Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215508.roa
File:                     AS215508.roa (raw, json)
Hash identifier:          Fv8JF5zxOziPUh2STIzqNVS0uKaF6qjnBjhbJwhNTvk=
Subject key identifier:   96:98:ED:33:C4:6F:36:87:91:CC:6C:58:9D:18:DF:B2:91:83:3E:84
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0B132168A1FEF02D09F4EFCCA9D6AFCE7EF18AC8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215508.roa
Signing time:             Tue 02 Jun 2026 09:08:34 +0000
ROA not before:           Tue 02 Jun 2026 09:03:34 +0000
ROA not after:            Tue 01 Jun 2027 09:08:34 +0000
asID:                     215508
IP address blocks:        82.47.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:13:21:68:a1:fe:f0:2d:09:f4:ef:cc:a9:d6:af:ce:7e:f1:8a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 09:03:34 2026 GMT
            Not After : Jun  1 09:08:34 2027 GMT
        Subject: CN=9698ED33C46F368791CC6C589D18DFB291833E84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bb:75:f7:b7:eb:39:a2:e7:50:2b:d7:e7:47:
                    dc:1b:19:8c:f7:6a:2d:a9:bb:b4:86:18:96:bc:dc:
                    18:60:d1:d6:84:7f:97:5a:7b:d8:68:ef:5e:c6:fd:
                    3e:a2:c4:c4:13:7c:f0:71:7c:f0:38:f4:a7:3f:ee:
                    09:88:ce:6d:f9:54:7e:ca:fd:21:de:02:96:45:16:
                    48:88:ff:60:47:b9:ac:01:23:e8:75:01:ec:fc:18:
                    46:d3:06:98:c7:b3:06:1d:b4:2c:ca:44:0d:3c:f3:
                    1d:fa:2d:52:58:b5:56:fa:5e:fa:76:10:ae:a0:cc:
                    3f:91:93:1f:4f:41:02:90:b7:d2:89:65:06:fe:c4:
                    2f:9b:2a:8f:3b:36:03:ff:b9:76:d0:5d:b2:9f:e0:
                    9c:95:46:c9:92:6a:59:46:fd:16:73:78:7b:9d:56:
                    e0:43:12:c5:de:8a:57:05:97:a3:0d:ec:d8:37:65:
                    c5:15:59:5d:14:d5:e2:54:aa:8f:74:eb:dd:2c:58:
                    b8:32:b5:76:d3:5a:65:74:77:a4:d3:0c:e6:3c:bf:
                    12:ea:5c:9c:8c:1d:0e:e5:d2:46:00:12:09:07:b8:
                    d2:67:e9:ba:55:69:88:2c:59:54:a1:37:3e:c0:31:
                    3e:d2:37:d9:00:96:99:83:0a:93:c4:f9:da:30:59:
                    e0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:98:ED:33:C4:6F:36:87:91:CC:6C:58:9D:18:DF:B2:91:83:3E:84
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215508.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a5:14:ae:8b:e1:92:6f:5f:22:01:62:0e:c4:c3:8c:85:19:
         72:3c:42:f3:6b:67:cb:3a:f7:77:eb:2d:a3:f1:33:46:2c:d2:
         ca:25:64:ee:fc:d5:2a:47:63:84:7e:2e:39:e6:fc:a5:69:08:
         b4:26:af:2e:e3:dd:54:6f:0a:4e:da:ab:86:97:ce:16:38:f2:
         25:12:7f:07:99:64:d3:dc:cd:7d:f8:99:ed:71:a9:15:c2:e2:
         ae:d4:c7:ca:ee:b7:a1:ef:6f:d7:ed:9c:a9:94:84:a7:c0:77:
         5b:60:66:da:d1:5c:f3:76:78:b2:e2:4f:25:01:c4:d0:fe:ec:
         09:88:5f:96:42:b3:1e:3e:fb:52:93:d3:69:e3:21:d1:8b:6d:
         87:61:4b:1e:51:46:7d:5c:cc:e5:dd:ff:67:66:fb:50:a1:75:
         b9:09:2a:e3:b7:7c:e4:45:e6:b9:0c:5c:0b:52:2f:c0:85:3a:
         30:e4:6f:76:06:18:12:a8:9f:22:ed:12:f0:e3:66:1b:be:0d:
         16:2c:6c:7a:c9:7c:5e:8b:1c:c8:04:d6:1d:5e:aa:54:95:11:
         37:05:c3:41:67:08:01:34:22:d9:cd:b2:a9:75:4a:aa:eb:8a:
         f5:2b:42:1e:ce:46:08:e4:a4:19:f4:8d:94:fe:92:4e:20:f0:
         b4:44:20:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCxMhaKH+8C0J9O/Mqdavzn7xisgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIwOTAzMzRaFw0yNzA2MDEwOTA4MzRaMDMxMTAvBgNV
BAMTKDk2OThFRDMzQzQ2RjM2ODc5MUNDNkM1ODlEMThERkIyOTE4MzNFODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqu3X3t+s5oudQK9fnR9wbGYz3
ai2pu7SGGJa83Bhg0daEf5dae9ho717G/T6ixMQTfPBxfPA49Kc/7gmIzm35VH7K
/SHeApZFFkiI/2BHuawBI+h1Aez8GEbTBpjHswYdtCzKRA088x36LVJYtVb6Xvp2
EK6gzD+Rkx9PQQKQt9KJZQb+xC+bKo87NgP/uXbQXbKf4JyVRsmSallG/RZzeHud
VuBDEsXeilcFl6MN7Ng3ZcUVWV0U1eJUqo90690sWLgytXbTWmV0d6TTDOY8vxLq
XJyMHQ7l0kYAEgkHuNJn6bpVaYgsWVShNz7AMT7SN9kAlpmDCpPE+dowWeB3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlpjtM8RvNoeRzGxYnRjfspGDPoQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUi+D
MA0GCSqGSIb3DQEBCwUAA4IBAQBApRSui+GSb18iAWIOxMOMhRlyPELza2fLOvd3
6y2j8TNGLNLKJWTu/NUqR2OEfi455vylaQi0Jq8u491UbwpO2quGl84WOPIlEn8H
mWTT3M19+JntcakVwuKu1MfK7reh72/X7ZyplISnwHdbYGba0Vzzdniy4k8lAcTQ
/uwJiF+WQrMePvtSk9Np4yHRi22HYUseUUZ9XMzl3f9nZvtQoXW5CSrjt3zkRea5
DFwLUi/AhTow5G92BhgSqJ8i7RLw42Ybvg0WLGx6yXxeixzIBNYdXqpUlRE3BcNB
ZwgBNCLZzbKpdUqq64r1K0IezkYI5KQZ9I2U/pJOIPC0RCAH
-----END CERTIFICATE-----