Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          mzkrGADXeH242I6nloG8vJYu1wt03KL3Z+VkyfhOYsc=
Subject key identifier:   23:E2:86:CD:82:BD:EA:0C:E0:FA:C4:D6:4F:C5:2E:A6:A9:6D:99:7A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       6E84874BDCF0F4DFBBDFF2BF72C38DE55A15BB37
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
Signing time:             Tue 28 Apr 2026 09:07:02 +0000
ROA not before:           Tue 28 Apr 2026 09:02:02 +0000
ROA not after:            Tue 27 Apr 2027 09:07:02 +0000
asID:                     215607
IP address blocks:        82.139.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 00:27:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:84:87:4b:dc:f0:f4:df:bb:df:f2:bf:72:c3:8d:e5:5a:15:bb:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 28 09:02:02 2026 GMT
            Not After : Apr 27 09:07:02 2027 GMT
        Subject: CN=23E286CD82BDEA0CE0FAC4D64FC52EA6A96D997A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:1e:05:c9:0a:92:74:e4:21:e6:ee:60:78:98:
                    c4:5f:e7:78:cf:60:81:7c:f0:a6:d4:c2:c3:2c:cd:
                    14:e0:6d:f8:2a:99:e6:06:34:6a:f8:91:31:9c:fb:
                    f6:57:af:b5:33:8a:68:6b:d8:3c:6d:62:75:12:3d:
                    d6:05:f2:32:39:49:99:d5:d0:cc:57:77:0a:46:3b:
                    f3:94:91:b3:66:a2:2c:e6:63:09:b3:7d:bc:12:d5:
                    1d:bb:88:a3:06:de:76:fd:a1:f5:49:c0:0c:0d:a3:
                    96:02:7f:82:13:1a:ee:06:33:46:00:30:73:09:bd:
                    52:fb:dd:af:17:9f:66:3e:78:40:da:0f:36:ec:b7:
                    56:a2:04:87:c0:ef:b5:87:dd:71:8e:63:62:ee:2b:
                    4c:59:10:1d:df:72:e2:d7:b8:1e:88:a3:7c:76:fc:
                    a3:a8:dd:9c:d6:69:8c:d8:42:e5:20:91:14:2a:97:
                    f7:ff:44:f8:80:bf:42:43:4f:f9:ec:8c:7e:ce:71:
                    61:3a:e2:35:79:d9:7f:25:8c:81:1c:46:eb:83:e0:
                    74:57:71:f0:e0:a9:28:63:32:51:cb:e1:60:0f:62:
                    34:33:5e:c9:42:96:64:6a:ec:fc:38:38:1e:dd:79:
                    4e:de:21:00:7b:0b:d8:f6:63:a2:07:e3:bf:b0:69:
                    1a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E2:86:CD:82:BD:EA:0C:E0:FA:C4:D6:4F:C5:2E:A6:A9:6D:99:7A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1b:80:d1:95:d4:81:a9:56:73:6a:cb:c8:6a:44:7e:dd:48:
         59:72:53:23:7f:93:dc:84:54:56:d2:76:33:25:02:9a:7e:d5:
         5d:7d:da:c2:68:4e:6d:e9:75:20:b4:e3:85:e4:39:a4:c0:3d:
         22:74:3c:14:12:72:a3:94:22:55:e3:bb:55:b2:2a:57:25:11:
         3c:b0:6e:3c:e4:f5:dc:e1:bb:1c:f3:a8:0f:f2:d4:34:50:18:
         0e:7e:ab:44:8c:1f:97:68:92:17:e1:3f:27:e9:d5:e5:93:5c:
         a2:e6:d4:a5:8f:d5:04:79:c9:88:09:4b:3d:47:3d:19:3e:58:
         c5:90:7d:40:d0:c0:04:c7:8e:84:2a:7a:97:ce:3a:e2:3f:00:
         8d:dc:1d:53:7f:df:3d:14:50:3a:d6:cf:5d:25:a6:7f:35:1e:
         25:5f:33:2f:e6:a2:d5:f5:83:82:cc:a2:b6:62:61:ab:1d:ba:
         46:c8:db:84:5e:98:9f:90:61:ec:0a:34:d9:fc:ae:5d:51:4c:
         59:7e:a3:dc:c8:be:be:ba:2c:ed:04:37:ad:8b:22:f0:a6:ea:
         75:d5:22:11:f7:41:f3:51:20:ab:fc:ac:9f:43:58:20:ff:82:
         01:24:84:29:90:48:1b:fa:0e:1e:b8:94:36:10:4e:dc:7d:79:
         7c:11:0e:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUboSHS9zw9N+73/K/csON5VoVuzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MjgwOTAyMDJaFw0yNzA0MjcwOTA3MDJaMDMxMTAvBgNV
BAMTKDIzRTI4NkNEODJCREVBMENFMEZBQzRENjRGQzUyRUE2QTk2RDk5N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3HgXJCpJ05CHm7mB4mMRf53jP
YIF88KbUwsMszRTgbfgqmeYGNGr4kTGc+/ZXr7Uzimhr2DxtYnUSPdYF8jI5SZnV
0MxXdwpGO/OUkbNmoizmYwmzfbwS1R27iKMG3nb9ofVJwAwNo5YCf4ITGu4GM0YA
MHMJvVL73a8Xn2Y+eEDaDzbst1aiBIfA77WH3XGOY2LuK0xZEB3fcuLXuB6Io3x2
/KOo3ZzWaYzYQuUgkRQql/f/RPiAv0JDT/nsjH7OcWE64jV52X8ljIEcRuuD4HRX
cfDgqShjMlHL4WAPYjQzXslClmRq7Pw4OB7deU7eIQB7C9j2Y6IH47+waRoZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUI+KGzYK96gzg+sTWT8UupqltmXowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovX
MA0GCSqGSIb3DQEBCwUAA4IBAQAtG4DRldSBqVZzasvIakR+3UhZclMjf5PchFRW
0nYzJQKaftVdfdrCaE5t6XUgtOOF5DmkwD0idDwUEnKjlCJV47tVsipXJRE8sG48
5PXc4bsc86gP8tQ0UBgOfqtEjB+XaJIX4T8n6dXlk1yi5tSlj9UEecmICUs9Rz0Z
PljFkH1A0MAEx46EKnqXzjriPwCN3B1Tf989FFA61s9dJaZ/NR4lXzMv5qLV9YOC
zKK2YmGrHbpGyNuEXpifkGHsCjTZ/K5dUUxZfqPcyL6+uiztBDetiyLwpup11SIR
90HzUSCr/KyfQ1gg/4IBJIQpkEgb+g4euJQ2EE7cfXl8EQ6Q
-----END CERTIFICATE-----