Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215666.roa
File:                     AS215666.roa (raw, json)
Hash identifier:          UBaA6SYmPA9z+Apnm/MI7AT9RdWSwZg3loWSvClrs6w=
Subject key identifier:   20:89:EB:81:D1:0D:03:F7:F5:33:CC:D2:2A:10:7C:EB:57:E6:54:27
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       659F4800AD0CF2E4E6A246BF81234D6D1F641322
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215666.roa
Signing time:             Tue 23 Jun 2026 11:03:04 +0000
ROA not before:           Tue 23 Jun 2026 10:58:04 +0000
ROA not after:            Tue 22 Jun 2027 11:03:04 +0000
asID:                     215666
IP address blocks:        2a14:7581:9e00::/40 maxlen: 40
                          2a14:7583:ee00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:11:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:9f:48:00:ad:0c:f2:e4:e6:a2:46:bf:81:23:4d:6d:1f:64:13:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 23 10:58:04 2026 GMT
            Not After : Jun 22 11:03:04 2027 GMT
        Subject: CN=2089EB81D10D03F7F533CCD22A107CEB57E65427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8d:ec:e0:19:89:c6:1d:e0:e8:09:16:33:7a:
                    99:3a:12:8c:24:c5:1d:25:92:c1:6f:f3:98:0c:9e:
                    b1:a7:83:82:66:97:5d:b3:82:3a:4c:d9:c1:a4:88:
                    fb:ff:db:23:85:7b:56:86:b3:45:75:cd:3a:ec:7b:
                    c8:95:df:6b:25:e4:ec:d7:74:81:6d:4d:21:4d:d9:
                    cf:85:78:2c:bb:0e:5d:9a:e9:7d:b2:2f:dd:fc:3f:
                    23:fa:13:39:59:62:da:a1:f6:c2:70:09:fb:21:dd:
                    4e:8d:f2:f8:ff:1f:fa:b7:85:00:0b:04:55:fa:1d:
                    42:94:ef:16:6b:0b:01:ce:93:c1:8f:54:48:88:0a:
                    01:5d:46:8e:1b:3c:8b:7f:51:91:1a:1a:b8:da:7a:
                    03:f6:e5:2c:3b:7f:84:3b:8f:c1:d0:19:1c:02:5c:
                    94:7a:a2:bd:7e:08:bd:0a:f0:1c:fe:b1:14:5e:6e:
                    39:21:c8:c7:0b:24:6a:98:2b:c9:c2:d3:a2:05:03:
                    ab:58:68:70:29:18:af:a1:18:25:b4:7b:43:63:5e:
                    ec:a6:de:65:a0:7a:06:a3:df:38:95:92:87:09:3e:
                    58:54:91:96:8f:53:e7:da:96:a5:a8:f5:92:a8:d2:
                    7c:41:37:ff:37:06:b6:52:6d:ff:71:b9:8a:4a:25:
                    b5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:89:EB:81:D1:0D:03:F7:F5:33:CC:D2:2A:10:7C:EB:57:E6:54:27
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215666.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9e00::/40
                  2a14:7583:ee00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:fb:78:e9:90:b3:48:0b:a5:2d:d1:6b:2b:1c:54:c3:1c:34:
         70:0c:d8:7f:68:8c:28:69:77:96:ad:a8:4f:27:f5:a0:64:5c:
         ff:f8:2d:26:5b:be:b1:a2:e5:ba:e9:85:c2:02:f2:1a:ee:5d:
         bf:7b:b0:bc:f5:77:8f:84:ba:c8:ff:fe:31:58:c9:c0:cb:6b:
         95:4b:99:a3:c1:9b:e1:8e:60:2a:60:ae:2d:e5:d2:08:57:30:
         2c:01:f3:52:cd:17:f4:63:0c:77:5b:4f:05:9f:a2:9d:00:53:
         29:12:09:50:d8:9c:0d:3f:92:64:67:10:61:1b:15:34:ce:30:
         42:33:ce:b9:95:4c:ac:07:f5:00:af:d4:fc:48:a3:22:ac:2b:
         e2:31:59:b1:c1:58:eb:bd:8f:b3:46:9b:e5:04:d4:84:77:c6:
         6f:8d:35:ab:9e:09:31:67:cd:6a:05:1c:ff:97:8b:86:9f:1d:
         da:9d:45:22:5f:5d:e6:b4:d6:c8:f3:8d:39:18:a7:ff:83:8a:
         f9:d4:d9:5e:08:08:cd:cc:e8:de:4e:78:d8:ed:e0:2f:56:72:
         c3:32:bc:4b:35:a6:f5:f6:57:fb:c2:5a:ca:ec:4e:98:46:a2:
         6a:a3:36:e1:e2:75:49:03:d7:71:87:61:02:c7:35:40:51:b5:
         f1:f9:2a:b4
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUZZ9IAK0M8uTmoka/gSNNbR9kEyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MjMxMDU4MDRaFw0yNzA2MjIxMTAzMDRaMDMxMTAvBgNV
BAMTKDIwODlFQjgxRDEwRDAzRjdGNTMzQ0NEMjJBMTA3Q0VCNTdFNjU0MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQjezgGYnGHeDoCRYzepk6Eowk
xR0lksFv85gMnrGng4Jml12zgjpM2cGkiPv/2yOFe1aGs0V1zTrse8iV32sl5OzX
dIFtTSFN2c+FeCy7Dl2a6X2yL938PyP6EzlZYtqh9sJwCfsh3U6N8vj/H/q3hQAL
BFX6HUKU7xZrCwHOk8GPVEiICgFdRo4bPIt/UZEaGrjaegP25Sw7f4Q7j8HQGRwC
XJR6or1+CL0K8Bz+sRRebjkhyMcLJGqYK8nC06IFA6tYaHApGK+hGCW0e0NjXuym
3mWgegaj3ziVkocJPlhUkZaPU+falqWo9ZKo0nxBN/83BrZSbf9xuYpKJbW/AgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUIInrgdENA/f1M8zSKhB861fmVCcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE1NjY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhR1
gZ4DBgAqFHWD7jANBgkqhkiG9w0BAQsFAAOCAQEAGvt46ZCzSAulLdFrKxxUwxw0
cAzYf2iMKGl3lq2oTyf1oGRc//gtJlu+saLluumFwgLyGu5dv3uwvPV3j4S6yP/+
MVjJwMtrlUuZo8Gb4Y5gKmCuLeXSCFcwLAHzUs0X9GMMd1tPBZ+inQBTKRIJUNic
DT+SZGcQYRsVNM4wQjPOuZVMrAf1AK/U/EijIqwr4jFZscFY672Ps0ab5QTUhHfG
b401q54JMWfNagUc/5eLhp8d2p1FIl9d5rTWyPONORin/4OK+dTZXggIzczo3k54
2O3gL1ZywzK8SzWm9fZX+8JayuxOmEaiaqM24eJ1SQPXcYdhAsc1QFG18fkqtA==
-----END CERTIFICATE-----