Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215039.roa
File:                     AS215039.roa (raw, json)
Hash identifier:          ZcfU8dIszHORGWmnRjtbnBtHoQCW5YI2cSy3IKaqvYU=
Subject key identifier:   C2:40:A3:4F:B9:BE:A1:47:61:8C:2E:F3:5D:67:47:46:3A:98:5C:79
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7533ACEFC23CDF6E79E5E395EE4B3050B6449260
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215039.roa
Signing time:             Sun 07 Sep 2025 10:26:38 +0000
ROA not before:           Sun 07 Sep 2025 10:21:38 +0000
ROA not after:            Sun 06 Sep 2026 10:26:38 +0000
asID:                     215039
IP address blocks:        82.25.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:33:ac:ef:c2:3c:df:6e:79:e5:e3:95:ee:4b:30:50:b6:44:92:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep  7 10:21:38 2025 GMT
            Not After : Sep  6 10:26:38 2026 GMT
        Subject: CN=C240A34FB9BEA147618C2EF35D6747463A985C79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4a:02:c1:8c:4b:99:02:07:ef:ef:71:85:76:
                    48:45:78:d3:76:41:89:92:cf:f1:50:ea:1d:41:c4:
                    6a:74:02:e2:23:a8:51:38:3e:47:0c:ad:72:30:0e:
                    6b:54:79:9f:a8:8d:40:f6:a9:aa:d2:74:0a:fa:b6:
                    9f:02:aa:bd:c8:aa:8a:a5:96:07:12:04:73:0b:07:
                    e9:95:69:ca:43:f1:f1:28:67:ee:09:73:ce:f1:34:
                    00:14:a9:13:c3:45:50:d3:91:00:7d:d4:ce:84:2e:
                    6b:22:b2:93:d9:6b:38:ac:3b:ed:94:d5:87:12:cc:
                    d7:f8:30:0e:43:67:8d:48:bf:9f:37:d9:03:1d:8e:
                    94:85:e5:14:bb:54:2f:b5:d9:e6:02:db:65:52:2f:
                    2f:fd:0e:23:f0:1d:e5:53:42:ad:85:f8:d7:c8:1f:
                    42:7d:c3:9b:93:6b:77:2b:2f:19:7e:2c:84:c2:20:
                    7e:d8:f9:d5:1f:7c:9e:5f:b2:fe:2b:bd:6b:a4:ab:
                    2d:d3:d0:f3:a7:bd:5f:9b:60:c1:fa:3c:2b:dd:2a:
                    15:0a:ef:51:3f:dc:57:5c:2c:bc:f3:a0:aa:34:69:
                    b7:b9:48:dd:63:0e:d7:d3:03:e4:42:4d:7d:72:9e:
                    07:7e:42:49:bf:ce:52:4e:9b:20:25:46:72:a1:dd:
                    bf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:40:A3:4F:B9:BE:A1:47:61:8C:2E:F3:5D:67:47:46:3A:98:5C:79
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:f6:9e:62:13:01:bd:0e:e4:54:1a:a4:1c:ee:c3:09:d9:07:
         4b:07:ce:31:ac:a5:50:90:94:18:3e:8c:ff:93:1d:62:fe:e6:
         19:68:5f:7a:f2:0f:1a:32:6d:f8:ae:b2:a8:5d:e3:43:9f:eb:
         cd:c7:d1:ad:3c:26:e8:09:43:8a:ed:ad:01:85:1c:ba:22:66:
         04:15:7c:f5:35:d9:e7:be:1e:9c:bc:0e:48:b6:c4:0a:51:bf:
         71:0b:04:39:33:e1:3e:43:d9:27:e3:05:6d:47:58:a5:37:bc:
         25:a4:78:80:8a:c1:a5:47:09:71:35:0e:1c:51:09:8f:6f:00:
         c0:be:49:ef:c5:43:02:b9:10:cf:ad:34:55:0e:4e:ca:f5:33:
         eb:32:57:6c:05:26:79:c9:6a:40:8b:6d:13:10:fc:cf:fd:c4:
         67:a8:b8:9b:d1:87:1c:a0:00:fb:f2:9d:ee:32:af:58:b6:60:
         f5:41:46:cc:e1:93:3a:7e:8d:75:19:9f:fc:d6:40:42:5b:d1:
         fa:c4:da:9b:3e:8a:c4:7d:8f:ca:a9:f4:4d:79:16:3f:29:13:
         4d:b1:b8:55:aa:67:0e:5a:e9:3e:ad:6a:2f:6d:80:ba:81:67:
         42:ba:cd:6e:c7:03:d1:86:be:e1:89:9e:d4:ca:8b:f0:47:f9:
         82:02:86:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdTOs78I832555eOV7kswULZEkmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MDcxMDIxMzhaFw0yNjA5MDYxMDI2MzhaMDMxMTAvBgNV
BAMTKEMyNDBBMzRGQjlCRUExNDc2MThDMkVGMzVENjc0NzQ2M0E5ODVDNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmSgLBjEuZAgfv73GFdkhFeNN2
QYmSz/FQ6h1BxGp0AuIjqFE4PkcMrXIwDmtUeZ+ojUD2qarSdAr6tp8Cqr3Iqoql
lgcSBHMLB+mVacpD8fEoZ+4Jc87xNAAUqRPDRVDTkQB91M6ELmsispPZazisO+2U
1YcSzNf4MA5DZ41Iv5832QMdjpSF5RS7VC+12eYC22VSLy/9DiPwHeVTQq2F+NfI
H0J9w5uTa3crLxl+LITCIH7Y+dUffJ5fsv4rvWukqy3T0POnvV+bYMH6PCvdKhUK
71E/3FdcLLzzoKo0abe5SN1jDtfTA+RCTX1yngd+Qkm/zlJOmyAlRnKh3b+LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwkCjT7m+oUdhjC7zXWdHRjqYXHkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhkq
MA0GCSqGSIb3DQEBCwUAA4IBAQBH9p5iEwG9DuRUGqQc7sMJ2QdLB84xrKVQkJQY
Poz/kx1i/uYZaF968g8aMm34rrKoXeNDn+vNx9GtPCboCUOK7a0BhRy6ImYEFXz1
Ndnnvh6cvA5ItsQKUb9xCwQ5M+E+Q9kn4wVtR1ilN7wlpHiAisGlRwlxNQ4cUQmP
bwDAvknvxUMCuRDPrTRVDk7K9TPrMldsBSZ5yWpAi20TEPzP/cRnqLib0YccoAD7
8p3uMq9YtmD1QUbM4ZM6fo11GZ/81kBCW9H6xNqbPorEfY/KqfRNeRY/KRNNsbhV
qmcOWuk+rWovbYC6gWdCus1uxwPRhr7hiZ7UyovwR/mCAobt
-----END CERTIFICATE-----