Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215153.roa
File:                     AS215153.roa (raw, json)
Hash identifier:          KIS2GrTd4M6smc28zKojfI23a/CTnTWV0sshXiSPjhs=
Subject key identifier:   7C:87:A7:C0:B2:9A:AD:3F:14:E8:33:9B:43:DC:89:D2:99:75:99:DD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       11354942811B46F02D2E7696309942A98E5B0508
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215153.roa
Signing time:             Fri 26 Jun 2026 08:08:37 +0000
ROA not before:           Fri 26 Jun 2026 08:03:37 +0000
ROA not after:            Fri 25 Jun 2027 08:08:37 +0000
asID:                     215153
IP address blocks:        2a0f:85c1:3b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:35:49:42:81:1b:46:f0:2d:2e:76:96:30:99:42:a9:8e:5b:05:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:37 2026 GMT
            Not After : Jun 25 08:08:37 2027 GMT
        Subject: CN=7C87A7C0B29AAD3F14E8339B43DC89D2997599DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bc:41:65:90:74:6d:ee:24:2f:06:49:a6:09:
                    ae:f3:95:ac:51:f9:67:76:0d:32:27:13:66:b0:a7:
                    4f:c6:25:01:34:30:0d:ef:7c:fe:8d:9d:f9:a3:1f:
                    4d:c7:37:03:1b:d3:47:6a:49:53:46:ab:11:5e:54:
                    c3:50:52:d0:ee:8b:dd:28:24:fa:87:e0:59:24:64:
                    2f:41:bf:d4:4c:b3:f9:df:4c:46:8e:ef:fe:38:af:
                    a6:70:75:8d:2b:24:9f:f7:18:95:be:1c:f3:24:01:
                    ed:f5:3b:e4:c4:89:73:d6:51:73:62:14:17:77:08:
                    88:9f:c8:a7:48:75:e2:3a:25:01:56:45:02:21:59:
                    61:bb:5f:c0:d9:bb:6d:09:a8:59:0d:23:70:89:ad:
                    49:7e:76:8f:0c:cf:59:73:69:4f:a2:d1:8e:2c:a8:
                    75:65:2a:42:36:df:df:66:46:a0:a3:12:0c:51:87:
                    33:bb:8c:fa:36:51:30:df:17:fd:15:38:c3:c8:a5:
                    7b:65:04:19:43:97:1f:e6:70:93:4a:b0:ee:d3:bc:
                    b4:c4:09:8b:a7:a6:91:cc:2b:14:98:ca:09:d7:97:
                    58:5e:63:9e:c7:4f:44:ef:56:5e:8f:59:90:1c:09:
                    64:71:ab:ad:5d:47:fe:fd:3d:30:37:ab:e9:b5:81:
                    cc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:87:A7:C0:B2:9A:AD:3F:14:E8:33:9B:43:DC:89:D2:99:75:99:DD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:f1:1a:0f:0b:40:38:97:98:96:4f:5d:ff:a8:37:0f:b6:19:
         95:a0:14:b1:96:43:d6:e4:a5:dd:f8:71:1d:01:0b:44:f2:3b:
         53:f0:3c:4c:47:41:47:a2:02:1a:f4:1d:a6:fb:13:49:b9:59:
         6c:5d:33:35:c2:d3:6b:8b:8a:cd:6c:c1:f0:8d:73:1e:f7:4b:
         0c:9a:7e:4e:8f:16:fa:1e:9d:db:92:36:8f:89:c3:1a:b1:3c:
         20:a0:d1:cf:5e:52:fc:da:c7:cb:c1:9d:25:ef:b2:83:ca:99:
         d1:97:49:19:1b:bd:20:25:3b:09:9b:ad:83:32:9d:01:e8:a1:
         3d:e9:34:9b:25:8b:68:a8:d4:87:cc:5c:43:b3:2f:5b:96:3f:
         a6:6c:79:a8:58:74:e0:bf:d8:57:20:1b:33:0e:f7:ff:ee:59:
         6e:82:51:c4:0b:c7:b1:98:d2:8c:03:f4:67:67:cb:16:1a:27:
         6e:4d:7f:c2:51:00:bf:2f:ba:a2:e6:0e:12:a6:0a:3d:97:ea:
         34:a1:fd:b0:3a:97:50:e4:fa:e2:1e:75:c3:2b:df:d8:fb:55:
         e6:4c:56:7d:86:e2:57:d1:e0:af:c4:64:0e:70:3c:8c:a2:8b:
         56:84:d2:a9:3f:c9:1a:32:5d:97:c2:a6:97:bb:a9:5f:78:1b:
         1a:2b:4c:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUETVJQoEbRvAtLnaWMJlCqY5bBQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzMzdaFw0yNzA2MjUwODA4MzdaMDMxMTAvBgNV
BAMTKDdDODdBN0MwQjI5QUFEM0YxNEU4MzM5QjQzREM4OUQyOTk3NTk5REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOvEFlkHRt7iQvBkmmCa7zlaxR
+Wd2DTInE2awp0/GJQE0MA3vfP6NnfmjH03HNwMb00dqSVNGqxFeVMNQUtDui90o
JPqH4FkkZC9Bv9RMs/nfTEaO7/44r6ZwdY0rJJ/3GJW+HPMkAe31O+TEiXPWUXNi
FBd3CIifyKdIdeI6JQFWRQIhWWG7X8DZu20JqFkNI3CJrUl+do8Mz1lzaU+i0Y4s
qHVlKkI2399mRqCjEgxRhzO7jPo2UTDfF/0VOMPIpXtlBBlDlx/mcJNKsO7TvLTE
CYunppHMKxSYygnXl1heY57HT0TvVl6PWZAcCWRxq61dR/79PTA3q+m1gczJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfIenwLKarT8U6DObQ9yJ0pl1md0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOwMA0GCSqGSIb3DQEBCwUAA4IBAQAw8RoPC0A4l5iWT13/qDcPthmVoBSxlkPW
5KXd+HEdAQtE8jtT8DxMR0FHogIa9B2m+xNJuVlsXTM1wtNri4rNbMHwjXMe90sM
mn5Ojxb6Hp3bkjaPicMasTwgoNHPXlL82sfLwZ0l77KDypnRl0kZG70gJTsJm62D
Mp0B6KE96TSbJYtoqNSHzFxDsy9blj+mbHmoWHTgv9hXIBszDvf/7lluglHEC8ex
mNKMA/RnZ8sWGiduTX/CUQC/L7qi5g4Spgo9l+o0of2wOpdQ5PriHnXDK9/Y+1Xm
TFZ9huJX0eCvxGQOcDyMootWhNKpP8kaMl2XwqaXu6lfeBsaK0z6
-----END CERTIFICATE-----