Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215228.roa
File:                     AS215228.roa (raw, json)
Hash identifier:          fRuLjkSWjGFMEEdhAeNK6jh/nT8qg3I2ByfdGo4R01k=
Subject key identifier:   6F:1B:7B:7F:9E:F1:85:AE:E5:30:76:0D:FD:C7:F7:EB:DE:67:9A:AE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       30E02BAB3A9DB7F542566BC7B1FF012EB309A500
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215228.roa
Signing time:             Sat 16 May 2026 14:14:18 +0000
ROA not before:           Sat 16 May 2026 14:09:18 +0000
ROA not after:            Sat 15 May 2027 14:14:18 +0000
asID:                     215228
IP address blocks:        2a13:9500:178::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:e0:2b:ab:3a:9d:b7:f5:42:56:6b:c7:b1:ff:01:2e:b3:09:a5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 14:09:18 2026 GMT
            Not After : May 15 14:14:18 2027 GMT
        Subject: CN=6F1B7B7F9EF185AEE530760DFDC7F7EBDE679AAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d2:a5:56:2e:60:c4:8e:3d:12:45:a7:03:84:
                    e1:e1:16:a9:5d:40:d3:79:74:c1:9c:10:d2:29:bc:
                    6d:d8:6e:44:34:cd:72:0d:63:78:6b:99:4a:10:da:
                    68:53:ad:b4:1b:3a:49:ce:cb:2f:30:18:ff:bc:dc:
                    7d:a9:db:f0:a7:33:51:ba:2b:29:3c:1c:6b:bc:56:
                    f8:f8:58:d4:62:d3:20:05:bc:df:56:2f:62:9e:85:
                    0d:2b:42:92:be:e8:2c:19:e3:44:30:34:1d:a7:4e:
                    76:34:d7:5c:39:80:d7:9e:b6:0d:e1:01:7e:e0:2a:
                    4a:46:78:a8:54:ec:49:f9:3b:0a:42:04:10:d9:5c:
                    5f:8a:81:ed:39:59:8b:e5:96:ce:e7:72:d0:57:82:
                    e3:f1:fc:7e:c2:59:42:c6:e4:02:06:cb:ff:83:0e:
                    28:19:32:92:a8:67:7b:a6:29:78:bb:a2:29:ee:46:
                    a0:22:e1:14:5a:5d:ae:40:55:57:81:12:38:7b:02:
                    ec:1e:2c:4d:de:aa:c3:57:3f:48:b8:03:3f:e4:ce:
                    82:5b:d7:c5:e9:93:9e:c9:fe:38:b7:53:69:e2:f9:
                    fa:3d:92:6d:75:84:da:6a:e3:1a:9f:53:7e:18:16:
                    38:79:ae:ce:2b:e9:17:07:dc:d6:95:f6:74:36:68:
                    cf:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1B:7B:7F:9E:F1:85:AE:E5:30:76:0D:FD:C7:F7:EB:DE:67:9A:AE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215228.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:178::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:70:fe:b7:5b:eb:2c:f3:81:48:ab:8e:ee:82:25:26:39:74:
         c4:57:21:bb:aa:8d:40:0f:b1:b9:b0:fa:15:ac:43:cf:c3:3c:
         df:01:cf:ce:3d:d0:5a:d9:c0:86:cd:df:56:0a:6b:3c:7d:ee:
         91:ae:14:16:c2:ce:e5:65:c2:2b:21:92:ad:b0:1b:3a:39:d5:
         63:a4:33:73:29:12:f3:a7:23:b5:ff:f6:ce:0e:c2:d6:dc:1f:
         88:10:d4:7b:65:e0:cf:ba:7f:d3:21:2e:a9:3d:45:58:58:59:
         bc:33:ca:53:02:1d:ef:d3:ec:34:15:0c:3c:51:6e:56:5e:85:
         a9:a1:f7:10:50:e4:e0:c4:bd:1c:a6:ab:a4:c8:bd:fe:2e:3d:
         9f:78:66:83:73:16:db:84:c9:e3:bc:fd:3f:e3:3e:22:92:c1:
         00:38:54:02:8c:20:d9:ee:24:cb:01:fa:4b:66:91:98:31:b8:
         88:2e:aa:19:5d:eb:08:0f:2a:52:da:10:e1:3c:21:28:21:e2:
         77:09:30:69:82:1f:af:70:b0:f5:e0:e0:d9:11:60:5e:67:b5:
         0c:16:b5:c5:53:a3:1e:97:86:06:f9:b9:f6:d7:10:3c:57:91:
         b9:ec:02:8a:28:1d:c8:1e:ec:25:45:7c:b7:24:9f:3f:0e:f6:
         85:0d:5f:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMOArqzqdt/VCVmvHsf8BLrMJpQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTYxNDA5MThaFw0yNzA1MTUxNDE0MThaMDMxMTAvBgNV
BAMTKDZGMUI3QjdGOUVGMTg1QUVFNTMwNzYwREZEQzdGN0VCREU2NzlBQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0qVWLmDEjj0SRacDhOHhFqld
QNN5dMGcENIpvG3YbkQ0zXINY3hrmUoQ2mhTrbQbOknOyy8wGP+83H2p2/CnM1G6
Kyk8HGu8Vvj4WNRi0yAFvN9WL2KehQ0rQpK+6CwZ40QwNB2nTnY011w5gNeetg3h
AX7gKkpGeKhU7En5OwpCBBDZXF+Kge05WYvlls7nctBXguPx/H7CWULG5AIGy/+D
DigZMpKoZ3umKXi7oinuRqAi4RRaXa5AVVeBEjh7AuweLE3eqsNXP0i4Az/kzoJb
18Xpk57J/ji3U2ni+fo9km11hNpq4xqfU34YFjh5rs4r6RcH3NaV9nQ2aM+pAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUbxt7f57xha7lMHYN/cf3695nmq4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MjI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAF4MA0GCSqGSIb3DQEBCwUAA4IBAQA/cP63W+ss84FIq47ugiUmOXTEVyG7qo1A
D7G5sPoVrEPPwzzfAc/OPdBa2cCGzd9WCms8fe6RrhQWws7lZcIrIZKtsBs6OdVj
pDNzKRLzpyO1//bODsLW3B+IENR7ZeDPun/TIS6pPUVYWFm8M8pTAh3v0+w0FQw8
UW5WXoWpofcQUOTgxL0cpqukyL3+Lj2feGaDcxbbhMnjvP0/4z4iksEAOFQCjCDZ
7iTLAfpLZpGYMbiILqoZXesIDypS2hDhPCEoIeJ3CTBpgh+vcLD14ODZEWBeZ7UM
FrXFU6Mel4YG+bn21xA8V5G57AKKKB3IHuwlRXy3JJ8/DvaFDV+n
-----END CERTIFICATE-----