Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          RpMjvyj16l+yOanxir92/4myFfZWmVv5msnel/El7c0=
Subject key identifier:   D3:7A:52:83:36:2E:64:60:5F:E4:B6:AF:54:67:72:2C:D3:B1:4A:90
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       55C9C30D9F5109EBCE9FDC78271EEBB73986EC71
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215703.roa
Signing time:             Mon 19 May 2025 11:23:42 +0000
ROA not before:           Mon 19 May 2025 11:18:42 +0000
ROA not after:            Mon 18 May 2026 11:23:42 +0000
asID:                     215703
IP address blocks:        150.241.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c9:c3:0d:9f:51:09:eb:ce:9f:dc:78:27:1e:eb:b7:39:86:ec:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 19 11:18:42 2025 GMT
            Not After : May 18 11:23:42 2026 GMT
        Subject: CN=D37A5283362E64605FE4B6AF5467722CD3B14A90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:db:50:0b:6d:26:49:cc:4b:7f:97:65:4d:78:
                    81:26:f8:42:8f:7b:c8:dd:76:c1:f4:b3:e8:e1:06:
                    9a:bd:f0:13:ab:06:b8:7f:20:b3:38:6a:45:f1:31:
                    d1:4d:29:2a:9d:61:7c:8a:9b:1b:d7:c9:2e:27:59:
                    d3:18:1a:78:cf:8c:c6:d4:fa:44:60:c7:db:91:2d:
                    71:4b:bf:9a:dd:de:24:1f:96:54:00:0d:eb:0c:cd:
                    10:c1:64:cc:ad:23:ba:90:61:01:e3:52:7a:e9:8c:
                    db:35:9f:c2:61:56:81:f9:25:b1:b7:00:39:81:36:
                    e0:a3:33:c1:35:07:ca:9c:41:f7:d4:42:c9:29:ef:
                    2a:dd:9d:52:c1:13:a9:67:ac:61:5c:cb:fa:33:3f:
                    fc:8b:ef:08:2b:ab:d8:95:bc:c7:96:dd:6a:c9:f0:
                    9a:e7:58:57:38:32:c0:80:88:56:12:93:39:68:5a:
                    f7:98:cc:50:ac:f7:86:ad:69:59:b3:e1:4d:b8:63:
                    ce:c5:26:32:7d:40:f4:ec:6c:ac:c1:be:77:f0:97:
                    14:34:50:5e:bd:32:e5:bf:15:fb:7a:32:af:dd:9f:
                    62:e0:89:89:11:59:aa:1a:45:6c:22:77:1d:2c:ad:
                    fe:1a:81:8f:f0:70:a1:ef:6c:a5:5b:56:24:8b:d7:
                    6f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:7A:52:83:36:2E:64:60:5F:E4:B6:AF:54:67:72:2C:D3:B1:4A:90
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:07:ef:c0:e4:7a:3a:5e:16:05:c7:4c:c6:5b:5d:33:d0:2d:
         d7:25:0e:c9:cc:48:ee:68:05:67:51:b5:db:ea:ec:ec:23:a5:
         9b:9d:11:f0:c6:91:cc:ae:89:50:f0:e2:fa:24:36:bd:89:56:
         e8:63:64:5f:42:eb:2a:4e:05:ad:0c:ec:74:53:7c:08:df:05:
         aa:c4:91:87:ba:21:fe:ba:42:84:70:4b:8a:e0:35:c6:91:81:
         21:c7:b0:36:25:90:3f:e7:a4:2f:2f:3a:6b:46:c6:61:05:72:
         1e:70:af:de:a3:8f:05:26:aa:19:3a:bf:03:2d:c2:29:a8:d7:
         dd:66:34:9f:6d:da:3c:8b:42:da:02:f7:46:5f:f0:d7:98:5f:
         fa:2c:b3:05:48:24:7a:c6:91:c3:91:45:34:98:67:99:8c:e4:
         25:98:7b:74:ae:a9:a3:0e:b3:5d:9f:0f:b4:47:04:9a:bc:60:
         74:44:04:f2:71:f2:b1:74:cb:f9:c6:f8:ff:98:d6:43:24:ca:
         c9:1d:6d:73:db:67:ba:5f:92:49:f6:d6:49:9d:46:cf:6a:97:
         04:a5:f3:44:1d:62:a7:22:20:1e:6f:eb:81:24:c8:78:d2:53:
         86:dc:43:25:d2:87:95:66:ed:1a:f6:10:2e:23:c6:11:b6:17:
         9a:fa:5c:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVcnDDZ9RCevOn9x4Jx7rtzmG7HEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTkxMTE4NDJaFw0yNjA1MTgxMTIzNDJaMDMxMTAvBgNV
BAMTKEQzN0E1MjgzMzYyRTY0NjA1RkU0QjZBRjU0Njc3MjJDRDNCMTRBOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm21ALbSZJzEt/l2VNeIEm+EKP
e8jddsH0s+jhBpq98BOrBrh/ILM4akXxMdFNKSqdYXyKmxvXyS4nWdMYGnjPjMbU
+kRgx9uRLXFLv5rd3iQfllQADesMzRDBZMytI7qQYQHjUnrpjNs1n8JhVoH5JbG3
ADmBNuCjM8E1B8qcQffUQskp7yrdnVLBE6lnrGFcy/ozP/yL7wgrq9iVvMeW3WrJ
8JrnWFc4MsCAiFYSkzloWveYzFCs94ataVmz4U24Y87FJjJ9QPTsbKzBvnfwlxQ0
UF69MuW/Fft6Mq/dn2LgiYkRWaoaRWwidx0srf4agY/wcKHvbKVbViSL12+NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU03pSgzYuZGBf5LavVGdyLNOxSpAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvHm
MA0GCSqGSIb3DQEBCwUAA4IBAQCLB+/A5Ho6XhYFx0zGW10z0C3XJQ7JzEjuaAVn
UbXb6uzsI6WbnRHwxpHMrolQ8OL6JDa9iVboY2RfQusqTgWtDOx0U3wI3wWqxJGH
uiH+ukKEcEuK4DXGkYEhx7A2JZA/56QvLzprRsZhBXIecK/eo48FJqoZOr8DLcIp
qNfdZjSfbdo8i0LaAvdGX/DXmF/6LLMFSCR6xpHDkUU0mGeZjOQlmHt0rqmjDrNd
nw+0RwSavGB0RATycfKxdMv5xvj/mNZDJMrJHW1z22e6X5JJ9tZJnUbPapcEpfNE
HWKnIiAeb+uBJMh40lOG3EMl0oeVZu0a9hAuI8YRthea+lzz
-----END CERTIFICATE-----