Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          eXr47ctxVLrsQcqHTaDXKAWWhLyP/8sqpH1WcVUCuIA=
Subject key identifier:   D7:4D:76:BD:70:8D:BB:7C:0E:4A:13:1F:36:8E:2F:B7:24:B4:C2:6E
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       50A17ACF89C04D6D894E385BCA5C2A4A1A52A243
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
Signing time:             Mon 20 Apr 2026 00:00:45 +0000
ROA not before:           Sun 19 Apr 2026 23:55:45 +0000
ROA not after:            Mon 19 Apr 2027 00:00:45 +0000
asID:                     215304
IP address blocks:        141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 06:48:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:a1:7a:cf:89:c0:4d:6d:89:4e:38:5b:ca:5c:2a:4a:1a:52:a2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 19 23:55:45 2026 GMT
            Not After : Apr 19 00:00:45 2027 GMT
        Subject: CN=D74D76BD708DBB7C0E4A131F368E2FB724B4C26E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:8d:90:13:97:88:0b:3e:4c:af:3e:1f:9b:
                    10:46:da:51:fa:ff:c0:03:5c:24:e7:c0:68:c2:b6:
                    f3:30:f4:41:de:30:8d:56:43:5a:7d:13:40:d6:bc:
                    9c:f5:34:05:6d:5c:a9:3c:81:bf:94:73:0b:22:af:
                    f9:e8:5f:90:86:3a:12:d6:74:bc:c4:ed:08:08:f2:
                    a1:23:b4:67:ed:cc:b9:9e:68:f9:e0:df:b7:42:fa:
                    47:df:5a:4a:04:41:f5:12:ea:1a:63:11:c8:51:e3:
                    fe:4c:bd:45:f1:e2:f1:c7:ff:9e:e3:cb:80:1a:43:
                    4b:01:14:9e:0e:62:36:7c:1a:83:10:38:a8:6d:96:
                    a2:3d:81:8e:c3:39:90:e1:f3:d9:ac:6d:1c:94:91:
                    ba:49:32:8a:64:85:b6:a7:28:8e:21:39:f1:92:e8:
                    af:ee:57:e6:fc:d6:e3:e1:0a:84:93:78:50:b3:eb:
                    5a:0f:bc:78:43:db:19:ff:03:b9:88:c7:f0:17:b1:
                    8c:20:6d:0a:72:46:81:c9:4f:b0:90:64:f7:23:dd:
                    5c:77:1d:de:d2:b5:55:05:ce:43:dc:6f:d0:6b:ef:
                    d5:0a:4e:d1:1f:97:cc:95:33:1c:cc:bd:d3:33:0b:
                    17:2e:a3:9e:7f:30:fd:74:4a:54:f7:de:db:b4:ce:
                    7d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:4D:76:BD:70:8D:BB:7C:0E:4A:13:1F:36:8E:2F:B7:24:B4:C2:6E
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:bc:62:97:3f:2f:b7:b4:27:19:29:6d:f4:1a:8f:61:3b:7c:
         e9:7b:05:0d:72:59:c6:64:d3:e3:2c:70:91:32:c9:89:dd:8a:
         f5:ac:31:97:06:8e:6a:ab:3d:7d:42:fb:f1:41:d2:12:16:85:
         fd:f1:b8:8b:d0:b5:2f:9f:a9:43:da:be:0b:93:2b:6f:ba:b9:
         24:a1:b9:da:75:21:9e:d9:3d:9a:23:22:3d:60:01:d8:f6:ec:
         58:9e:a5:65:4d:d8:7e:31:d7:ba:52:7f:35:0c:8c:ff:15:9a:
         f0:ab:bc:7e:00:3b:60:9d:4d:54:15:c0:da:6d:5f:a6:4b:75:
         c8:71:20:fc:66:44:ac:c8:7f:37:a3:3d:b0:36:ea:6a:4b:bb:
         f2:54:aa:f3:a8:14:48:d9:2a:ea:f3:fb:52:2e:61:f1:1b:6d:
         5f:fe:6d:39:7f:30:c9:a8:65:b7:95:0e:70:7e:1c:37:6f:83:
         fd:48:b2:79:7f:c5:82:47:84:18:c1:81:0a:5c:9f:be:bf:88:
         7b:4f:fd:ae:5d:03:ab:b3:aa:12:da:d5:72:7f:45:35:9e:4d:
         70:3b:61:dc:be:d8:40:e6:f6:e4:33:cf:9c:55:d9:2a:1b:46:
         26:91:3d:77:c3:5f:7f:9b:7a:35:51:e7:d2:41:3f:eb:c8:83:
         3f:15:e8:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUKF6z4nATW2JTjhbylwqShpSokMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MTkyMzU1NDVaFw0yNzA0MTkwMDAwNDVaMDMxMTAvBgNV
BAMTKEQ3NEQ3NkJENzA4REJCN0MwRTRBMTMxRjM2OEUyRkI3MjRCNEMyNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Z42QE5eICz5Mrz4fmxBG2lH6
/8ADXCTnwGjCtvMw9EHeMI1WQ1p9E0DWvJz1NAVtXKk8gb+Ucwsir/noX5CGOhLW
dLzE7QgI8qEjtGftzLmeaPng37dC+kffWkoEQfUS6hpjEchR4/5MvUXx4vHH/57j
y4AaQ0sBFJ4OYjZ8GoMQOKhtlqI9gY7DOZDh89msbRyUkbpJMopkhbanKI4hOfGS
6K/uV+b81uPhCoSTeFCz61oPvHhD2xn/A7mIx/AXsYwgbQpyRoHJT7CQZPcj3Vx3
Hd7StVUFzkPcb9Br79UKTtEfl8yVMxzMvdMzCxcuo55/MP10SlT33tu0zn2HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1012vXCNu3wOShMfNo4vtyS0wm4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvw
MA0GCSqGSIb3DQEBCwUAA4IBAQA3vGKXPy+3tCcZKW30Go9hO3zpewUNclnGZNPj
LHCRMsmJ3Yr1rDGXBo5qqz19QvvxQdISFoX98biL0LUvn6lD2r4Lkytvurkkobna
dSGe2T2aIyI9YAHY9uxYnqVlTdh+Mde6Un81DIz/FZrwq7x+ADtgnU1UFcDabV+m
S3XIcSD8ZkSsyH83oz2wNupqS7vyVKrzqBRI2Srq8/tSLmHxG21f/m05fzDJqGW3
lQ5wfhw3b4P9SLJ5f8WCR4QYwYEKXJ++v4h7T/2uXQOrs6oS2tVyf0U1nk1wO2Hc
vthA5vbkM8+cVdkqG0YmkT13w19/m3o1UefSQT/ryIM/Fehi
-----END CERTIFICATE-----