Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          7f36rxAKiUiQZTXr9exoZEUtX5depSDsDsVrsW/RW9Y=
Subject key identifier:   E9:07:E8:D9:E7:E8:3C:6A:12:FF:77:8F:11:48:9D:94:FE:4D:E1:CB
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       373494A07462FCAA6F785FEB098A195852E13814
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215152.roa
Signing time:             Thu 14 May 2026 20:04:38 +0000
ROA not before:           Thu 14 May 2026 19:59:38 +0000
ROA not after:            Thu 13 May 2027 20:04:38 +0000
asID:                     215152
IP address blocks:        141.11.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:34:94:a0:74:62:fc:aa:6f:78:5f:eb:09:8a:19:58:52:e1:38:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 14 19:59:38 2026 GMT
            Not After : May 13 20:04:38 2027 GMT
        Subject: CN=E907E8D9E7E83C6A12FF778F11489D94FE4DE1CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1d:04:fc:7b:07:1a:59:7b:dc:af:33:24:70:
                    27:1f:9c:2b:6a:14:ea:9f:86:54:6f:50:c7:4e:66:
                    80:c1:0b:8e:fb:dd:2d:e5:32:cf:fd:8c:19:84:8f:
                    bd:36:7e:a9:a0:57:1e:e1:32:ba:f8:ae:76:42:c4:
                    c5:3b:15:96:f8:7b:c1:4a:74:a5:36:15:85:b7:34:
                    68:16:d9:84:67:9c:fe:3b:2c:fe:2d:03:89:95:7a:
                    bb:4e:f5:53:67:f7:b4:d9:92:31:1d:73:5a:6c:27:
                    0d:36:5d:e5:8a:60:63:69:d1:37:a7:fe:ff:85:b0:
                    21:b0:5f:32:8f:a7:58:a7:6c:87:10:9d:44:8b:22:
                    f5:20:40:24:83:d0:66:f7:bd:f9:e5:7e:9c:9d:bd:
                    6f:3d:7c:ed:99:96:bf:da:43:05:9e:7b:33:ee:78:
                    92:ea:9a:08:12:48:d3:7e:1a:45:c7:02:6a:63:81:
                    40:1c:85:4f:ac:56:e1:55:d3:94:49:83:a2:c7:61:
                    9e:3c:1e:c6:e9:29:7b:cd:3c:41:8c:a1:64:8e:76:
                    98:d3:e7:03:9a:bf:6b:5b:55:2f:4d:46:9a:57:d9:
                    03:b3:80:03:c4:de:5b:71:19:90:e2:df:ae:ca:44:
                    ff:ad:52:70:16:8b:82:5b:24:9d:33:a9:0a:88:3a:
                    06:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:07:E8:D9:E7:E8:3C:6A:12:FF:77:8F:11:48:9D:94:FE:4D:E1:CB
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ef:5c:8f:b6:41:ee:5f:25:53:5b:e9:21:d0:25:f4:f5:df:
         66:0e:24:2f:19:1d:d2:a3:61:19:f4:90:46:f7:31:66:f7:7a:
         49:fd:42:45:70:7a:5a:f6:5e:df:5b:5d:7c:0b:95:06:9f:0c:
         09:51:56:b4:ca:76:be:0c:cb:44:32:99:de:b6:fa:7c:5e:91:
         b4:31:fb:94:8b:47:d2:2d:5f:96:77:c9:6b:cd:35:16:bc:56:
         2c:c9:7b:ee:ee:05:47:e6:c5:e5:00:53:40:56:d0:de:d3:fe:
         0b:52:2a:fd:8e:95:c5:b5:ad:33:7a:cd:07:0a:f6:62:92:47:
         ec:10:42:3a:a5:4d:28:c9:bb:44:37:8b:a5:00:e2:36:f3:fa:
         20:f5:25:c6:38:8a:07:77:06:0e:e9:1e:8d:bf:94:2d:89:a1:
         30:3c:05:66:de:13:24:60:2d:d2:a4:64:8c:6b:38:53:a9:ba:
         a0:d1:22:69:bf:2a:39:df:7d:c9:14:15:52:c2:ce:71:84:bb:
         9a:5e:00:6a:fc:13:bb:05:20:63:46:21:70:40:78:95:ea:8c:
         73:a7:d6:3b:67:37:c7:97:69:ac:2b:bd:dd:fd:ec:9a:6f:ce:
         10:5c:7b:73:07:86:f8:18:53:3c:d1:3d:b7:43:21:cb:c5:8c:
         f3:ba:1f:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNzSUoHRi/KpveF/rCYoZWFLhOBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTQxOTU5MzhaFw0yNzA1MTMyMDA0MzhaMDMxMTAvBgNV
BAMTKEU5MDdFOEQ5RTdFODNDNkExMkZGNzc4RjExNDg5RDk0RkU0REUxQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUHQT8ewcaWXvcrzMkcCcfnCtq
FOqfhlRvUMdOZoDBC4773S3lMs/9jBmEj702fqmgVx7hMrr4rnZCxMU7FZb4e8FK
dKU2FYW3NGgW2YRnnP47LP4tA4mVertO9VNn97TZkjEdc1psJw02XeWKYGNp0Ten
/v+FsCGwXzKPp1inbIcQnUSLIvUgQCSD0Gb3vfnlfpydvW89fO2Zlr/aQwWeezPu
eJLqmggSSNN+GkXHAmpjgUAchU+sVuFV05RJg6LHYZ48HsbpKXvNPEGMoWSOdpjT
5wOav2tbVS9NRppX2QOzgAPE3ltxGZDi367KRP+tUnAWi4JbJJ0zqQqIOgYtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6Qfo2efoPGoS/3ePEUidlP5N4cswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvR
MA0GCSqGSIb3DQEBCwUAA4IBAQCP71yPtkHuXyVTW+kh0CX09d9mDiQvGR3So2EZ
9JBG9zFm93pJ/UJFcHpa9l7fW118C5UGnwwJUVa0yna+DMtEMpnetvp8XpG0MfuU
i0fSLV+Wd8lrzTUWvFYsyXvu7gVH5sXlAFNAVtDe0/4LUir9jpXFta0zes0HCvZi
kkfsEEI6pU0oybtEN4ulAOI28/og9SXGOIoHdwYO6R6Nv5QtiaEwPAVm3hMkYC3S
pGSMazhTqbqg0SJpvyo5333JFBVSws5xhLuaXgBq/BO7BSBjRiFwQHiV6oxzp9Y7
ZzfHl2msK73d/eyab84QXHtzB4b4GFM80T23QyHLxYzzuh8u
-----END CERTIFICATE-----