Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          VtPBhmq83Ey4t5Fhp4o5Og72+C+OZXOfw0jrcka2Zrw=
Subject key identifier:   0D:B3:16:C7:42:59:64:B1:3E:77:42:87:4B:A0:02:4B:83:00:98:80
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0639CF5D7F8F056F57E41E56AB2D96ECE5EE37A6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa
Signing time:             Mon 27 Jan 2025 12:47:54 +0000
ROA not before:           Mon 27 Jan 2025 12:42:54 +0000
ROA not after:            Mon 26 Jan 2026 12:47:54 +0000
asID:                     215703
IP address blocks:        82.27.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:39:cf:5d:7f:8f:05:6f:57:e4:1e:56:ab:2d:96:ec:e5:ee:37:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 27 12:42:54 2025 GMT
            Not After : Jan 26 12:47:54 2026 GMT
        Subject: CN=0DB316C7425964B13E7742874BA0024B83009880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:50:ac:01:2f:1d:e5:e2:fc:17:29:c1:95:63:
                    77:4a:58:57:f7:62:87:7f:84:b2:5b:39:2a:98:28:
                    fe:e2:91:e5:b0:15:09:80:e5:95:47:ec:ce:61:91:
                    9c:61:b9:93:32:9d:9a:d5:e6:f6:88:b2:a1:47:20:
                    50:09:5c:2b:30:85:e6:98:6c:9a:0c:cc:3c:22:47:
                    5a:2d:0c:a5:6a:fe:d4:28:c9:5d:a8:d2:aa:05:cd:
                    50:66:be:d9:f4:62:72:1d:7d:a4:43:2e:e2:5c:c5:
                    b4:45:e5:83:22:a7:fc:76:5e:e6:7c:88:88:05:ae:
                    60:2e:af:80:f7:f0:c7:21:ab:27:f4:15:1a:49:f9:
                    d1:01:28:ba:3d:64:44:c7:d7:18:2b:2b:52:b0:f0:
                    16:2e:61:7f:ba:05:8d:99:ab:ed:f7:02:14:dc:15:
                    3b:1b:14:1d:0b:d8:48:5a:43:44:4b:c1:20:a9:19:
                    49:bd:04:0a:99:e2:41:b3:3a:2b:de:90:3a:08:9b:
                    07:4b:9b:dd:83:5b:c0:01:43:93:91:f7:17:7d:3d:
                    61:83:3b:70:fc:29:35:c5:b8:f4:48:24:2c:43:2c:
                    19:da:70:65:1c:57:3c:73:a7:f2:72:ee:40:d7:60:
                    da:c8:c3:0e:3f:59:6a:e7:99:85:27:ca:4e:b7:8d:
                    5d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B3:16:C7:42:59:64:B1:3E:77:42:87:4B:A0:02:4B:83:00:98:80
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:8d:81:a0:b7:06:d8:46:79:3d:f9:e3:01:fd:d7:c8:12:b5:
         a3:59:39:46:a7:f2:6b:2f:4c:a1:c4:58:dc:a6:37:6d:9f:bb:
         27:aa:37:0e:66:d9:c2:45:22:a1:be:a8:94:99:3a:0a:a6:4b:
         e5:a9:15:04:74:af:d2:8c:56:78:ab:6d:2d:8b:63:45:c0:be:
         a9:2c:aa:a7:d5:0a:aa:c9:1a:01:4f:f7:32:e1:31:df:38:29:
         0a:ef:ea:a1:a3:13:07:cd:e0:ca:fe:91:37:80:e7:45:6d:e9:
         77:e1:f5:f8:e4:1d:1d:8a:44:6c:b2:6b:d4:00:a0:a8:33:7a:
         c5:77:d7:ee:7a:b4:71:91:8b:87:99:5b:26:9b:fe:be:6d:0e:
         3e:75:0c:6d:d1:cf:df:59:83:2c:65:91:cb:e6:38:46:56:d8:
         54:6f:6c:26:3b:f4:70:70:40:1a:cb:91:5f:a3:02:70:0f:1c:
         87:de:50:4b:59:82:a0:0a:60:77:ea:69:b3:23:3b:c4:8e:08:
         6a:e3:f4:2f:78:06:7e:23:99:98:a9:4b:39:83:f5:cf:a2:67:
         03:34:25:19:34:43:2e:7b:f5:be:89:22:dd:e2:9a:e4:5d:16:
         50:de:04:36:f8:7b:c9:16:96:52:00:24:77:02:e1:31:49:34:
         6c:6a:e3:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBjnPXX+PBW9X5B5Wqy2W7OXuN6YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjcxMjQyNTRaFw0yNjAxMjYxMjQ3NTRaMDMxMTAvBgNV
BAMTKDBEQjMxNkM3NDI1OTY0QjEzRTc3NDI4NzRCQTAwMjRCODMwMDk4ODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/UKwBLx3l4vwXKcGVY3dKWFf3
Yod/hLJbOSqYKP7ikeWwFQmA5ZVH7M5hkZxhuZMynZrV5vaIsqFHIFAJXCswheaY
bJoMzDwiR1otDKVq/tQoyV2o0qoFzVBmvtn0YnIdfaRDLuJcxbRF5YMip/x2XuZ8
iIgFrmAur4D38Mchqyf0FRpJ+dEBKLo9ZETH1xgrK1Kw8BYuYX+6BY2Zq+33AhTc
FTsbFB0L2EhaQ0RLwSCpGUm9BAqZ4kGzOivekDoImwdLm92DW8ABQ5OR9xd9PWGD
O3D8KTXFuPRIJCxDLBnacGUcVzxzp/Jy7kDXYNrIww4/WWrnmYUnyk63jV3fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDbMWx0JZZLE+d0KHS6ACS4MAmIAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhsC
MA0GCSqGSIb3DQEBCwUAA4IBAQAijYGgtwbYRnk9+eMB/dfIErWjWTlGp/JrL0yh
xFjcpjdtn7snqjcOZtnCRSKhvqiUmToKpkvlqRUEdK/SjFZ4q20ti2NFwL6pLKqn
1QqqyRoBT/cy4THfOCkK7+qhoxMHzeDK/pE3gOdFbel34fX45B0dikRssmvUAKCo
M3rFd9fuerRxkYuHmVsmm/6+bQ4+dQxt0c/fWYMsZZHL5jhGVthUb2wmO/RwcEAa
y5FfowJwDxyH3lBLWYKgCmB36mmzIzvEjghq4/QveAZ+I5mYqUs5g/XPomcDNCUZ
NEMue/W+iSLd4prkXRZQ3gQ2+HvJFpZSACR3AuExSTRsauNM
-----END CERTIFICATE-----