Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa
File:                     AS215224.roa (raw, json)
Hash identifier:          LOBv153z5+opV050vqK+zd2RYfJjgwfpTpm2Y3QIsQ8=
Subject key identifier:   8A:3F:FD:D3:F9:6A:C4:2D:8B:A5:5C:2A:04:29:82:1C:2A:BE:F8:B3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0DD755DEE938A46EB55BB482284CD104EDA9AB42
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa
Signing time:             Fri 05 Jun 2026 14:00:10 +0000
ROA not before:           Fri 05 Jun 2026 13:55:10 +0000
ROA not after:            Fri 04 Jun 2027 14:00:10 +0000
asID:                     215224
IP address blocks:        178.93.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:d7:55:de:e9:38:a4:6e:b5:5b:b4:82:28:4c:d1:04:ed:a9:ab:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  5 13:55:10 2026 GMT
            Not After : Jun  4 14:00:10 2027 GMT
        Subject: CN=8A3FFDD3F96AC42D8BA55C2A0429821C2ABEF8B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:a6:01:17:04:5a:af:00:ef:a9:b2:00:b6:ad:
                    eb:73:98:04:75:6e:40:40:9f:d3:53:c8:1a:15:2b:
                    e2:eb:d5:ca:2c:6f:51:f2:b1:a4:0e:5f:21:05:f2:
                    05:c5:d8:60:60:3c:f7:30:3c:10:6d:73:9c:e8:e2:
                    f3:9b:b7:66:47:57:4b:bf:ea:ac:81:f4:9d:a0:f1:
                    3b:67:78:86:d5:bc:d4:dc:06:a5:b6:62:8c:44:47:
                    99:43:34:ff:b9:7a:72:db:49:a4:0e:02:11:07:88:
                    ee:a0:c0:c1:dd:33:68:2c:df:24:2b:ae:f1:66:f8:
                    58:b8:fe:51:d1:43:24:bd:25:85:e6:09:d4:29:07:
                    8d:bd:c9:1e:b3:4f:36:69:79:d2:30:f3:41:34:f8:
                    c9:db:06:05:d9:a0:5b:de:3a:41:65:de:63:6c:8a:
                    af:10:75:8d:ae:23:f3:e8:d5:29:d3:22:ae:58:e9:
                    b5:8b:5c:73:d5:a7:3d:58:fd:fb:10:35:d1:e7:73:
                    a5:b7:06:72:28:82:03:ad:dd:a3:d2:30:04:1b:db:
                    03:8b:43:b7:1b:34:6c:28:f4:9d:3c:2b:8c:dd:aa:
                    8b:8a:47:74:79:15:e9:b9:6f:4d:4c:53:4d:5f:43:
                    13:97:ea:41:28:d1:50:b5:e2:28:36:b4:fb:14:90:
                    f3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3F:FD:D3:F9:6A:C4:2D:8B:A5:5C:2A:04:29:82:1C:2A:BE:F8:B3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS215224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:87:7c:2b:db:ea:f1:fd:f5:03:53:3d:13:68:ce:b9:68:fe:
         0e:fe:76:30:0d:ae:af:6c:c8:70:6e:94:92:85:9f:06:4e:7a:
         e3:95:2a:82:ac:e9:58:9b:5e:f9:87:a9:c6:8c:5a:82:17:5f:
         67:08:15:a3:31:1a:cd:e7:0d:29:23:d3:ae:26:af:42:f7:82:
         10:c7:43:ee:b3:cf:04:fa:c8:6b:20:21:cf:63:01:96:11:38:
         00:81:e0:a8:2c:d8:37:b0:51:6d:86:e3:34:e7:2e:84:7c:fe:
         73:1b:44:7d:82:64:99:28:29:b5:3a:90:d4:e8:dd:7e:b7:bc:
         f2:66:97:d9:ec:39:6b:cc:73:79:1b:23:12:54:d5:6f:ae:38:
         a7:a4:a8:45:a3:13:50:d4:da:19:18:e1:54:b2:30:2f:f0:74:
         ac:4f:7e:e0:f4:ed:72:f3:6b:0a:81:c4:61:5d:9f:19:88:38:
         0b:70:80:5d:5a:87:a6:18:50:6d:d7:63:26:9f:d2:ae:15:59:
         6a:b3:62:57:07:02:4d:33:45:dd:3a:55:6d:ae:38:a2:d0:bd:
         0b:39:c9:e8:44:12:cf:b9:cd:38:75:bf:e7:39:f6:f1:53:f7:
         11:15:c8:5f:d1:65:33:24:3b:8e:2e:50:ad:14:49:21:c5:86:
         c9:ea:34:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDddV3uk4pG61W7SCKEzRBO2pq0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDUxMzU1MTBaFw0yNzA2MDQxNDAwMTBaMDMxMTAvBgNV
BAMTKDhBM0ZGREQzRjk2QUM0MkQ4QkE1NUMyQTA0Mjk4MjFDMkFCRUY4QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD+pgEXBFqvAO+psgC2retzmAR1
bkBAn9NTyBoVK+Lr1cosb1HysaQOXyEF8gXF2GBgPPcwPBBtc5zo4vObt2ZHV0u/
6qyB9J2g8TtneIbVvNTcBqW2YoxER5lDNP+5enLbSaQOAhEHiO6gwMHdM2gs3yQr
rvFm+Fi4/lHRQyS9JYXmCdQpB429yR6zTzZpedIw80E0+MnbBgXZoFveOkFl3mNs
iq8QdY2uI/Po1SnTIq5Y6bWLXHPVpz1Y/fsQNdHnc6W3BnIoggOt3aPSMAQb2wOL
Q7cbNGwo9J08K4zdqouKR3R5Fem5b01MU01fQxOX6kEo0VC14ig2tPsUkPP3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUij/90/lqxC2LpVwqBCmCHCq++LMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl25
MA0GCSqGSIb3DQEBCwUAA4IBAQBFh3wr2+rx/fUDUz0TaM65aP4O/nYwDa6vbMhw
bpSShZ8GTnrjlSqCrOlYm175h6nGjFqCF19nCBWjMRrN5w0pI9OuJq9C94IQx0Pu
s88E+shrICHPYwGWETgAgeCoLNg3sFFthuM05y6EfP5zG0R9gmSZKCm1OpDU6N1+
t7zyZpfZ7DlrzHN5GyMSVNVvrjinpKhFoxNQ1NoZGOFUsjAv8HSsT37g9O1y82sK
gcRhXZ8ZiDgLcIBdWoemGFBt12Mmn9KuFVlqs2JXBwJNM0XdOlVtrjii0L0LOcno
RBLPuc04db/nOfbxU/cRFchf0WUzJDuOLlCtFEkhxYbJ6jSF
-----END CERTIFICATE-----