Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215391.roa
File:                     AS215391.roa (raw, json)
Hash identifier:          enffQdbAg5K/GDFXN0Q4ED2YrnRpNZyfpPZnCKDeAfU=
Subject key identifier:   6C:2B:FC:FB:62:0D:FA:79:2D:F7:F5:9F:A7:3E:58:ED:DE:E9:AF:C8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       5C0E07B8F4AA718ECE8CC1F4492F29605EE307B2
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215391.roa
Signing time:             Sat 30 Aug 2025 20:00:01 +0000
ROA not before:           Sat 30 Aug 2025 19:55:01 +0000
ROA not after:            Sat 29 Aug 2026 20:00:01 +0000
asID:                     215391
IP address blocks:        185.231.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:0e:07:b8:f4:aa:71:8e:ce:8c:c1:f4:49:2f:29:60:5e:e3:07:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug 30 19:55:01 2025 GMT
            Not After : Aug 29 20:00:01 2026 GMT
        Subject: CN=6C2BFCFB620DFA792DF7F59FA73E58EDDEE9AFC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:6e:6b:1f:e8:1f:77:23:e8:5c:39:3a:67:
                    c4:08:13:19:5d:4d:19:fa:69:d2:30:b5:8a:b8:88:
                    10:3b:94:de:ec:da:70:63:76:66:f1:fa:bc:6b:fa:
                    72:48:18:c7:5d:78:cf:c4:c6:9e:9c:59:ed:26:84:
                    67:df:43:76:e7:86:2b:f9:f4:a9:a8:26:47:c1:9c:
                    02:7e:3f:7c:c1:3f:98:5d:32:81:71:4f:ca:27:ba:
                    e1:54:41:16:5a:11:88:fe:8f:a7:7b:be:05:59:d8:
                    ea:09:fe:5e:66:c8:52:e6:d3:47:a2:60:f0:ec:40:
                    b0:37:f7:7d:20:36:9e:5a:b5:c7:0d:4a:01:a2:04:
                    e9:e7:ce:e5:3f:4e:f3:b4:b4:91:d5:c8:34:a5:49:
                    13:8a:33:dc:01:ab:8a:0e:71:31:f9:d4:29:e7:90:
                    97:5e:46:e7:59:c6:ba:ab:9a:06:3a:80:5e:32:2a:
                    23:c7:67:1c:83:14:6a:c7:20:6b:81:8b:3a:e9:0c:
                    16:c3:a5:6b:89:ea:46:4e:f3:30:b1:68:a1:4c:02:
                    f5:8e:02:b5:f1:4f:0d:5c:d1:99:ab:ad:ad:da:9c:
                    1c:71:83:b4:74:ce:0c:6a:91:b6:de:b4:40:88:d8:
                    7a:7b:61:48:ad:dc:f9:3b:8f:69:bf:ec:f7:ad:55:
                    aa:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2B:FC:FB:62:0D:FA:79:2D:F7:F5:9F:A7:3E:58:ED:DE:E9:AF:C8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:21:04:32:13:4d:f6:c5:e5:8c:ab:ea:05:45:21:ef:85:3a:
         bd:35:d3:e0:cb:5f:3f:16:66:a4:94:84:46:f7:fb:9d:ee:19:
         1d:fd:e2:c7:33:ac:3d:83:1d:f3:b2:94:c3:0e:e5:be:9a:a6:
         59:7a:24:27:03:7a:e0:63:f4:40:3b:32:d1:bf:ce:3c:69:62:
         9b:b4:dc:cd:1e:22:73:a0:a4:f1:10:9b:54:77:5c:9f:63:7e:
         5a:51:78:94:f3:8c:50:4d:cf:e0:08:9a:a7:68:66:b6:a0:73:
         dd:85:08:35:72:88:a1:fd:19:ac:51:80:dc:9c:a3:41:78:c2:
         48:b0:8c:06:e7:85:fa:62:9b:64:71:83:19:ba:47:06:8d:d8:
         cb:66:98:88:bd:1a:a0:9e:a1:af:c7:30:99:7b:99:60:32:8b:
         f4:d5:1c:b2:64:59:65:b1:bb:18:b0:6d:2b:be:23:ae:46:d8:
         8e:bb:2b:8c:e7:c6:6e:f2:a3:4b:d9:8d:5a:01:5e:ba:52:c7:
         1b:30:32:92:06:2b:3a:e9:32:c4:da:25:41:d3:45:89:df:e1:
         63:6f:85:7f:5a:bd:8b:6e:e7:43:85:e5:1c:31:0e:0a:04:28:
         8c:2c:80:18:ce:1d:3b:c4:ca:72:ef:d3:2a:dd:fa:54:39:fa:
         5d:58:51:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXA4HuPSqcY7OjMH0SS8pYF7jB7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MzAxOTU1MDFaFw0yNjA4MjkyMDAwMDFaMDMxMTAvBgNV
BAMTKDZDMkJGQ0ZCNjIwREZBNzkyREY3RjU5RkE3M0U1OEVEREVFOUFGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb0m5rH+gfdyPoXDk6Z8QIExld
TRn6adIwtYq4iBA7lN7s2nBjdmbx+rxr+nJIGMddeM/Exp6cWe0mhGffQ3bnhiv5
9KmoJkfBnAJ+P3zBP5hdMoFxT8onuuFUQRZaEYj+j6d7vgVZ2OoJ/l5myFLm00ei
YPDsQLA3930gNp5atccNSgGiBOnnzuU/TvO0tJHVyDSlSROKM9wBq4oOcTH51Cnn
kJdeRudZxrqrmgY6gF4yKiPHZxyDFGrHIGuBizrpDBbDpWuJ6kZO8zCxaKFMAvWO
ArXxTw1c0Zmrra3anBxxg7R0zgxqkbbetECI2Hp7YUit3Pk7j2m/7PetVaq/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbCv8+2IN+nkt9/Wfpz5Y7d7pr8gwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuefj
MA0GCSqGSIb3DQEBCwUAA4IBAQB7IQQyE032xeWMq+oFRSHvhTq9NdPgy18/Fmak
lIRG9/ud7hkd/eLHM6w9gx3zspTDDuW+mqZZeiQnA3rgY/RAOzLRv848aWKbtNzN
HiJzoKTxEJtUd1yfY35aUXiU84xQTc/gCJqnaGa2oHPdhQg1coih/RmsUYDcnKNB
eMJIsIwG54X6YptkcYMZukcGjdjLZpiIvRqgnqGvxzCZe5lgMov01RyyZFllsbsY
sG0rviOuRtiOuyuM58Zu8qNL2Y1aAV66UscbMDKSBis66TLE2iVB00WJ3+Fjb4V/
Wr2LbudDheUcMQ4KBCiMLIAYzh07xMpy79Mq3fpUOfpdWFHE
-----END CERTIFICATE-----