Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa
File:                     AS215224.roa (raw, json)
Hash identifier:          lV+PU8kA0dkdVdNmNPn+D6ufrfs98ncNjNaD43GmVyI=
Subject key identifier:   DC:7D:16:CA:4E:EA:65:0E:E6:EC:BE:FF:C2:5A:85:72:46:0F:97:0D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4431500872395411BE0C348CFD6CC4F53D268444
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa
Signing time:             Thu 23 Apr 2026 19:51:08 +0000
ROA not before:           Thu 23 Apr 2026 19:46:08 +0000
ROA not after:            Thu 22 Apr 2027 19:51:08 +0000
asID:                     215224
IP address blocks:        178.93.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Apr 2026 14:06:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:31:50:08:72:39:54:11:be:0c:34:8c:fd:6c:c4:f5:3d:26:84:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 23 19:46:08 2026 GMT
            Not After : Apr 22 19:51:08 2027 GMT
        Subject: CN=DC7D16CA4EEA650EE6ECBEFFC25A8572460F970D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5e:fc:ea:25:c3:f1:d3:3f:6b:34:b2:af:42:
                    d3:db:be:17:a6:7b:c2:d4:96:98:ca:e7:77:f7:79:
                    b7:be:7d:91:b1:26:64:d1:99:c4:53:3b:19:3f:91:
                    b3:96:5f:d4:a0:b5:14:0e:d2:ee:6b:0f:27:a5:28:
                    60:d8:d2:c7:60:83:5b:fd:70:f9:c9:ba:37:1c:6b:
                    26:4b:c3:76:73:ba:e4:35:0b:e9:5a:57:15:98:61:
                    60:ce:ac:51:67:c2:2f:f5:cb:f4:4b:1c:44:c0:90:
                    e4:82:93:1a:3f:c9:af:f8:03:37:82:df:d8:8b:b5:
                    28:4c:40:02:c8:ca:dc:70:38:d8:e4:51:78:64:5e:
                    86:3f:37:f6:ea:3b:c1:81:46:53:71:c2:d6:b0:46:
                    b6:db:82:13:e6:26:5e:19:8e:41:90:c4:c6:ee:a2:
                    24:15:1b:af:ff:f3:77:c2:71:2f:96:1f:6f:7e:8d:
                    74:01:2b:1f:63:4d:74:07:55:e1:be:54:eb:8c:4c:
                    88:08:dd:f9:b0:f8:ae:01:9c:48:ff:6c:03:7e:ab:
                    f2:ab:74:b2:32:cd:dd:98:3a:1d:40:44:ab:f9:3b:
                    6a:05:55:2c:6e:bd:30:1e:56:26:eb:67:04:5d:33:
                    6c:97:02:f2:b8:3a:c5:16:55:95:de:43:76:a0:f4:
                    d5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7D:16:CA:4E:EA:65:0E:E6:EC:BE:FF:C2:5A:85:72:46:0F:97:0D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ed:d2:60:84:ce:47:6f:18:ce:50:2f:2f:7a:df:fe:ea:62:
         b7:16:93:7c:e8:e6:7a:91:1e:38:12:94:8e:12:d9:8e:54:fe:
         c5:82:0f:53:d6:23:1a:c0:d7:96:60:11:25:36:25:64:98:d2:
         ec:dc:a9:04:cb:db:49:52:d4:c3:2d:4f:0c:03:20:09:4e:81:
         77:0d:5e:38:8e:01:2a:65:ac:4b:22:d8:b4:70:60:a3:08:55:
         79:b4:ce:c1:dd:31:27:e7:18:48:ac:49:65:bb:f6:12:2a:fc:
         50:3f:d4:20:44:6f:2d:26:ac:86:c9:4d:0d:4f:25:29:db:1c:
         60:4f:b4:12:26:80:ae:e5:e2:9e:2c:22:6f:08:f4:93:72:36:
         b7:3e:e9:75:3b:a4:bf:34:e6:86:8d:43:4e:65:3e:d5:c4:03:
         fa:11:a3:af:fa:b8:94:7a:0d:a2:0e:63:54:d1:9f:9e:9a:71:
         88:5d:8e:1d:a0:67:7d:00:55:fb:55:89:23:55:f5:e9:fd:bf:
         4f:19:34:a4:2a:61:a5:b6:d8:ae:84:40:98:58:6b:03:64:88:
         1e:0a:a4:01:30:c0:17:ff:9d:2c:88:4c:c4:e2:a9:97:0d:58:
         82:cf:6a:3f:69:38:9a:b3:36:6e:42:91:91:ba:4f:63:0e:dc:
         1d:a4:67:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURDFQCHI5VBG+DDSM/WzE9T0mhEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjMxOTQ2MDhaFw0yNzA0MjIxOTUxMDhaMDMxMTAvBgNV
BAMTKERDN0QxNkNBNEVFQTY1MEVFNkVDQkVGRkMyNUE4NTcyNDYwRjk3MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBXvzqJcPx0z9rNLKvQtPbvhem
e8LUlpjK53f3ebe+fZGxJmTRmcRTOxk/kbOWX9SgtRQO0u5rDyelKGDY0sdgg1v9
cPnJujccayZLw3ZzuuQ1C+laVxWYYWDOrFFnwi/1y/RLHETAkOSCkxo/ya/4AzeC
39iLtShMQALIytxwONjkUXhkXoY/N/bqO8GBRlNxwtawRrbbghPmJl4ZjkGQxMbu
oiQVG6//83fCcS+WH29+jXQBKx9jTXQHVeG+VOuMTIgI3fmw+K4BnEj/bAN+q/Kr
dLIyzd2YOh1ARKv5O2oFVSxuvTAeVibrZwRdM2yXAvK4OsUWVZXeQ3ag9NXHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3H0Wyk7qZQ7m7L7/wlqFckYPlw0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl25
MA0GCSqGSIb3DQEBCwUAA4IBAQCL7dJghM5HbxjOUC8vet/+6mK3FpN86OZ6kR44
EpSOEtmOVP7Fgg9T1iMawNeWYBElNiVkmNLs3KkEy9tJUtTDLU8MAyAJToF3DV44
jgEqZaxLIti0cGCjCFV5tM7B3TEn5xhIrEllu/YSKvxQP9QgRG8tJqyGyU0NTyUp
2xxgT7QSJoCu5eKeLCJvCPSTcja3Pul1O6S/NOaGjUNOZT7VxAP6EaOv+riUeg2i
DmNU0Z+emnGIXY4doGd9AFX7VYkjVfXp/b9PGTSkKmGlttiuhECYWGsDZIgeCqQB
MMAX/50siEzE4qmXDViCz2o/aTiaszZuQpGRuk9jDtwdpGe8
-----END CERTIFICATE-----