Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215750.roa
File:                     AS215750.roa (raw, json)
Hash identifier:          Ml+WaDmCTVqILZaxUMjQyr8obUBiaNJVWEwi68CgH/g=
Subject key identifier:   4D:3A:98:86:63:B2:CB:AC:D6:53:9F:41:B5:B0:7E:A1:B4:91:33:64
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       399708BD7AF06FF1838C1F347AC91620CD359E38
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215750.roa
Signing time:             Tue 04 Feb 2025 00:17:07 +0000
ROA not before:           Tue 04 Feb 2025 00:12:07 +0000
ROA not after:            Tue 03 Feb 2026 00:17:07 +0000
asID:                     215750
IP address blocks:        2a14:7580:fa00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:97:08:bd:7a:f0:6f:f1:83:8c:1f:34:7a:c9:16:20:cd:35:9e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:07 2025 GMT
            Not After : Feb  3 00:17:07 2026 GMT
        Subject: CN=4D3A988663B2CBACD6539F41B5B07EA1B4913364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:38:b1:cd:65:bf:b1:03:3f:0b:0a:37:9d:
                    f0:bd:b4:2b:e3:fd:5c:c2:0f:3a:d9:a3:9e:05:78:
                    b7:a0:6d:bb:45:7b:45:f8:6b:f1:c2:73:a5:7c:9a:
                    74:a0:3f:27:73:85:c6:87:ad:0b:2e:0c:65:ab:fc:
                    bc:5a:34:23:75:cb:95:a2:cb:2a:26:32:4d:42:a7:
                    ee:71:66:73:f7:ab:cd:89:f7:d0:c1:73:70:1e:d2:
                    db:13:f9:3a:ae:bd:e2:ac:3a:e8:bd:08:53:35:5b:
                    0b:b2:96:6b:60:62:f7:4b:15:96:da:b2:ae:9f:51:
                    14:8b:7b:b1:1a:4f:4e:92:a7:6a:38:67:f0:6f:7e:
                    61:83:8c:57:27:50:44:1d:1c:0a:52:8b:fb:70:bd:
                    d6:01:eb:4c:1b:d1:a4:0b:f8:b8:87:47:dd:99:dd:
                    1d:3b:bf:a7:9b:f2:2e:59:c5:0b:08:a1:0f:3b:37:
                    9e:51:c3:1d:b9:7d:f4:80:38:9a:c6:e1:d9:09:45:
                    16:6b:b7:8c:b3:f1:24:22:9e:7b:89:06:7b:6a:b4:
                    28:b8:8c:9c:2c:1b:79:a1:63:35:78:8c:95:24:be:
                    81:c3:77:fd:90:2c:89:5a:10:a9:4c:c3:98:9c:02:
                    87:5e:6f:ec:c1:fd:ec:38:df:ba:09:93:3d:89:7c:
                    53:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:3A:98:86:63:B2:CB:AC:D6:53:9F:41:B5:B0:7E:A1:B4:91:33:64
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215750.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:6f:0b:35:df:07:42:b7:d1:8e:9c:9e:98:fe:b6:05:17:7f:
         0c:d6:d3:ca:9f:68:19:0e:41:52:33:ff:de:04:bf:f8:84:f4:
         59:2e:5a:ac:72:0b:0e:ad:3e:d8:db:db:0f:de:a5:b9:d1:9f:
         f6:e3:8f:3d:9b:c3:eb:28:31:03:4a:d7:ab:77:7c:54:50:37:
         58:a6:cf:fa:bb:3d:9a:f3:ec:ba:4b:60:fe:ae:7e:6d:ba:b7:
         37:2c:05:10:53:dc:e4:02:b8:f9:d0:f4:aa:2a:af:08:a1:b3:
         83:24:32:72:4d:2b:db:18:d4:a0:b3:e3:6c:1b:cb:51:90:4d:
         54:f3:27:15:10:c4:95:02:f2:17:bd:01:c3:7c:40:95:65:b3:
         76:ee:55:3c:9c:9c:6c:b8:d8:3c:4f:ca:a7:bb:54:5f:3f:bd:
         89:b3:f3:67:41:ea:bf:2e:7c:3c:8c:23:36:29:ed:99:c0:77:
         ef:bd:f6:fc:84:32:c4:f9:d6:56:21:05:3d:de:74:85:32:4a:
         2b:b7:3d:84:8a:cd:fa:4c:a2:9a:93:54:4e:6f:92:23:ef:3c:
         9d:a6:e1:01:ee:cf:83:36:d1:c9:dd:54:bc:13:f6:91:68:d0:
         47:7b:bd:5c:1d:96:c9:5e:01:0c:90:0e:c7:1f:71:0b:cc:3d:
         73:77:ac:4a
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUOZcIvXrwb/GDjB80eskWIM01njgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDdaFw0yNjAyMDMwMDE3MDdaMDMxMTAvBgNV
BAMTKDREM0E5ODg2NjNCMkNCQUNENjUzOUY0MUI1QjA3RUExQjQ5MTMzNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZkjixzWW/sQM/Cwo3nfC9tCvj
/VzCDzrZo54FeLegbbtFe0X4a/HCc6V8mnSgPydzhcaHrQsuDGWr/LxaNCN1y5Wi
yyomMk1Cp+5xZnP3q82J99DBc3Ae0tsT+TquveKsOui9CFM1WwuylmtgYvdLFZba
sq6fURSLe7EaT06Sp2o4Z/BvfmGDjFcnUEQdHApSi/twvdYB60wb0aQL+LiHR92Z
3R07v6eb8i5ZxQsIoQ87N55Rwx25ffSAOJrG4dkJRRZrt4yz8SQinnuJBntqtCi4
jJwsG3mhYzV4jJUkvoHDd/2QLIlaEKlMw5icAodeb+zB/ew437oJkz2JfFO5AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUTTqYhmOyy6zWU59BtbB+obSRM2QwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE1NzUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gPowDQYJKoZIhvcNAQELBQADggEBABNvCzXfB0K30Y6cnpj+tgUXfwzW08qfaBkO
QVIz/94Ev/iE9FkuWqxyCw6tPtjb2w/epbnRn/bjjz2bw+soMQNK16t3fFRQN1im
z/q7PZrz7LpLYP6ufm26tzcsBRBT3OQCuPnQ9Koqrwihs4MkMnJNK9sY1KCz42wb
y1GQTVTzJxUQxJUC8he9AcN8QJVls3buVTycnGy42DxPyqe7VF8/vYmz82dB6r8u
fDyMIzYp7ZnAd++99vyEMsT51lYhBT3edIUySiu3PYSKzfpMopqTVE5vkiPvPJ2m
4QHuz4M20cndVLwT9pFo0Ed7vVwdlsleAQyQDscfcQvMPXN3rEo=
-----END CERTIFICATE-----