Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa
File:                     AS215459.roa (raw, json)
Hash identifier:          gnLfU99AB3DHVMKlQqmFABf+18CrM6FGxSrlYyYhKjw=
Subject key identifier:   02:61:A3:6C:06:53:F5:A4:DF:F4:7F:8B:2E:D3:3A:D7:5D:6A:93:E0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4310E1D39C66EBBED7950E896E8DF7E7D18D4C07
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa
Signing time:             Sun 17 May 2026 14:05:53 +0000
ROA not before:           Sun 17 May 2026 14:00:53 +0000
ROA not after:            Sun 16 May 2027 14:05:53 +0000
asID:                     215459
IP address blocks:        2a13:9500:12a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:10:e1:d3:9c:66:eb:be:d7:95:0e:89:6e:8d:f7:e7:d1:8d:4c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 17 14:00:53 2026 GMT
            Not After : May 16 14:05:53 2027 GMT
        Subject: CN=0261A36C0653F5A4DFF47F8B2ED33AD75D6A93E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e7:c2:9f:20:2d:10:c4:01:b7:2c:ad:62:96:
                    95:4c:ae:b5:ee:77:1f:9a:bb:72:43:0a:e2:cc:48:
                    94:62:9c:9c:64:b4:13:37:72:94:8b:9f:8b:7b:8f:
                    7d:e0:24:2d:fd:c0:01:00:d4:89:44:17:e3:ae:db:
                    6d:ff:88:7c:16:2b:64:12:b7:46:a9:95:9c:b5:c5:
                    1c:e9:6f:d9:89:8c:0b:64:9f:8d:53:a0:18:41:ca:
                    53:73:9d:17:63:1b:f4:02:d3:91:ba:56:45:a2:87:
                    ec:d6:fd:c7:75:84:92:e9:bf:80:cf:87:6b:05:39:
                    cf:e0:5c:6c:57:c5:08:93:a9:25:1e:d3:c6:65:0b:
                    51:11:34:ce:63:4b:e0:fc:37:28:3c:d4:04:92:9d:
                    50:4c:fb:7c:90:be:0e:a3:29:19:49:1c:8c:0f:2a:
                    61:d5:3a:27:7f:75:eb:90:a2:c9:f3:2e:df:cb:8d:
                    85:c7:e6:9c:20:b2:53:ba:9b:bf:6e:4a:94:42:31:
                    1a:27:15:53:67:31:8a:f5:a5:52:75:37:94:f2:24:
                    29:5c:a4:47:15:2f:44:7b:c9:e3:15:5d:64:cf:f7:
                    42:c6:6b:f1:e6:5e:da:a6:55:a0:d7:f2:f9:c3:80:
                    ed:8b:9f:c2:7d:fe:9f:bb:ca:c7:0e:bd:47:58:8f:
                    d0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:61:A3:6C:06:53:F5:A4:DF:F4:7F:8B:2E:D3:3A:D7:5D:6A:93:E0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:12a::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:ae:26:e5:cf:13:d3:72:9f:a2:ca:f2:b3:a6:a6:75:12:1d:
         e2:ee:84:ce:78:19:9e:77:cf:2b:41:f8:bd:51:7b:48:b5:4f:
         85:22:58:44:cb:68:3a:60:5d:31:fd:dc:9a:b7:6f:98:c6:50:
         c6:85:c7:0d:a0:fb:46:5e:75:75:20:25:d8:70:5c:12:4a:ca:
         cc:96:4d:ea:19:6c:7c:94:c3:90:13:16:b4:fc:7c:a0:0d:5d:
         fd:5a:0b:8a:13:74:22:13:39:37:24:0c:c0:2f:bb:d2:90:32:
         f8:04:6c:76:33:4e:6a:cd:25:d2:39:25:e3:f2:e0:9a:9e:07:
         4e:e6:12:9e:96:01:71:1d:41:87:6a:99:82:12:b5:3f:56:6a:
         30:d9:30:13:66:37:7c:b7:84:f9:8e:8b:fd:6e:6c:08:18:d2:
         e6:17:18:00:df:3f:d1:69:a2:c1:ce:09:68:e8:6e:3b:b7:a1:
         9d:57:ff:42:6c:7c:10:85:6f:0f:ef:72:4c:a1:f3:2e:d8:27:
         68:f1:4d:08:00:34:a6:3c:5a:c9:eb:f3:80:f4:bc:f6:18:aa:
         76:35:8b:e2:56:05:85:7d:a5:f2:9b:40:2d:b5:82:29:00:4c:
         4d:bc:6d:6c:25:04:dc:ff:70:7a:08:8b:ce:bf:d6:26:85:4e:
         4d:37:86:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQxDh05xm677XlQ6Jbo3359GNTAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTcxNDAwNTNaFw0yNzA1MTYxNDA1NTNaMDMxMTAvBgNV
BAMTKDAyNjFBMzZDMDY1M0Y1QTRERkY0N0Y4QjJFRDMzQUQ3NUQ2QTkzRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS58KfIC0QxAG3LK1ilpVMrrXu
dx+au3JDCuLMSJRinJxktBM3cpSLn4t7j33gJC39wAEA1IlEF+Ou223/iHwWK2QS
t0aplZy1xRzpb9mJjAtkn41ToBhBylNznRdjG/QC05G6VkWih+zW/cd1hJLpv4DP
h2sFOc/gXGxXxQiTqSUe08ZlC1ERNM5jS+D8Nyg81ASSnVBM+3yQvg6jKRlJHIwP
KmHVOid/deuQosnzLt/LjYXH5pwgslO6m79uSpRCMRonFVNnMYr1pVJ1N5TyJClc
pEcVL0R7yeMVXWTP90LGa/HmXtqmVaDX8vnDgO2Ln8J9/p+7yscOvUdYj9DvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUAmGjbAZT9aTf9H+LLtM6111qk+AwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAEqMA0GCSqGSIb3DQEBCwUAA4IBAQAtriblzxPTcp+iyvKzpqZ1Eh3i7oTOeBme
d88rQfi9UXtItU+FIlhEy2g6YF0x/dyat2+YxlDGhccNoPtGXnV1ICXYcFwSSsrM
lk3qGWx8lMOQExa0/HygDV39WguKE3QiEzk3JAzAL7vSkDL4BGx2M05qzSXSOSXj
8uCangdO5hKelgFxHUGHapmCErU/Vmow2TATZjd8t4T5jov9bmwIGNLmFxgA3z/R
aaLBzglo6G47t6GdV/9CbHwQhW8P73JMofMu2Cdo8U0IADSmPFrJ6/OA9Lz2GKp2
NYviVgWFfaXym0AttYIpAExNvG1sJQTc/3B6CIvOv9YmhU5NN4YZ
-----END CERTIFICATE-----