Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa
File:                     AS215280.roa (raw, json)
Hash identifier:          30VPe32we6CNZM7BoNaIwRUGWecNZn/Qs9exJboxEUA=
Subject key identifier:   7C:42:24:80:34:98:77:33:B6:1F:86:5B:40:0D:C9:49:83:1C:61:14
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       354069B45FEBB1EB97B9ABBDA60D82DA2F951943
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa
Signing time:             Fri 26 Jun 2026 08:08:44 +0000
ROA not before:           Fri 26 Jun 2026 08:03:44 +0000
ROA not after:            Fri 25 Jun 2027 08:08:44 +0000
asID:                     215280
IP address blocks:        2a0f:85c1:39d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Jul 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:40:69:b4:5f:eb:b1:eb:97:b9:ab:bd:a6:0d:82:da:2f:95:19:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:44 2026 GMT
            Not After : Jun 25 08:08:44 2027 GMT
        Subject: CN=7C42248034987733B61F865B400DC949831C6114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8d:1e:94:ec:90:1d:e4:25:b0:51:ec:34:f3:
                    67:f1:ef:c2:dd:03:b1:57:4f:b7:29:da:74:89:1e:
                    07:3d:fb:87:28:47:ec:f5:3c:8f:2d:a9:61:d1:40:
                    67:a8:c7:f0:70:f1:9f:0b:57:d4:39:02:6e:cd:dc:
                    55:f2:7d:a1:48:ec:ff:54:4e:48:aa:4b:a1:04:fb:
                    07:be:ae:f5:f2:e6:43:f8:66:8d:ab:57:e8:b9:1f:
                    66:07:63:4f:b5:a9:bd:ab:c3:5e:5e:f1:6d:27:a9:
                    bb:88:c2:4a:8d:ad:aa:80:1b:63:f7:ee:33:18:4d:
                    2f:c5:9c:51:a8:66:16:3e:8a:3e:e0:ec:0c:e2:25:
                    aa:44:bc:41:5f:4e:b7:f1:d0:f9:70:c8:1e:60:57:
                    87:5f:71:44:71:36:0e:02:f6:d2:07:fa:00:c0:af:
                    38:0b:4a:52:d6:e5:ec:96:9c:0a:ac:e8:4f:32:e4:
                    1c:e9:00:9c:b2:3f:50:2e:6a:13:14:50:15:83:68:
                    26:ac:6a:e9:7c:20:ae:a7:d0:00:99:00:e4:9b:0f:
                    06:da:24:ab:86:43:d5:92:fc:c0:91:dd:1f:cb:9f:
                    94:28:1b:19:17:85:0c:88:00:fd:e7:41:6b:98:03:
                    9d:57:b1:42:02:68:15:bd:26:f4:8f:67:93:0d:a5:
                    ae:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:42:24:80:34:98:77:33:B6:1F:86:5B:40:0D:C9:49:83:1C:61:14
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215280.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:39d::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:d7:88:45:d7:0b:85:19:52:61:44:8c:4e:27:d2:9a:e2:a5:
         c2:19:f3:bb:ed:91:75:06:24:2f:c9:0a:70:87:ea:81:02:23:
         5c:b5:2b:af:95:11:6c:24:73:42:0e:a5:00:d1:54:28:45:b1:
         ad:0a:7b:e1:36:85:82:ab:61:e1:83:38:bb:d1:91:b6:f4:26:
         39:21:e2:98:8e:45:ef:5a:d3:b3:6b:ed:6c:11:be:82:2a:de:
         b7:57:dc:4e:08:25:6a:1a:73:71:fb:80:ee:88:37:5e:2c:87:
         d7:75:2a:c5:76:29:ec:51:c0:8e:84:dc:02:82:0e:55:8d:74:
         fc:7c:ec:2c:9f:63:89:da:27:a8:e7:00:ba:06:02:94:30:cc:
         59:07:0a:8e:17:74:d3:72:97:42:07:99:bd:af:6a:ef:f2:aa:
         86:6a:4a:e4:09:bf:30:47:11:74:13:ce:bb:4b:8e:e0:21:11:
         a8:46:06:e6:12:06:7b:60:91:20:5c:d2:55:eb:b4:d5:db:3b:
         31:6a:0d:6a:b2:11:fb:bf:51:f7:95:69:23:6f:de:59:ba:5e:
         0f:8b:5b:13:88:d2:4b:71:b7:73:b5:4b:24:12:9d:fe:a6:17:
         8f:ec:6a:8a:bc:e0:c4:00:c6:56:bb:57:f1:32:e8:7f:8d:44:
         3c:e9:c3:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNUBptF/rseuXuau9pg2C2i+VGUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzNDRaFw0yNzA2MjUwODA4NDRaMDMxMTAvBgNV
BAMTKDdDNDIyNDgwMzQ5ODc3MzNCNjFGODY1QjQwMERDOTQ5ODMxQzYxMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgjR6U7JAd5CWwUew082fx78Ld
A7FXT7cp2nSJHgc9+4coR+z1PI8tqWHRQGeox/Bw8Z8LV9Q5Am7N3FXyfaFI7P9U
TkiqS6EE+we+rvXy5kP4Zo2rV+i5H2YHY0+1qb2rw15e8W0nqbuIwkqNraqAG2P3
7jMYTS/FnFGoZhY+ij7g7AziJapEvEFfTrfx0PlwyB5gV4dfcURxNg4C9tIH+gDA
rzgLSlLW5eyWnAqs6E8y5BzpAJyyP1AuahMUUBWDaCasaul8IK6n0ACZAOSbDwba
JKuGQ9WS/MCR3R/Ln5QoGxkXhQyIAP3nQWuYA51XsUICaBW9JvSPZ5MNpa7dAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfEIkgDSYdzO2H4ZbQA3JSYMcYRQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOdMA0GCSqGSIb3DQEBCwUAA4IBAQBK14hF1wuFGVJhRIxOJ9Ka4qXCGfO77ZF1
BiQvyQpwh+qBAiNctSuvlRFsJHNCDqUA0VQoRbGtCnvhNoWCq2Hhgzi70ZG29CY5
IeKYjkXvWtOza+1sEb6CKt63V9xOCCVqGnNx+4DuiDdeLIfXdSrFdinsUcCOhNwC
gg5VjXT8fOwsn2OJ2ieo5wC6BgKUMMxZBwqOF3TTcpdCB5m9r2rv8qqGakrkCb8w
RxF0E867S47gIRGoRgbmEgZ7YJEgXNJV67TV2zsxag1qshH7v1H3lWkjb95Zul4P
i1sTiNJLcbdztUskEp3+pheP7GqKvODEAMZWu1fxMuh/jUQ86cMa
-----END CERTIFICATE-----
Generated at Mon Jul 13 12:49:11 2026 by rpki-client