Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          u000RROWfLom/346iL/rwsLSntEvvLQEbqQeS+JKZfc=
Subject key identifier:   07:D2:6F:63:07:91:A8:AB:88:56:81:A2:EB:BB:6E:E7:EE:0E:DA:6A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3C0ADD24B3F324730C217952B8F7800263111C01
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa
Signing time:             Wed 07 May 2025 02:47:02 +0000
ROA not before:           Wed 07 May 2025 02:42:02 +0000
ROA not after:            Wed 06 May 2026 02:47:02 +0000
asID:                     215703
IP address blocks:        82.27.2.0/24 maxlen: 24
                          82.29.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:0a:dd:24:b3:f3:24:73:0c:21:79:52:b8:f7:80:02:63:11:1c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  7 02:42:02 2025 GMT
            Not After : May  6 02:47:02 2026 GMT
        Subject: CN=07D26F630791A8AB885681A2EBBB6EE7EE0EDA6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:28:3a:05:7f:63:5c:2a:8d:e0:cf:20:51:5a:
                    32:82:e9:31:66:b9:86:de:69:21:61:be:f0:67:93:
                    db:fc:07:50:4f:7e:9b:97:e5:da:4a:ed:33:c3:0a:
                    f1:fd:ca:8d:87:54:65:82:8d:b1:dc:1b:3e:ce:fa:
                    35:13:d1:43:75:59:94:6a:06:5d:af:4f:cf:dc:ea:
                    92:95:3f:6d:33:90:01:25:64:f0:07:4c:50:1f:0a:
                    b1:1a:74:2a:8e:82:7a:13:c2:0a:67:70:66:00:1a:
                    36:8c:63:1c:1c:c2:ed:86:b4:ca:a5:a6:40:d1:96:
                    fd:06:95:6b:c8:b8:75:77:06:f9:77:db:6a:a4:2b:
                    0d:dc:e9:55:1a:e1:b8:d0:ee:ad:6d:ea:97:d0:98:
                    c1:c5:60:7f:66:be:83:86:77:53:8a:80:b3:47:e3:
                    1b:ea:0f:d6:fa:a6:28:fe:ab:c6:c1:d3:78:34:c4:
                    65:f1:1e:0a:be:e6:c9:f7:ed:8c:06:d2:77:a9:67:
                    b4:82:5e:41:15:c4:8a:27:fe:ba:76:9f:6d:f4:85:
                    27:67:36:c8:7b:ff:c6:7c:f1:84:f8:bc:61:91:66:
                    69:bf:20:7e:09:77:69:57:0a:ac:0c:89:c7:3a:28:
                    f3:b0:4e:33:31:40:f1:d4:cd:68:2b:c7:97:a3:04:
                    4f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D2:6F:63:07:91:A8:AB:88:56:81:A2:EB:BB:6E:E7:EE:0E:DA:6A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.2.0/24
                  82.29.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:45:c1:53:0c:01:6d:c4:16:f5:55:d5:9e:fa:8f:cd:96:51:
         76:6b:f2:36:cf:0a:e7:fd:83:d9:f7:7d:c9:71:2b:fb:e2:af:
         fe:b4:14:cf:b6:4a:94:e3:a2:50:b9:06:14:55:83:7a:79:22:
         b0:16:7d:f4:29:e7:68:63:d9:00:0b:ec:4d:86:e7:8b:d9:54:
         a2:87:8d:13:72:41:a0:8c:76:32:6c:af:a7:68:7c:88:89:88:
         ae:53:39:41:a3:69:71:39:64:a2:6a:d9:93:76:39:58:e6:52:
         5b:f2:f8:5c:fd:2c:76:96:94:4d:cc:e9:bd:eb:2b:cd:ce:a2:
         c0:7a:ef:da:75:61:6a:ac:d6:e6:b8:cc:a2:15:73:05:92:fe:
         13:13:13:25:47:c4:f6:26:96:28:e2:12:2b:fa:8d:96:03:a7:
         6e:25:15:43:a2:7d:06:4c:c2:83:e1:f3:4a:dd:21:fa:27:b9:
         ce:a1:4a:77:ce:c9:0b:29:b4:9e:7f:f3:7c:ad:be:da:f6:ef:
         25:14:25:3b:fa:6f:ad:83:b0:1c:bb:23:96:74:60:33:bd:7f:
         23:ea:48:06:8d:fc:a8:96:5c:65:f8:7e:e8:2c:07:51:7d:f8:
         61:2b:5d:cf:e9:e1:af:23:f7:b4:ab:51:db:5c:b7:4b:1c:7e:
         9d:f5:df:91
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPArdJLPzJHMMIXlSuPeAAmMRHAEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MDcwMjQyMDJaFw0yNjA1MDYwMjQ3MDJaMDMxMTAvBgNV
BAMTKDA3RDI2RjYzMDc5MUE4QUI4ODU2ODFBMkVCQkI2RUU3RUUwRURBNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSKDoFf2NcKo3gzyBRWjKC6TFm
uYbeaSFhvvBnk9v8B1BPfpuX5dpK7TPDCvH9yo2HVGWCjbHcGz7O+jUT0UN1WZRq
Bl2vT8/c6pKVP20zkAElZPAHTFAfCrEadCqOgnoTwgpncGYAGjaMYxwcwu2GtMql
pkDRlv0GlWvIuHV3Bvl322qkKw3c6VUa4bjQ7q1t6pfQmMHFYH9mvoOGd1OKgLNH
4xvqD9b6pij+q8bB03g0xGXxHgq+5sn37YwG0nepZ7SCXkEVxIon/rp2n230hSdn
Nsh7/8Z88YT4vGGRZmm/IH4Jd2lXCqwMicc6KPOwTjMxQPHUzWgrx5ejBE9BAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUB9JvYweRqKuIVoGi67tu5+4O2mowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhsC
AwQAUh0BMA0GCSqGSIb3DQEBCwUAA4IBAQBTRcFTDAFtxBb1VdWe+o/NllF2a/I2
zwrn/YPZ933JcSv74q/+tBTPtkqU46JQuQYUVYN6eSKwFn30KedoY9kAC+xNhueL
2VSih40TckGgjHYybK+naHyIiYiuUzlBo2lxOWSiatmTdjlY5lJb8vhc/Sx2lpRN
zOm96yvNzqLAeu/adWFqrNbmuMyiFXMFkv4TExMlR8T2JpYo4hIr+o2WA6duJRVD
on0GTMKD4fNK3SH6J7nOoUp3zskLKbSef/N8rb7a9u8lFCU7+m+tg7AcuyOWdGAz
vX8j6kgGjfyollxl+H7oLAdRffhhK13P6eGvI/e0q1HbXLdLHH6d9d+R
-----END CERTIFICATE-----