Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215267.roa
File:                     AS215267.roa (raw, json)
Hash identifier:          M++yYojfcRZt2Dh8aTivojPNnwmbjhs/GVK7hZQny+Y=
Subject key identifier:   F1:86:7B:5C:CE:02:09:29:BD:42:4F:22:41:76:46:72:9D:F2:1F:3F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7C372E07EACA38712848D663B9037CD0B790C15A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215267.roa
Signing time:             Thu 16 Jan 2025 11:57:01 +0000
ROA not before:           Thu 16 Jan 2025 11:52:01 +0000
ROA not after:            Thu 15 Jan 2026 11:57:01 +0000
asID:                     215267
IP address blocks:        82.25.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:37:2e:07:ea:ca:38:71:28:48:d6:63:b9:03:7c:d0:b7:90:c1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 16 11:52:01 2025 GMT
            Not After : Jan 15 11:57:01 2026 GMT
        Subject: CN=F1867B5CCE020929BD424F22417646729DF21F3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:21:6b:4d:7b:f5:46:3c:99:60:8e:3e:5b:3a:
                    9e:ed:06:60:41:26:a0:9b:45:0e:f7:57:86:a1:f2:
                    ab:95:b8:d7:a3:c7:18:20:54:8c:25:2f:83:89:3b:
                    e8:33:89:3a:c6:73:12:6c:8a:65:a4:75:1a:b0:23:
                    21:ed:d4:f2:51:e7:b0:4d:7f:b0:98:60:b5:db:ec:
                    e7:3f:1d:b5:f1:3f:51:e7:f9:36:6e:bd:c7:26:36:
                    37:6e:58:4e:41:dc:8d:7d:1d:34:f0:7e:94:72:35:
                    08:c1:60:3f:84:a9:c8:9d:55:fc:e3:99:2e:b0:7d:
                    b2:2a:29:e6:3f:92:5e:a3:0b:f1:cf:a1:fc:c4:2e:
                    a4:69:ff:a4:32:30:1a:21:87:19:2a:69:47:58:44:
                    f3:86:df:ad:29:fa:3b:0e:85:82:73:cc:e3:4d:45:
                    42:15:85:7d:79:58:16:6c:01:65:2c:29:0d:14:f2:
                    30:ec:9c:81:02:4d:83:54:f9:64:95:0b:1c:1a:ac:
                    5c:34:ed:70:6e:48:c1:84:a9:17:de:38:0a:f8:b7:
                    25:63:ab:fc:ed:de:c4:36:bd:fa:30:da:d5:e5:09:
                    b8:9b:b7:76:6d:b9:cc:f5:86:db:b2:8e:b5:d5:5a:
                    e5:31:44:f1:08:62:4d:4b:67:9b:f8:7d:31:65:a6:
                    fb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:86:7B:5C:CE:02:09:29:BD:42:4F:22:41:76:46:72:9D:F2:1F:3F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:39:af:7b:66:c0:76:1f:d6:10:64:cf:77:e3:17:39:79:30:
         d9:97:dd:7f:dd:9b:12:1a:16:b1:2d:1f:bd:fe:e2:72:78:44:
         e5:c1:8f:e4:db:c8:4b:dc:69:f7:45:26:a1:8c:61:fe:a8:77:
         69:73:b1:77:38:00:75:ad:60:a7:3c:46:10:64:0e:bb:3e:25:
         e0:38:fc:b9:98:30:9f:38:bb:f7:bd:aa:05:2b:66:06:c9:a5:
         91:ed:93:b3:d7:d1:b5:49:db:9f:60:83:91:f8:5b:c3:67:aa:
         b1:b5:d4:33:c8:6d:32:b6:62:5a:88:2c:6d:19:b9:ef:05:8d:
         20:00:44:88:e3:6a:49:99:f2:50:e1:b8:26:ea:ef:d9:0d:de:
         97:b1:b0:a3:b3:32:8f:b4:0c:1c:1d:ad:49:83:3e:29:ac:cf:
         e0:f5:99:80:fb:0b:66:cc:81:9d:35:ca:d2:2d:61:ab:69:70:
         86:c0:4d:65:13:38:78:db:4f:a3:73:b7:2a:0e:d8:b4:b2:cc:
         d6:ff:73:84:11:8e:af:66:14:a3:b0:eb:a8:d5:b9:19:5d:8d:
         e3:8a:eb:39:76:74:df:f3:13:7b:5c:de:28:a0:15:b8:24:6b:
         60:71:27:76:d6:14:bc:c7:f4:1a:06:8b:5e:59:67:10:5d:f4:
         d8:2a:ac:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfDcuB+rKOHEoSNZjuQN80LeQwVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTYxMTUyMDFaFw0yNjAxMTUxMTU3MDFaMDMxMTAvBgNV
BAMTKEYxODY3QjVDQ0UwMjA5MjlCRDQyNEYyMjQxNzY0NjcyOURGMjFGM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqIWtNe/VGPJlgjj5bOp7tBmBB
JqCbRQ73V4ah8quVuNejxxggVIwlL4OJO+gziTrGcxJsimWkdRqwIyHt1PJR57BN
f7CYYLXb7Oc/HbXxP1Hn+TZuvccmNjduWE5B3I19HTTwfpRyNQjBYD+EqcidVfzj
mS6wfbIqKeY/kl6jC/HPofzELqRp/6QyMBohhxkqaUdYRPOG360p+jsOhYJzzONN
RUIVhX15WBZsAWUsKQ0U8jDsnIECTYNU+WSVCxwarFw07XBuSMGEqRfeOAr4tyVj
q/zt3sQ2vfow2tXlCbibt3Ztucz1htuyjrXVWuUxRPEIYk1LZ5v4fTFlpvvnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8YZ7XM4CCSm9Qk8iQXZGcp3yHz8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MjY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhnI
MA0GCSqGSIb3DQEBCwUAA4IBAQBkOa97ZsB2H9YQZM934xc5eTDZl91/3ZsSGhax
LR+9/uJyeETlwY/k28hL3Gn3RSahjGH+qHdpc7F3OAB1rWCnPEYQZA67PiXgOPy5
mDCfOLv3vaoFK2YGyaWR7ZOz19G1SdufYIOR+FvDZ6qxtdQzyG0ytmJaiCxtGbnv
BY0gAESI42pJmfJQ4bgm6u/ZDd6XsbCjszKPtAwcHa1Jgz4prM/g9ZmA+wtmzIGd
NcrSLWGraXCGwE1lEzh420+jc7cqDti0sszW/3OEEY6vZhSjsOuo1bkZXY3jius5
dnTf8xN7XN4ooBW4JGtgcSd21hS8x/QaBoteWWcQXfTYKqyF
-----END CERTIFICATE-----