Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          9F76ASQxXBy0H2hQ8xxml7PhB+iC1lSu75GHLMHuCEo=
Subject key identifier:   03:F6:84:A1:DA:62:AE:0A:88:73:73:DF:27:43:E1:6B:CB:8A:D4:75
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5CBB20731F7EAEE0C95E07B518E157089F87E7FA
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215152.roa
Signing time:             Sat 13 Jun 2026 12:42:37 +0000
ROA not before:           Sat 13 Jun 2026 12:37:37 +0000
ROA not after:            Sat 12 Jun 2027 12:42:37 +0000
asID:                     215152
IP address blocks:        178.94.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:bb:20:73:1f:7e:ae:e0:c9:5e:07:b5:18:e1:57:08:9f:87:e7:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 13 12:37:37 2026 GMT
            Not After : Jun 12 12:42:37 2027 GMT
        Subject: CN=03F684A1DA62AE0A887373DF2743E16BCB8AD475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5f:b0:38:cd:d2:ec:d8:ba:05:e0:ea:a8:a9:
                    3d:44:10:6d:0d:e0:c8:0d:37:77:16:94:48:4c:c8:
                    d3:02:b6:18:ff:05:03:57:f7:31:de:86:35:84:fb:
                    20:bf:84:32:b8:01:79:8a:6b:ff:ff:21:ff:58:03:
                    9b:7a:99:ae:53:6a:ef:ed:07:75:37:29:18:4c:25:
                    d2:23:32:e6:a3:ff:bf:a6:27:8c:e9:78:cf:ae:28:
                    4d:73:d0:a5:53:d3:59:c8:c6:88:f7:b0:8b:24:73:
                    d1:c3:6b:12:e9:88:93:b1:01:91:d7:30:38:91:86:
                    6b:d0:35:b0:2a:de:da:bb:03:0b:25:ec:90:6d:11:
                    fc:ef:54:d6:e4:45:14:7e:ee:80:a0:22:89:02:f3:
                    c2:51:54:82:7b:88:cd:0b:79:39:05:a7:14:a0:3e:
                    54:d0:f5:41:89:ad:c1:fd:38:2a:94:19:e1:e8:5b:
                    e6:92:c7:8a:01:26:7b:b7:d8:56:51:c4:94:ed:b8:
                    97:a6:f1:3e:bb:43:e6:c2:ab:6c:7c:51:58:6d:2e:
                    8e:25:ef:7d:19:8f:e8:19:13:4d:fc:bc:c7:7e:9c:
                    5c:c2:69:31:51:b0:04:3f:e1:05:10:82:3d:3b:09:
                    4d:03:66:ff:ca:67:24:1f:7b:cf:ff:6b:ff:d4:02:
                    5b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F6:84:A1:DA:62:AE:0A:88:73:73:DF:27:43:E1:6B:CB:8A:D4:75
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.94.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:83:59:89:11:2c:78:61:6b:ec:a7:c6:69:16:7f:05:e1:34:
         ca:31:09:84:63:b7:d7:07:e1:31:60:fc:58:ce:5f:b1:8d:b0:
         bb:0f:8b:41:e4:99:83:9e:6e:d4:1d:ce:bf:a6:a2:5a:b4:16:
         39:19:e6:f9:40:77:33:be:1e:04:3c:75:7a:0a:77:d7:72:e5:
         de:e0:40:c2:98:9a:d2:e6:d2:cb:c2:09:7e:1e:de:32:39:fe:
         1d:e2:ae:eb:f0:0f:49:51:66:44:68:f6:f8:bc:49:88:14:a6:
         39:17:02:72:89:91:90:4a:7b:4e:59:4e:39:13:7f:eb:97:7d:
         7d:4a:d5:14:2a:2f:dd:f1:12:4f:0e:d1:dd:1b:7e:78:3b:b0:
         c0:8d:f1:6c:dd:a2:b4:4d:35:db:70:04:4c:b2:af:ba:88:50:
         d1:cb:d6:bb:ee:1b:b2:a4:e6:d8:6c:f0:fe:1a:49:da:04:95:
         b9:55:a9:49:d2:f5:91:d4:a6:f9:a8:1b:4b:7e:ba:96:ad:b8:
         50:8a:61:45:4d:e5:8c:33:52:db:28:52:8b:22:f9:d2:91:06:
         0e:0e:fd:b4:b9:c2:fb:d0:61:05:31:d1:3a:d3:e0:42:15:c7:
         5d:09:73:f0:49:6d:c5:b2:cd:d2:5a:1f:f7:56:f9:71:15:77:
         66:86:17:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXLsgcx9+ruDJXge1GOFXCJ+H5/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MTMxMjM3MzdaFw0yNzA2MTIxMjQyMzdaMDMxMTAvBgNV
BAMTKDAzRjY4NEExREE2MkFFMEE4ODczNzNERjI3NDNFMTZCQ0I4QUQ0NzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5X7A4zdLs2LoF4OqoqT1EEG0N
4MgNN3cWlEhMyNMCthj/BQNX9zHehjWE+yC/hDK4AXmKa///If9YA5t6ma5Tau/t
B3U3KRhMJdIjMuaj/7+mJ4zpeM+uKE1z0KVT01nIxoj3sIskc9HDaxLpiJOxAZHX
MDiRhmvQNbAq3tq7Awsl7JBtEfzvVNbkRRR+7oCgIokC88JRVIJ7iM0LeTkFpxSg
PlTQ9UGJrcH9OCqUGeHoW+aSx4oBJnu32FZRxJTtuJem8T67Q+bCq2x8UVhtLo4l
730Zj+gZE038vMd+nFzCaTFRsAQ/4QUQgj07CU0DZv/KZyQfe8//a//UAlt1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUA/aEodpirgqIc3PfJ0Pha8uK1HUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl6w
MA0GCSqGSIb3DQEBCwUAA4IBAQBUg1mJESx4YWvsp8ZpFn8F4TTKMQmEY7fXB+Ex
YPxYzl+xjbC7D4tB5JmDnm7UHc6/pqJatBY5Geb5QHczvh4EPHV6CnfXcuXe4EDC
mJrS5tLLwgl+Ht4yOf4d4q7r8A9JUWZEaPb4vEmIFKY5FwJyiZGQSntOWU45E3/r
l319StUUKi/d8RJPDtHdG354O7DAjfFs3aK0TTXbcARMsq+6iFDRy9a77huypObY
bPD+GknaBJW5ValJ0vWR1Kb5qBtLfrqWrbhQimFFTeWMM1LbKFKLIvnSkQYODv20
ucL70GEFMdE60+BCFcddCXPwSW3Fss3SWh/3VvlxFXdmhhfU
-----END CERTIFICATE-----