Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215752.roa
File:                     AS215752.roa (raw, json)
Hash identifier:          mX73a4y/GSsnbi/9w1HmYAMhScAIv1GHqHeQdq4XN14=
Subject key identifier:   E4:EC:5A:D3:A7:B3:FE:46:30:72:A4:80:4B:C5:E0:6F:42:AC:20:EF
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2F9A472E0DC89FEB4326E5F8E728668E05FDFF4D
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215752.roa
Signing time:             Wed 03 Sep 2025 11:26:43 +0000
ROA not before:           Wed 03 Sep 2025 11:21:43 +0000
ROA not after:            Wed 02 Sep 2026 11:26:43 +0000
asID:                     215752
IP address blocks:        2a14:7581:ffd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 13:22:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9a:47:2e:0d:c8:9f:eb:43:26:e5:f8:e7:28:66:8e:05:fd:ff:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep  3 11:21:43 2025 GMT
            Not After : Sep  2 11:26:43 2026 GMT
        Subject: CN=E4EC5AD3A7B3FE463072A4804BC5E06F42AC20EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f7:59:5f:39:56:e2:b5:d4:ca:3b:a0:fd:af:
                    44:d2:89:5f:2d:f0:08:c2:43:3b:f7:b9:65:49:10:
                    9b:ce:96:04:9d:71:eb:4e:f4:bd:56:b5:6b:de:a1:
                    d7:5d:f2:de:39:89:0a:2e:e9:70:87:cf:d6:ca:d6:
                    47:54:3d:b9:2c:a0:4f:3c:57:a9:8c:59:b0:9f:11:
                    ca:e5:5a:3e:d2:ea:1e:a8:40:ca:f7:1c:50:27:aa:
                    e0:45:15:93:13:77:c5:62:89:ae:37:fd:12:7a:c3:
                    aa:77:21:fd:fa:6d:89:35:0b:55:d7:37:b5:d9:5d:
                    97:d8:aa:75:34:76:00:9c:94:6c:4a:c9:cb:ec:f5:
                    38:55:96:07:b2:4f:62:fb:df:88:a2:93:f7:aa:9e:
                    e5:2a:d6:7e:d4:2a:9c:df:a2:39:b7:51:4f:72:50:
                    b3:12:b5:3c:0d:cb:3f:97:c9:d4:44:57:b4:a3:5a:
                    26:3f:91:e0:89:88:02:68:7a:c0:71:65:7b:ea:94:
                    74:31:05:bc:26:e4:24:ad:02:85:14:a6:ce:60:4d:
                    de:00:57:d8:27:e3:36:88:5a:08:c1:ea:66:4b:5a:
                    e3:63:fd:8f:0a:20:d4:37:e3:73:45:f4:c3:ba:6e:
                    44:67:66:9d:78:f5:d4:76:79:31:ad:d3:81:93:04:
                    60:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:EC:5A:D3:A7:B3:FE:46:30:72:A4:80:4B:C5:E0:6F:42:AC:20:EF
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:ffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:12:19:b0:c5:55:07:69:69:5d:9c:36:58:d8:66:01:3e:7d:
         ec:b8:bb:18:ee:82:db:69:71:af:9b:00:e8:58:d2:b9:9b:4b:
         b8:c1:d8:a0:5a:d6:65:80:32:90:b8:83:45:6b:38:d5:af:f8:
         fa:80:81:2f:33:78:6c:db:91:a6:4f:dc:11:d6:6b:06:e4:58:
         67:3a:95:f4:e8:ec:30:e6:aa:28:07:82:1e:c7:26:9b:5e:7b:
         e5:b0:cb:f2:cf:6e:13:7a:ab:56:50:94:09:c8:1b:57:22:6c:
         62:a7:df:4b:32:a5:ab:e8:b0:0c:6e:30:54:2e:7d:9b:d2:b1:
         51:4b:d0:b3:c8:bd:d3:ba:aa:e2:8a:f8:34:1b:65:b9:93:76:
         a3:0a:07:7c:91:1e:61:02:da:74:95:1d:2a:4c:ff:0d:00:d6:
         ea:80:f4:08:37:17:08:e1:9b:a8:cd:96:15:57:86:ba:a3:2c:
         4a:1e:1f:ac:4b:6a:6f:af:a7:a7:0d:4f:eb:28:73:5f:10:76:
         74:d8:ca:99:7f:52:da:93:02:8c:cc:cb:3c:d2:e9:9d:6d:a4:
         45:bc:78:e3:a8:da:96:e3:7c:fa:51:93:26:df:07:cc:6f:46:
         8e:41:6f:d2:26:7a:5c:38:90:ce:64:11:5a:53:03:ea:99:ea:
         03:5b:75:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUL5pHLg3In+tDJuX45yhmjgX9/00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MDMxMTIxNDNaFw0yNjA5MDIxMTI2NDNaMDMxMTAvBgNV
BAMTKEU0RUM1QUQzQTdCM0ZFNDYzMDcyQTQ4MDRCQzVFMDZGNDJBQzIwRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv91lfOVbitdTKO6D9r0TSiV8t
8AjCQzv3uWVJEJvOlgSdcetO9L1WtWveoddd8t45iQou6XCHz9bK1kdUPbksoE88
V6mMWbCfEcrlWj7S6h6oQMr3HFAnquBFFZMTd8Viia43/RJ6w6p3If36bYk1C1XX
N7XZXZfYqnU0dgCclGxKycvs9ThVlgeyT2L734iik/eqnuUq1n7UKpzfojm3UU9y
ULMStTwNyz+XydREV7SjWiY/keCJiAJoesBxZXvqlHQxBbwm5CStAoUUps5gTd4A
V9gn4zaIWgjB6mZLWuNj/Y8KINQ343NF9MO6bkRnZp149dR2eTGt04GTBGB7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU5Oxa06ez/kYwcqSAS8Xgb0KsIO8wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE1NzUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gQ/9MA0GCSqGSIb3DQEBCwUAA4IBAQCCEhmwxVUHaWldnDZY2GYBPn3suLsY7oLb
aXGvmwDoWNK5m0u4wdigWtZlgDKQuINFazjVr/j6gIEvM3hs25GmT9wR1msG5Fhn
OpX06Oww5qooB4IexyabXnvlsMvyz24TeqtWUJQJyBtXImxip99LMqWr6LAMbjBU
Ln2b0rFRS9CzyL3Tuqriivg0G2W5k3ajCgd8kR5hAtp0lR0qTP8NANbqgPQINxcI
4ZuozZYVV4a6oyxKHh+sS2pvr6enDU/rKHNfEHZ02MqZf1LakwKMzMs80umdbaRF
vHjjqNqW43z6UZMm3wfMb0aOQW/SJnpcOJDOZBFaUwPqmeoDW3Wx
-----END CERTIFICATE-----