Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
File:                     AS215353.roa (raw, json)
Hash identifier:          upIDPSjePslR8dMEGrjrwP/GHiX5ff1prVJrIluGo3Q=
Subject key identifier:   7F:8B:F8:2F:7B:53:F0:2F:73:F9:EF:40:40:28:62:97:A8:9F:B1:34
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4FF9F4C46A5186B0BAFD14F8F68498FF800D54E1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
Signing time:             Tue 26 May 2026 18:47:17 +0000
ROA not before:           Tue 26 May 2026 18:42:17 +0000
ROA not after:            Tue 25 May 2027 18:47:17 +0000
asID:                     215353
IP address blocks:        181.215.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:f9:f4:c4:6a:51:86:b0:ba:fd:14:f8:f6:84:98:ff:80:0d:54:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 26 18:42:17 2026 GMT
            Not After : May 25 18:47:17 2027 GMT
        Subject: CN=7F8BF82F7B53F02F73F9EF4040286297A89FB134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a9:1d:02:e8:c4:1a:47:bd:c0:8a:6a:60:c8:
                    4e:d5:0b:0f:c6:0a:42:35:68:82:b6:64:c4:9e:9f:
                    76:6b:c3:7a:ce:bf:09:06:ad:9e:02:73:c5:c1:7a:
                    4b:a0:59:34:b7:93:08:31:92:34:f9:4a:1a:2e:d0:
                    5b:d9:02:b4:01:2d:7c:5c:65:e2:20:e7:3e:f5:c0:
                    c4:cb:dc:59:f8:f8:28:7e:25:c6:ef:c7:1e:44:1c:
                    20:65:7c:8a:04:26:2f:b8:aa:ed:af:02:6d:ba:86:
                    3c:64:85:00:cd:9b:cc:3f:52:7b:36:4f:23:52:b2:
                    69:21:1a:b1:64:a1:63:43:2b:07:de:4d:67:87:0d:
                    72:d1:73:7d:c9:aa:3e:07:8c:98:b0:1d:76:d3:4d:
                    5e:a6:ea:f2:85:30:af:74:26:8b:c8:02:9f:b6:b7:
                    50:75:1a:8b:ea:d4:d6:c8:29:68:7b:70:26:87:34:
                    5e:4c:7c:dd:1a:24:eb:85:e2:f4:75:b2:aa:00:4e:
                    01:00:af:f1:31:5b:af:bb:97:8c:88:69:3b:df:bf:
                    02:b6:e2:a2:4d:ef:4b:cf:8f:7b:fb:c5:f1:0f:87:
                    a2:38:d8:a8:02:5e:81:8b:75:34:19:80:35:78:d3:
                    0b:b4:cb:c7:7c:c1:75:a9:c4:45:98:b7:99:91:98:
                    c3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:8B:F8:2F:7B:53:F0:2F:73:F9:EF:40:40:28:62:97:A8:9F:B1:34
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:2d:2b:4f:82:74:34:44:d2:69:77:ae:52:84:09:66:b5:e1:
         16:d2:ae:55:1f:ec:5a:60:66:2a:cc:a7:e2:5b:c6:ce:54:c0:
         57:5f:27:24:05:e3:2e:d5:ea:27:28:2d:50:27:cd:e1:bd:3f:
         a4:31:f9:41:1f:9e:b0:4a:1c:e2:76:4f:05:e7:2a:b4:03:3a:
         8d:99:1b:01:cc:c6:0f:fa:71:1a:c3:c1:37:0c:89:a9:94:f3:
         32:26:d7:5f:ea:0e:de:48:ac:97:82:5d:e1:ef:b1:1a:b4:07:
         79:2a:c5:b8:bf:61:3d:13:ff:8e:0d:29:a1:96:10:c9:1d:82:
         39:08:75:78:02:11:02:4f:6e:d0:db:a1:69:10:0f:0a:69:c2:
         bb:f5:88:37:9d:fb:10:0c:cb:6e:94:6a:a8:27:cb:13:47:f4:
         dc:7c:d0:a2:34:9e:c9:00:16:51:13:93:16:4e:49:fb:4b:6a:
         8d:9e:a2:cf:3b:c0:64:9e:29:35:e5:fe:bf:ea:20:cb:ae:f4:
         75:8d:fb:97:62:d5:93:16:df:fd:45:54:b6:b1:0a:26:d4:4b:
         36:e3:5b:bb:ae:e0:93:21:37:dd:22:ba:57:e3:74:3b:64:f9:
         39:99:d8:6e:78:4a:a6:5e:c4:8a:91:e8:31:f9:8b:50:fc:3a:
         3f:11:c6:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUT/n0xGpRhrC6/RT49oSY/4ANVOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjYxODQyMTdaFw0yNzA1MjUxODQ3MTdaMDMxMTAvBgNV
BAMTKDdGOEJGODJGN0I1M0YwMkY3M0Y5RUY0MDQwMjg2Mjk3QTg5RkIxMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqR0C6MQaR73AimpgyE7VCw/G
CkI1aIK2ZMSen3Zrw3rOvwkGrZ4Cc8XBekugWTS3kwgxkjT5Shou0FvZArQBLXxc
ZeIg5z71wMTL3Fn4+Ch+Jcbvxx5EHCBlfIoEJi+4qu2vAm26hjxkhQDNm8w/Uns2
TyNSsmkhGrFkoWNDKwfeTWeHDXLRc33Jqj4HjJiwHXbTTV6m6vKFMK90JovIAp+2
t1B1Govq1NbIKWh7cCaHNF5MfN0aJOuF4vR1sqoATgEAr/ExW6+7l4yIaTvfvwK2
4qJN70vPj3v7xfEPh6I42KgCXoGLdTQZgDV40wu0y8d8wXWpxEWYt5mRmMMVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUf4v4L3tT8C9z+e9AQChil6ifsTQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdc8
MA0GCSqGSIb3DQEBCwUAA4IBAQCSLStPgnQ0RNJpd65ShAlmteEW0q5VH+xaYGYq
zKfiW8bOVMBXXyckBeMu1eonKC1QJ83hvT+kMflBH56wShzidk8F5yq0AzqNmRsB
zMYP+nEaw8E3DImplPMyJtdf6g7eSKyXgl3h77EatAd5KsW4v2E9E/+ODSmhlhDJ
HYI5CHV4AhECT27Q26FpEA8KacK79Yg3nfsQDMtulGqoJ8sTR/TcfNCiNJ7JABZR
E5MWTkn7S2qNnqLPO8Bknik15f6/6iDLrvR1jfuXYtWTFt/9RVS2sQom1Es241u7
ruCTITfdIrpX43Q7ZPk5mdhueEqmXsSKkegx+YtQ/Do/Eca3
-----END CERTIFICATE-----