Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          qQpmRBNqfa/qtckLLRla+Q+HTCmorC9TchyWd2hnEHg=
Subject key identifier:   48:71:D4:19:98:D5:29:8C:DF:5B:DB:2A:FF:F1:E1:42:8C:66:D9:55
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7069A4A4B3BB56E216F6499859958D9A1BAFACE4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
Signing time:             Tue 23 Jun 2026 08:20:19 +0000
ROA not before:           Tue 23 Jun 2026 08:15:19 +0000
ROA not after:            Tue 22 Jun 2027 08:20:19 +0000
asID:                     215152
IP address blocks:        2a0a:7a00::/29 maxlen: 48
                          2a0a:9200::/29 maxlen: 48
                          2a0a:a600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:69:a4:a4:b3:bb:56:e2:16:f6:49:98:59:95:8d:9a:1b:af:ac:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 23 08:15:19 2026 GMT
            Not After : Jun 22 08:20:19 2027 GMT
        Subject: CN=4871D41998D5298CDF5BDB2AFFF1E1428C66D955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9d:32:26:15:d6:ec:b3:5c:70:5d:3e:55:18:
                    e5:85:ec:fc:09:de:d5:a9:f2:49:65:51:f1:e9:fb:
                    11:37:d9:6d:f5:c5:02:77:e5:4c:25:3a:6a:3e:0c:
                    43:0b:5b:61:28:24:e3:0f:cc:09:49:cd:ff:65:b2:
                    a1:0c:96:1c:09:30:8f:20:37:9e:93:7e:a8:ab:1d:
                    b5:de:b3:95:45:7b:d7:aa:85:3f:9b:d2:bc:85:26:
                    70:9b:d7:3c:1f:fd:7c:7a:eb:9a:f4:3e:b9:47:b1:
                    84:60:a9:c1:14:5a:f4:e5:bc:44:c8:bf:af:6c:e5:
                    1b:20:8a:23:c2:b8:57:f8:ea:dc:bc:7e:8c:b7:5c:
                    e5:d1:38:f3:0e:36:8e:71:ba:8c:d4:31:40:59:54:
                    90:2e:5a:b8:70:18:71:f0:76:2b:8e:be:62:8c:a5:
                    2c:c4:7d:26:07:b7:05:39:51:a4:74:e0:db:3c:0c:
                    23:09:74:3c:b8:5a:00:cb:38:fc:30:50:ed:31:17:
                    c3:81:bd:a3:23:8e:fb:b8:a8:cc:34:ce:bf:6c:ad:
                    0b:89:75:1c:fa:22:59:8c:ca:38:7e:68:01:5f:39:
                    59:4b:ec:d1:31:94:32:70:c2:aa:af:45:83:86:5f:
                    c2:40:62:4e:0a:b1:31:54:45:c5:2b:fd:bf:50:db:
                    bb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:71:D4:19:98:D5:29:8C:DF:5B:DB:2A:FF:F1:E1:42:8C:66:D9:55
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7a00::/29
                  2a0a:9200::/29
                  2a0a:a600::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:49:71:93:37:59:87:f5:f4:13:96:2a:10:ee:c6:a4:92:4d:
         99:ba:f4:e4:d0:c3:75:12:15:49:46:38:8d:fe:96:ea:5d:12:
         0f:74:29:2a:7a:b4:fc:63:d9:0c:8f:fa:f2:63:ea:05:b6:3c:
         97:02:83:f7:89:b8:03:89:71:c3:2b:76:b1:d1:10:cc:1b:8d:
         41:46:55:a0:a0:f1:dc:dd:78:c4:37:a8:d8:4c:ea:a6:bb:d7:
         a3:94:b0:79:ee:2c:75:b7:0e:9c:af:7d:cc:f1:3f:73:ea:21:
         d2:b1:7a:7a:07:f3:b3:d0:f4:19:23:1d:b4:8b:13:ff:21:e2:
         58:b4:4c:08:3a:3e:e3:83:af:24:48:48:64:3a:b4:50:45:76:
         14:72:9c:d5:33:55:5c:8a:58:9e:1f:d0:f9:97:e3:e3:7c:40:
         68:1d:51:52:0e:bb:6d:24:c7:ed:51:02:8d:45:2f:47:cd:f0:
         75:44:23:c5:01:f9:1e:a6:d8:a5:51:21:7c:36:44:74:73:0d:
         3a:a6:49:43:29:d2:39:32:80:43:ec:98:a6:61:d9:3a:d6:7b:
         7d:af:0b:a4:1b:f6:04:25:72:ca:36:e0:1b:77:1e:63:e3:f5:
         6e:ad:ec:1d:c5:10:2e:bd:52:30:41:da:b7:81:d6:23:46:c3:
         c8:ff:85:27
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIUcGmkpLO7VuIW9kmYWZWNmhuvrOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MjMwODE1MTlaFw0yNzA2MjIwODIwMTlaMDMxMTAvBgNV
BAMTKDQ4NzFENDE5OThENTI5OENERjVCREIyQUZGRjFFMTQyOEM2NkQ5NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4nTImFdbss1xwXT5VGOWF7PwJ
3tWp8kllUfHp+xE32W31xQJ35UwlOmo+DEMLW2EoJOMPzAlJzf9lsqEMlhwJMI8g
N56TfqirHbXes5VFe9eqhT+b0ryFJnCb1zwf/Xx665r0PrlHsYRgqcEUWvTlvETI
v69s5RsgiiPCuFf46ty8foy3XOXROPMONo5xuozUMUBZVJAuWrhwGHHwdiuOvmKM
pSzEfSYHtwU5UaR04Ns8DCMJdDy4WgDLOPwwUO0xF8OBvaMjjvu4qMw0zr9srQuJ
dRz6IlmMyjh+aAFfOVlL7NExlDJwwqqvRYOGX8JAYk4KsTFURcUr/b9Q27vzAgMB
AAGjggIZMIICFTAdBgNVHQ4EFgQUSHHUGZjVKYzfW9sq//HhQoxm2VUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgp6
AAMFAyoKkgADBQMqCqYAMA0GCSqGSIb3DQEBCwUAA4IBAQBqSXGTN1mH9fQTlioQ
7sakkk2ZuvTk0MN1EhVJRjiN/pbqXRIPdCkqerT8Y9kMj/ryY+oFtjyXAoP3ibgD
iXHDK3ax0RDMG41BRlWgoPHc3XjEN6jYTOqmu9ejlLB57ix1tw6cr33M8T9z6iHS
sXp6B/Oz0PQZIx20ixP/IeJYtEwIOj7jg68kSEhkOrRQRXYUcpzVM1VcilieH9D5
l+PjfEBoHVFSDrttJMftUQKNRS9HzfB1RCPFAfkeptilUSF8NkR0cw06pklDKdI5
MoBD7JimYdk61nt9rwukG/YEJXLKNuAbdx5j4/VurewdxRAuvVIwQdq3gdYjRsPI
/4Un
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:10:01 2026 by rpki-client