDlQ8B
S//xQDKIWQvXLuV1N5Tz5cY3fCZyL6A9WKWCr9EcsJ+dBBdDSZTCfGu3iwqMQrix
QfOkWcNH5+kqeqFvVGIKbkwvxerSB12gyQCegNVkkkhTY5qbWY6cXxhuZiUUTLnp
CSlNHGKGIPUgaqcWhuKDUFnrStmJEXayHioT6GvR60oqdUgL+6xaiPUVTrCzIsUz
HOZeIbk2ytzwWS5LbYzLWH9wA7nY7FoL0qUNXLNIKv8XhxM6
-----END CERTIFICATE-----