Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          3M5of83HNT05jEJir9XS7OajLMpQgPRuujIJteO957s=
Subject key identifier:   5C:A6:71:0E:2D:6E:B2:8C:84:9C:58:DD:C0:42:0C:76:36:C0:98:0B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       65974CFF9528B81378CFECDE35562AE32E380A05
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
Signing time:             Fri 05 Jun 2026 13:02:10 +0000
ROA not before:           Fri 05 Jun 2026 12:57:10 +0000
ROA not after:            Fri 04 Jun 2027 13:02:10 +0000
asID:                     215287
IP address blocks:        82.47.196.0/24 maxlen: 24
                          178.83.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:37:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:97:4c:ff:95:28:b8:13:78:cf:ec:de:35:56:2a:e3:2e:38:0a:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 12:57:10 2026 GMT
            Not After : Jun  4 13:02:10 2027 GMT
        Subject: CN=5CA6710E2D6EB28C849C58DDC0420C7636C0980B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b7:de:e2:d4:50:7d:11:cc:67:01:b9:05:ff:
                    59:32:0e:da:bb:99:8e:83:a2:ec:ee:0b:1e:56:5f:
                    ad:ad:a8:0a:87:7a:57:73:07:af:75:f1:6d:8d:47:
                    b7:ce:de:a4:02:e6:5a:0c:b4:9a:e2:8d:af:09:8d:
                    04:3f:00:37:23:55:77:e5:d0:13:b9:5d:33:ca:1f:
                    a3:2c:af:17:83:a2:b1:0e:dc:0b:49:fc:84:9c:29:
                    70:28:d9:52:c6:31:c5:a0:e1:b3:90:e2:6c:82:fa:
                    5a:f5:88:0f:4c:41:f0:c7:91:d5:21:81:e9:92:95:
                    f3:c2:93:61:5e:11:a9:4e:4a:f9:8d:e4:43:77:26:
                    dd:7b:db:41:a2:54:ea:bf:e8:15:ac:a7:85:2e:36:
                    33:5e:f9:13:48:ea:37:16:ea:c4:18:3c:ee:2f:cc:
                    56:bb:eb:0b:a1:d9:fe:4e:90:d2:ff:e2:d1:12:0f:
                    8a:fa:43:b4:da:da:57:17:ce:07:39:e2:4a:96:24:
                    f4:b4:96:9d:81:86:27:77:b3:cc:eb:b2:67:03:bf:
                    4f:a6:fa:8b:e9:cf:94:ec:da:44:47:46:56:58:82:
                    a4:5b:72:a3:04:30:49:2c:33:49:6f:9d:c5:ca:f3:
                    b5:37:3e:e5:c1:b4:fa:56:93:ce:be:5f:ee:89:f6:
                    10:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A6:71:0E:2D:6E:B2:8C:84:9C:58:DD:C0:42:0C:76:36:C0:98:0B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.196.0/24
                  178.83.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:af:21:51:ea:3d:4f:b7:1d:ac:f0:9b:cb:72:c8:b6:7c:c1:
         62:d4:da:a4:b9:f4:0d:c8:95:f0:e7:d9:c9:9f:16:5b:97:90:
         3a:57:4c:42:33:6a:fa:94:31:3d:a7:41:0a:d8:b4:9b:1a:e7:
         8f:9e:86:ae:88:88:27:1e:5f:89:21:13:a2:9a:2f:af:de:f8:
         c9:87:dc:1e:85:8a:c5:66:2d:8d:c4:5e:68:b3:cb:95:8e:f9:
         20:28:a9:fe:ac:d8:b4:76:70:fc:d3:0d:f5:ff:4b:64:c0:65:
         7e:0e:38:de:18:10:4f:42:b6:c6:f9:44:10:69:74:77:e2:4e:
         f2:c9:9e:ba:dd:48:ba:5b:11:4a:69:34:0d:5d:66:8a:6b:5e:
         ee:d7:52:9b:f0:df:fc:2e:32:65:9d:49:62:44:99:97:26:5b:
         2d:a0:0f:c4:f7:45:af:87:8f:82:21:c9:8a:e3:f2:c4:a2:c0:
         4e:f3:af:04:4e:54:1f:07:30:3b:38:c1:cc:dc:b6:3e:b5:cd:
         ad:88:4d:20:65:b9:e0:ed:08:0e:a1:02:1e:d2:5f:69:70:6e:
         0f:4d:b3:43:10:7c:82:e8:50:db:15:e5:5c:7d:aa:2b:ee:3e:
         b4:2d:f9:c3:1b:d7:6a:8e:c7:24:e3:bc:26:3b:c8:16:02:e7:
         5f:96:1f:81
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUZZdM/5UouBN4z+zeNVYq4y44CgUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDUxMjU3MTBaFw0yNzA2MDQxMzAyMTBaMDMxMTAvBgNV
BAMTKDVDQTY3MTBFMkQ2RUIyOEM4NDlDNThEREMwNDIwQzc2MzZDMDk4MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTt97i1FB9EcxnAbkF/1kyDtq7
mY6DouzuCx5WX62tqAqHeldzB6918W2NR7fO3qQC5loMtJrija8JjQQ/ADcjVXfl
0BO5XTPKH6MsrxeDorEO3AtJ/IScKXAo2VLGMcWg4bOQ4myC+lr1iA9MQfDHkdUh
gemSlfPCk2FeEalOSvmN5EN3Jt1720GiVOq/6BWsp4UuNjNe+RNI6jcW6sQYPO4v
zFa76wuh2f5OkNL/4tESD4r6Q7Ta2lcXzgc54kqWJPS0lp2Bhid3s8zrsmcDv0+m
+ovpz5Ts2kRHRlZYgqRbcqMEMEksM0lvncXK87U3PuXBtPpWk86+X+6J9hDfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUXKZxDi1usoyEnFjdwEIMdjbAmAswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUi/E
AwQAslNBMA0GCSqGSIb3DQEBCwUAA4IBAQB2ryFR6j1Ptx2s8JvLcsi2fMFi1Nqk
ufQNyJXw59nJnxZbl5A6V0xCM2r6lDE9p0EK2LSbGuePnoauiIgnHl+JIROimi+v
3vjJh9wehYrFZi2NxF5os8uVjvkgKKn+rNi0dnD80w31/0tkwGV+DjjeGBBPQrbG
+UQQaXR34k7yyZ663Ui6WxFKaTQNXWaKa17u11Kb8N/8LjJlnUliRJmXJlstoA/E
90Wvh4+CIcmK4/LEosBO868ETlQfBzA7OMHM3LY+tc2tiE0gZbng7QgOoQIe0l9p
cG4PTbNDEHyC6FDbFeVcfaor7j60LfnDG9dqjsck47wmO8gWAudflh+B
-----END CERTIFICATE-----