Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          4uru6TSOhckNSM0gkOR8gOD0NVL4fYGtFl3NHG2qul0=
Subject key identifier:   36:6A:EB:7D:46:13:70:6A:C6:A0:79:26:77:F5:1F:F4:BA:BA:A1:32
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       53CF3D6118F038572F415EC11D6D82129EFE7713
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
Signing time:             Thu 13 Mar 2025 15:45:28 +0000
ROA not before:           Thu 13 Mar 2025 15:40:28 +0000
ROA not after:            Thu 12 Mar 2026 15:45:28 +0000
asID:                     215287
IP address blocks:        82.24.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 11:22:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:cf:3d:61:18:f0:38:57:2f:41:5e:c1:1d:6d:82:12:9e:fe:77:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 13 15:40:28 2025 GMT
            Not After : Mar 12 15:45:28 2026 GMT
        Subject: CN=366AEB7D4613706AC6A0792677F51FF4BABAA132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:e8:e0:47:1e:1a:7d:d8:18:a1:2e:56:63:
                    50:bb:49:6e:44:f6:2f:46:58:4e:40:58:af:30:bd:
                    0a:2e:36:e9:8e:43:4e:a3:ed:f3:50:17:09:30:f3:
                    2c:45:cb:ec:11:1a:20:0b:5b:1d:73:08:7e:b3:6c:
                    c7:34:01:ae:2b:ad:5d:71:d2:ad:e7:6e:6f:0d:f0:
                    93:cd:f5:5b:9f:77:53:76:8b:00:12:bd:4e:4c:50:
                    0e:ee:bc:75:37:c9:6b:a4:69:d1:a2:d4:b7:c2:8c:
                    d6:dc:d5:04:9a:39:b3:75:f4:e0:e6:4a:f8:11:2c:
                    35:7b:6a:4f:eb:8e:d3:d6:14:2e:91:75:69:dd:a5:
                    32:a5:26:98:92:af:2c:8f:91:2f:dd:fc:7a:a3:4d:
                    02:38:b5:e1:fc:99:5f:06:a6:a8:21:f1:0f:a2:08:
                    6b:0c:b0:ae:ee:e0:6a:f4:bc:b4:44:b6:7d:b8:95:
                    a5:e4:93:78:63:e1:fb:83:d1:cb:e6:22:8d:d1:c5:
                    a7:68:eb:f7:de:0c:08:9c:84:cd:9e:d5:10:17:8b:
                    94:22:ed:18:1f:42:a8:5c:7e:3d:18:bf:35:4e:73:
                    95:55:ed:ff:a2:77:45:9a:f9:84:2d:7d:15:82:47:
                    b8:30:96:3b:93:99:88:da:99:33:e2:61:99:8e:21:
                    5e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:6A:EB:7D:46:13:70:6A:C6:A0:79:26:77:F5:1F:F4:BA:BA:A1:32
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:a5:13:90:49:a6:98:bb:c1:1e:ae:7e:1f:53:72:ff:17:4c:
         26:03:ee:8c:bc:7f:7f:ec:7e:88:44:82:22:e4:e1:1b:d4:15:
         60:13:8a:7e:87:c1:1c:88:37:51:2e:2b:23:22:05:08:14:b2:
         df:f6:6b:e9:7f:d9:8f:d6:3e:3b:89:49:0e:0f:69:40:f5:ff:
         38:66:36:cc:67:b6:69:38:d2:89:9d:df:90:92:79:c5:bb:35:
         03:d6:71:60:52:e9:0e:a6:e3:74:99:e1:dd:4c:35:da:e7:6b:
         6f:b9:e1:bb:01:c0:46:a1:ce:49:29:79:81:9a:b8:77:1b:36:
         c5:11:73:9a:36:b9:5a:b9:b3:c8:ce:fe:dd:2e:35:10:1c:82:
         be:3a:c9:18:e4:36:69:13:65:46:ea:fd:90:f4:da:cf:1e:f8:
         48:66:bf:c0:c1:84:0d:d3:7f:f1:08:76:ba:ab:9d:5b:4d:7a:
         92:f3:57:12:9f:32:ea:fd:96:85:60:3a:13:53:93:94:22:cb:
         a6:e6:49:5d:8e:e5:6a:06:3e:42:2e:fe:b9:f1:51:90:ba:69:
         43:79:59:33:55:c2:ef:aa:45:ec:a4:10:a5:72:2f:f3:a4:6f:
         ab:13:ab:b5:c7:39:1f:db:19:1f:0a:ac:2f:e0:47:f7:52:66:
         ba:fe:7b:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU889YRjwOFcvQV7BHW2CEp7+dxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMTMxNTQwMjhaFw0yNjAzMTIxNTQ1MjhaMDMxMTAvBgNV
BAMTKDM2NkFFQjdENDYxMzcwNkFDNkEwNzkyNjc3RjUxRkY0QkFCQUExMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgt+jgRx4afdgYoS5WY1C7SW5E
9i9GWE5AWK8wvQouNumOQ06j7fNQFwkw8yxFy+wRGiALWx1zCH6zbMc0Aa4rrV1x
0q3nbm8N8JPN9Vufd1N2iwASvU5MUA7uvHU3yWukadGi1LfCjNbc1QSaObN19ODm
SvgRLDV7ak/rjtPWFC6RdWndpTKlJpiSryyPkS/d/HqjTQI4teH8mV8Gpqgh8Q+i
CGsMsK7u4Gr0vLREtn24laXkk3hj4fuD0cvmIo3Rxado6/feDAichM2e1RAXi5Qi
7RgfQqhcfj0YvzVOc5VV7f+id0Wa+YQtfRWCR7gwljuTmYjamTPiYZmOIV4fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNmrrfUYTcGrGoHkmd/Uf9Lq6oTIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhh+
MA0GCSqGSIb3DQEBCwUAA4IBAQCQpROQSaaYu8Eern4fU3L/F0wmA+6MvH9/7H6I
RIIi5OEb1BVgE4p+h8EciDdRLisjIgUIFLLf9mvpf9mP1j47iUkOD2lA9f84ZjbM
Z7ZpONKJnd+QknnFuzUD1nFgUukOpuN0meHdTDXa52tvueG7AcBGoc5JKXmBmrh3
GzbFEXOaNrlaubPIzv7dLjUQHIK+OskY5DZpE2VG6v2Q9NrPHvhIZr/AwYQN03/x
CHa6q51bTXqS81cSnzLq/ZaFYDoTU5OUIsum5kldjuVqBj5CLv658VGQumlDeVkz
VcLvqkXspBClci/zpG+rE6u1xzkf2xkfCqwv4Ef3Uma6/nvj
-----END CERTIFICATE-----