Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215189.roa
File:                     AS215189.roa (raw, json)
Hash identifier:          SnAb/8lSdT6VgTz4vebH2bDbXpMh98CVzcIhd7xyUlo=
Subject key identifier:   5E:22:A7:35:A9:1E:63:20:EF:71:08:3C:D7:50:89:8F:7C:CB:0C:CF
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       11FBD6C73CCCF0E2C8C70428D2105D59DCA10DBB
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215189.roa
Signing time:             Fri 29 Aug 2025 10:02:42 +0000
ROA not before:           Fri 29 Aug 2025 09:57:42 +0000
ROA not after:            Fri 28 Aug 2026 10:02:42 +0000
asID:                     215189
IP address blocks:        139.28.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:fb:d6:c7:3c:cc:f0:e2:c8:c7:04:28:d2:10:5d:59:dc:a1:0d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug 29 09:57:42 2025 GMT
            Not After : Aug 28 10:02:42 2026 GMT
        Subject: CN=5E22A735A91E6320EF71083CD750898F7CCB0CCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dc:c9:d1:84:c9:9d:e1:8e:77:35:0f:26:4c:
                    a5:ee:51:78:80:45:70:dc:1d:37:98:ab:d7:19:cb:
                    5b:15:8f:23:7a:5e:02:bd:ad:08:78:ab:8c:eb:d4:
                    63:e1:31:1e:3a:cf:85:66:41:03:5b:6e:c0:cd:49:
                    6f:db:24:86:26:5e:19:10:ec:7f:f9:d5:c6:b6:7d:
                    6f:9a:34:f1:9d:b4:46:1b:82:f4:e1:11:f3:5a:0c:
                    42:98:31:89:62:4e:3c:08:4a:08:72:fe:21:1a:7c:
                    fc:9b:93:3c:de:71:c4:c1:f3:c8:0f:d7:60:a3:1a:
                    3a:e7:2a:40:74:fd:7c:85:d8:6d:ab:24:0b:cc:bf:
                    06:35:ae:50:b6:6e:e3:db:39:04:09:4d:01:04:a4:
                    15:57:a8:ab:0c:40:89:00:cf:68:87:e3:fb:82:7e:
                    7a:9f:ee:fd:7b:6a:55:17:2b:a2:f7:10:d3:96:2f:
                    fd:46:05:1a:1c:45:b8:f9:23:db:31:39:ca:a1:14:
                    38:cf:4c:e7:7f:44:ab:fe:e5:4e:e7:b5:53:5b:58:
                    08:b1:0b:d5:b9:93:47:d7:33:53:40:12:38:f0:9a:
                    e1:ad:2d:72:f1:73:3c:18:2d:ba:bb:63:d8:99:e3:
                    44:e8:a7:9b:8c:9c:86:90:b3:bf:1d:ab:cd:f4:50:
                    d0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:22:A7:35:A9:1E:63:20:EF:71:08:3C:D7:50:89:8F:7C:CB:0C:CF
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215189.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:bd:f9:b6:38:3c:56:c6:03:3a:d4:ec:af:65:a6:3c:17:46:
         c6:85:9a:b6:0f:31:c4:b4:26:2b:95:d2:a6:85:a9:3d:de:22:
         d8:87:07:ea:38:93:23:9f:7b:70:73:e5:af:15:48:33:f9:39:
         15:35:b1:2f:e0:ab:e9:60:4e:cd:95:59:91:a0:eb:b5:be:8f:
         eb:ad:76:70:76:2c:58:5b:4c:73:41:e4:5b:43:52:ec:f4:1f:
         95:45:73:3e:de:d0:3f:2b:0c:d6:7b:79:21:1c:bc:8c:73:50:
         5b:71:aa:35:3e:5b:e9:83:19:aa:f9:8d:03:1f:f7:62:d1:4a:
         8e:6a:e8:ef:c2:95:47:78:fa:f3:c5:ef:e3:ae:86:32:24:4a:
         db:cc:ff:9f:a3:14:f1:24:f8:83:f3:09:c2:36:ec:94:a9:5a:
         f7:9c:f0:47:70:aa:50:7f:03:cc:80:91:b8:28:28:fe:c2:57:
         b2:ee:2a:1d:f8:f0:14:dd:de:eb:53:37:b1:84:5c:d3:f3:3c:
         f4:3e:80:96:b0:62:53:1b:a6:df:b1:97:3f:6d:7c:89:7b:58:
         62:e1:05:3c:7a:5e:19:c5:68:d6:be:8e:ca:21:ad:d9:1c:4a:
         c1:d6:f2:eb:c2:c8:13:54:c0:e8:7d:16:ff:e8:1a:f1:57:c3:
         bc:6d:fd:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEfvWxzzM8OLIxwQo0hBdWdyhDbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MjkwOTU3NDJaFw0yNjA4MjgxMDAyNDJaMDMxMTAvBgNV
BAMTKDVFMjJBNzM1QTkxRTYzMjBFRjcxMDgzQ0Q3NTA4OThGN0NDQjBDQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI3MnRhMmd4Y53NQ8mTKXuUXiA
RXDcHTeYq9cZy1sVjyN6XgK9rQh4q4zr1GPhMR46z4VmQQNbbsDNSW/bJIYmXhkQ
7H/51ca2fW+aNPGdtEYbgvThEfNaDEKYMYliTjwISghy/iEafPybkzzeccTB88gP
12CjGjrnKkB0/XyF2G2rJAvMvwY1rlC2buPbOQQJTQEEpBVXqKsMQIkAz2iH4/uC
fnqf7v17alUXK6L3ENOWL/1GBRocRbj5I9sxOcqhFDjPTOd/RKv+5U7ntVNbWAix
C9W5k0fXM1NAEjjwmuGtLXLxczwYLbq7Y9iZ40Top5uMnIaQs78dq830UNC7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXiKnNakeYyDvcQg811CJj3zLDM8wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1MTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAixwz
MA0GCSqGSIb3DQEBCwUAA4IBAQAfvfm2ODxWxgM61OyvZaY8F0bGhZq2DzHEtCYr
ldKmhak93iLYhwfqOJMjn3twc+WvFUgz+TkVNbEv4KvpYE7NlVmRoOu1vo/rrXZw
dixYW0xzQeRbQ1Ls9B+VRXM+3tA/KwzWe3khHLyMc1Bbcao1Plvpgxmq+Y0DH/di
0UqOaujvwpVHePrzxe/jroYyJErbzP+foxTxJPiD8wnCNuyUqVr3nPBHcKpQfwPM
gJG4KCj+wley7iod+PAU3d7rUzexhFzT8zz0PoCWsGJTG6bfsZc/bXyJe1hi4QU8
el4ZxWjWvo7KIa3ZHErB1vLrwsgTVMDofRb/6BrxV8O8bf0D
-----END CERTIFICATE-----