Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          UX5ZeDevy0ZNGaF+4ea5xvW6BJ/GQRrclDroIycOPho=
Subject key identifier:   1F:5E:28:28:01:4F:28:E0:B1:69:8A:22:54:09:05:6D:6D:CE:7D:A3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AB6955543E0679B50874109AB76F5859F2E618D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215152.roa
Signing time:             Sat 04 Jul 2026 12:11:59 +0000
ROA not before:           Sat 04 Jul 2026 12:06:59 +0000
ROA not after:            Sat 03 Jul 2027 12:11:59 +0000
asID:                     215152
IP address blocks:        82.24.25.0/24 maxlen: 24
                          84.75.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b6:95:55:43:e0:67:9b:50:87:41:09:ab:76:f5:85:9f:2e:61:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  4 12:06:59 2026 GMT
            Not After : Jul  3 12:11:59 2027 GMT
        Subject: CN=1F5E2828014F28E0B1698A225409056D6DCE7DA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b2:f3:dd:78:2b:de:8c:7a:3a:b5:99:ac:54:
                    85:93:0e:cd:52:62:4c:fd:06:5f:d6:05:25:11:80:
                    cf:cc:c5:22:49:ce:7e:9b:e7:8a:27:0c:0c:fa:cd:
                    aa:ec:92:e6:23:f4:8a:2e:34:ab:71:c1:21:18:7d:
                    c8:5f:0f:d9:23:f1:7a:3f:32:c2:b9:9d:9f:7f:6e:
                    89:e6:de:58:a6:3d:f3:92:9a:67:38:da:26:68:e1:
                    44:bb:78:82:c4:2f:c7:dc:df:12:0b:74:5e:4a:ed:
                    d8:90:ad:90:6f:e9:a7:4c:56:0b:a6:3f:7f:8d:48:
                    1d:6a:1b:d5:5c:d6:45:0a:6a:26:15:ba:50:6a:4c:
                    70:9a:51:08:a8:ae:53:40:7c:0c:68:02:1e:47:8a:
                    66:9c:b1:d4:38:0d:74:ba:09:0d:83:b6:89:92:06:
                    74:4b:92:9e:a6:f8:9e:08:6f:09:08:6e:53:d8:4e:
                    fc:a8:27:0d:ec:78:c8:ce:b6:86:4f:f1:58:18:c7:
                    42:38:c9:e8:bd:49:9a:86:63:1d:78:e6:5a:07:11:
                    99:38:97:25:e5:72:51:30:88:31:e7:db:38:de:d4:
                    85:d9:9d:39:83:49:ec:16:1b:68:c4:09:07:d7:17:
                    82:f8:cd:25:61:70:3e:5c:a8:1b:9e:df:1e:87:23:
                    71:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5E:28:28:01:4F:28:E0:B1:69:8A:22:54:09:05:6D:6D:CE:7D:A3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.25.0/24
                  84.75.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0a:f6:b9:f8:3d:ad:12:03:0a:1f:6e:23:cc:cf:ec:1b:d8:
         a7:0b:c8:0e:71:58:7c:2f:02:3c:5f:af:75:7f:d2:88:64:21:
         46:48:ab:0f:83:53:99:07:be:13:22:2c:11:e8:43:46:24:79:
         1a:28:fe:e6:22:6e:60:64:f0:40:89:80:45:3a:d7:77:1d:c3:
         76:ea:37:25:4e:24:6f:14:46:52:76:29:83:fa:e3:e7:7c:fd:
         fe:69:61:f2:f7:6b:1e:49:21:bb:04:80:ee:80:eb:e9:52:62:
         1e:24:80:0e:05:73:20:36:08:73:cb:be:aa:14:05:fb:90:8f:
         41:32:9f:40:ee:a1:7d:5f:f4:2e:3b:5b:e5:99:b0:09:b0:4c:
         1a:59:04:b5:29:68:ef:99:c1:5a:1a:5b:86:e0:1f:50:d9:e9:
         8a:da:1c:ac:c3:e5:a3:21:ac:6f:41:62:22:78:26:a0:b8:8c:
         59:1b:b8:83:87:22:9b:3a:f7:71:ef:3d:33:86:09:35:40:8b:
         2e:6b:f1:43:3d:0e:a0:8b:ed:1c:29:2e:d3:65:c5:97:a1:1b:
         0c:60:84:7d:f1:0b:90:25:16:3c:e0:4d:c2:b2:2b:41:b8:0e:
         27:4b:f2:2b:ae:20:52:cf:6a:24:58:c1:9e:f9:7c:c4:1d:49:
         08:f3:0e:b5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKraVVUPgZ5tQh0EJq3b1hZ8uYY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MDQxMjA2NTlaFw0yNzA3MDMxMjExNTlaMDMxMTAvBgNV
BAMTKDFGNUUyODI4MDE0RjI4RTBCMTY5OEEyMjU0MDkwNTZENkRDRTdEQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFsvPdeCvejHo6tZmsVIWTDs1S
Ykz9Bl/WBSURgM/MxSJJzn6b54onDAz6zarskuYj9IouNKtxwSEYfchfD9kj8Xo/
MsK5nZ9/bonm3limPfOSmmc42iZo4US7eILEL8fc3xILdF5K7diQrZBv6adMVgum
P3+NSB1qG9Vc1kUKaiYVulBqTHCaUQiorlNAfAxoAh5HimacsdQ4DXS6CQ2DtomS
BnRLkp6m+J4IbwkIblPYTvyoJw3seMjOtoZP8VgYx0I4yei9SZqGYx145loHEZk4
lyXlclEwiDHn2zje1IXZnTmDSewWG2jECQfXF4L4zSVhcD5cqBue3x6HI3FnAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUH14oKAFPKOCxaYoiVAkFbW3OfaMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhgZ
AwQAVEuwMA0GCSqGSIb3DQEBCwUAA4IBAQAlCva5+D2tEgMKH24jzM/sG9inC8gO
cVh8LwI8X691f9KIZCFGSKsPg1OZB74TIiwR6ENGJHkaKP7mIm5gZPBAiYBFOtd3
HcN26jclTiRvFEZSdimD+uPnfP3+aWHy92seSSG7BIDugOvpUmIeJIAOBXMgNghz
y76qFAX7kI9BMp9A7qF9X/QuO1vlmbAJsEwaWQS1KWjvmcFaGluG4B9Q2emK2hys
w+WjIaxvQWIieCaguIxZG7iDhyKbOvdx7z0zhgk1QIsua/FDPQ6gi+0cKS7TZcWX
oRsMYIR98QuQJRY84E3CsitBuA4nS/IrriBSz2okWMGe+XzEHUkI8w61
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:07:06 2026 by rpki-client