Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa
File:                     AS215172.roa (raw, json)
Hash identifier:          3yLrHYcUKRsLK0GoeU+2kjl/tyEahYiSHj9mqpc+kbQ=
Subject key identifier:   4D:48:AA:43:EF:92:B8:76:6B:21:58:35:AF:5B:3E:A7:07:4B:55:09
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39BC65C0D9B3D64E8ACF85AE5804861A44F3D80E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa
Signing time:             Fri 26 Jun 2026 08:08:39 +0000
ROA not before:           Fri 26 Jun 2026 08:03:39 +0000
ROA not after:            Fri 25 Jun 2027 08:08:39 +0000
asID:                     215172
IP address blocks:        2a0f:85c1:3ad::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:bc:65:c0:d9:b3:d6:4e:8a:cf:85:ae:58:04:86:1a:44:f3:d8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:39 2026 GMT
            Not After : Jun 25 08:08:39 2027 GMT
        Subject: CN=4D48AA43EF92B8766B215835AF5B3EA7074B5509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6c:5f:38:ff:8c:ce:d8:df:6c:34:1a:f1:f4:
                    7a:ba:12:7c:e6:ff:5d:42:13:f7:a6:68:b4:a3:74:
                    ad:5c:8f:a0:7c:11:ac:dd:06:37:53:f9:43:fa:90:
                    8b:3e:7a:c0:fa:2b:5f:ec:7f:a8:ef:f1:31:61:10:
                    16:88:0e:31:9a:e8:47:29:1f:51:d5:8e:56:fc:8e:
                    52:d3:9b:e4:0f:4a:01:85:70:e2:ce:52:0b:a5:50:
                    63:bc:96:dd:2b:6f:f1:ea:bf:56:31:9f:29:22:b4:
                    ea:e3:04:84:98:02:91:cc:ab:44:26:bb:03:eb:b0:
                    d0:76:77:75:ff:95:cc:2b:ee:9a:42:1f:e6:ff:34:
                    aa:3d:f3:f1:31:7f:3f:85:ae:1c:f4:01:9a:fc:80:
                    73:50:93:e0:41:81:e2:ad:dd:7b:27:a8:b6:40:56:
                    eb:69:d3:f8:f8:67:2a:91:0e:f5:5c:a4:a6:14:f1:
                    c1:e2:a5:b2:fd:7d:8f:c3:53:25:bd:16:6a:71:f4:
                    b9:de:15:43:d5:81:52:4e:c8:4d:4b:00:f2:67:1a:
                    ca:f8:f1:c3:5c:0d:8c:a2:6a:82:3f:bd:b1:c0:24:
                    aa:55:bb:a0:d6:bd:95:eb:78:42:31:05:a4:43:1c:
                    55:13:3c:d0:1e:95:5b:c5:ce:50:d5:65:91:96:4a:
                    01:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:48:AA:43:EF:92:B8:76:6B:21:58:35:AF:5B:3E:A7:07:4B:55:09
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:86:02:46:72:b8:b0:a7:59:32:bf:4a:22:72:a4:56:c4:52:
         5f:d0:61:1e:d5:1b:2d:58:32:d9:87:b8:a7:76:4a:6d:35:8f:
         38:cc:cc:5e:7c:a7:e5:88:0c:5f:db:8f:f2:07:75:38:c0:78:
         c7:ae:29:3b:7c:6c:c3:70:02:f9:1a:88:a5:a8:44:b5:c5:ba:
         b9:c5:59:e5:bb:5b:d9:19:55:8c:d4:3a:c0:98:50:12:23:55:
         e1:d8:22:c3:d6:6c:c2:f6:e1:53:51:4f:9e:89:30:81:fb:d8:
         02:94:4d:f7:7a:54:5d:f2:bd:5f:d6:a1:65:70:be:d9:1c:43:
         91:11:45:6f:30:b0:79:cf:26:97:0a:72:7e:be:be:fb:f2:d4:
         81:45:44:17:75:9a:2e:5a:e9:56:2b:24:28:7a:5b:96:5d:2e:
         8d:b9:08:60:ff:70:c4:a0:27:9e:32:09:c2:3f:1c:9d:66:42:
         b0:5b:25:64:e5:42:40:54:06:7f:c9:7d:2d:3f:a9:b6:da:09:
         4c:b8:91:30:49:f3:06:09:db:96:9d:f2:3f:19:28:ec:c9:fe:
         10:12:b7:83:f1:37:a2:a8:f9:9f:6e:94:a6:f8:ea:b4:e0:4a:
         77:c0:41:95:94:85:4a:41:6e:07:91:5a:8b:f3:94:e4:14:a0:
         5b:78:65:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUObxlwNmz1k6Kz4WuWASGGkTz2A4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzMzlaFw0yNzA2MjUwODA4MzlaMDMxMTAvBgNV
BAMTKDRENDhBQTQzRUY5MkI4NzY2QjIxNTgzNUFGNUIzRUE3MDc0QjU1MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWbF84/4zO2N9sNBrx9Hq6Enzm
/11CE/emaLSjdK1cj6B8EazdBjdT+UP6kIs+esD6K1/sf6jv8TFhEBaIDjGa6Ecp
H1HVjlb8jlLTm+QPSgGFcOLOUgulUGO8lt0rb/Hqv1YxnykitOrjBISYApHMq0Qm
uwPrsNB2d3X/lcwr7ppCH+b/NKo98/Exfz+Frhz0AZr8gHNQk+BBgeKt3XsnqLZA
Vutp0/j4ZyqRDvVcpKYU8cHipbL9fY/DUyW9Fmpx9LneFUPVgVJOyE1LAPJnGsr4
8cNcDYyiaoI/vbHAJKpVu6DWvZXreEIxBaRDHFUTPNAelVvFzlDVZZGWSgF/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTUiqQ++SuHZrIVg1r1s+pwdLVQkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOtMA0GCSqGSIb3DQEBCwUAA4IBAQCFhgJGcriwp1kyv0oicqRWxFJf0GEe1Rst
WDLZh7indkptNY84zMxefKfliAxf24/yB3U4wHjHrik7fGzDcAL5GoilqES1xbq5
xVnlu1vZGVWM1DrAmFASI1Xh2CLD1mzC9uFTUU+eiTCB+9gClE33elRd8r1f1qFl
cL7ZHEOREUVvMLB5zyaXCnJ+vr778tSBRUQXdZouWulWKyQoeluWXS6NuQhg/3DE
oCeeMgnCPxydZkKwWyVk5UJAVAZ/yX0tP6m22glMuJEwSfMGCduWnfI/GSjsyf4Q
EreD8TeiqPmfbpSm+Oq04Ep3wEGVlIVKQW4HkVqL85TkFKBbeGXZ
-----END CERTIFICATE-----
Generated at Fri Jul 17 07:28:00 2026 by rpki-client