Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          nTKCeLfGZyFqUTLkimxf4JuxAV8tNaIFwjuUUwVs+lk=
Subject key identifier:   F8:D9:E6:57:D7:5E:9F:F2:8A:B4:EB:E9:07:28:9D:D1:97:44:D3:29
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       45A1495404CF320D2533DF601B8A9D4D5AE8138C
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS215607.roa
Signing time:             Sat 28 Mar 2026 08:47:23 +0000
ROA not before:           Sat 28 Mar 2026 08:42:23 +0000
ROA not after:            Sat 27 Mar 2027 08:47:23 +0000
asID:                     215607
IP address blocks:        147.125.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 11:51:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a1:49:54:04:cf:32:0d:25:33:df:60:1b:8a:9d:4d:5a:e8:13:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar 28 08:42:23 2026 GMT
            Not After : Mar 27 08:47:23 2027 GMT
        Subject: CN=F8D9E657D75E9FF28AB4EBE907289DD19744D329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0f:de:88:a1:da:1e:02:5e:14:36:c9:91:79:
                    67:84:bb:75:36:fd:80:7b:37:71:a1:72:9e:8b:95:
                    9d:8e:ce:43:de:e9:c0:8f:4f:5e:bb:dc:d6:77:31:
                    85:ed:39:f5:92:4c:77:16:dc:4b:3d:38:83:51:63:
                    99:6e:fb:09:0d:84:86:f3:f6:02:81:14:1f:aa:78:
                    de:cc:7b:7c:fd:de:9f:0f:d3:4a:ae:f7:3a:ce:42:
                    08:21:18:44:93:d8:e8:f6:eb:ee:79:b5:17:01:ec:
                    ab:3e:ec:e6:cf:38:7f:e2:11:bf:4a:d2:3c:5b:7d:
                    24:5f:87:ec:c6:aa:c1:80:36:9b:35:88:67:c8:40:
                    9b:d1:e7:0a:75:2e:68:73:4d:a9:52:61:52:53:85:
                    c9:6f:f6:81:1f:52:80:39:53:28:71:08:db:e1:4d:
                    ca:ca:4a:cd:03:3f:c3:22:b5:ac:38:02:ac:34:a0:
                    3b:48:22:6c:a3:78:8c:07:c7:ae:97:87:d5:1e:dd:
                    a4:25:17:db:07:1a:2a:9a:fd:48:da:f6:15:fc:aa:
                    a9:de:73:fa:d3:fa:73:a3:37:58:38:a4:f5:ce:3b:
                    e2:e0:f0:bf:2b:3e:bc:bf:59:ba:eb:bc:db:8f:b5:
                    9d:04:81:f2:e9:0c:30:58:fc:10:7e:de:ee:60:10:
                    e1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D9:E6:57:D7:5E:9F:F2:8A:B4:EB:E9:07:28:9D:D1:97:44:D3:29
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:50:d3:b8:0f:13:cd:65:de:68:4c:04:23:3b:c8:4c:05:98:
         2e:89:9a:fe:a1:f5:e3:d9:cc:2e:b8:3d:9c:f6:c4:a7:cd:e6:
         b4:92:09:b7:42:00:aa:c8:2a:b5:00:cc:7e:03:a2:b6:a6:30:
         5e:34:3c:94:7c:3e:1a:bf:ea:0b:99:08:33:b8:5d:3e:38:ff:
         01:7f:1a:81:af:52:b6:13:d6:b5:b6:21:57:a9:79:41:cf:ee:
         0d:c5:d4:a1:b2:23:61:a0:5d:87:37:38:10:5d:8f:96:81:6d:
         7d:d0:43:ca:40:8f:0f:5b:e8:ff:7a:86:3b:3c:76:81:c0:26:
         22:07:66:4f:90:a5:c9:6f:9c:ad:4e:a5:19:d4:91:c2:79:a5:
         04:8b:46:3c:a5:0a:e4:b4:aa:40:f9:78:53:e5:fc:4a:cf:24:
         43:4c:03:74:b2:2f:1c:87:25:b2:2d:eb:42:44:dc:56:06:d5:
         13:ef:57:33:85:3a:48:39:bb:2a:d3:fa:59:09:52:e5:79:d7:
         64:de:04:66:97:6b:77:42:a7:3f:6f:53:1c:9e:0f:00:cb:8b:
         94:a5:3a:bd:a3:68:5b:1b:d3:ed:30:9e:df:bf:3a:75:e8:52:
         06:97:66:62:5f:26:ca:48:58:30:3d:ad:15:c5:d4:42:4a:b3:
         5c:69:ed:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURaFJVATPMg0lM99gG4qdTVroE4wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMjgwODQyMjNaFw0yNzAzMjcwODQ3MjNaMDMxMTAvBgNV
BAMTKEY4RDlFNjU3RDc1RTlGRjI4QUI0RUJFOTA3Mjg5REQxOTc0NEQzMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9D96IodoeAl4UNsmReWeEu3U2
/YB7N3Ghcp6LlZ2OzkPe6cCPT1673NZ3MYXtOfWSTHcW3Es9OINRY5lu+wkNhIbz
9gKBFB+qeN7Me3z93p8P00qu9zrOQgghGEST2Oj26+55tRcB7Ks+7ObPOH/iEb9K
0jxbfSRfh+zGqsGANps1iGfIQJvR5wp1LmhzTalSYVJThclv9oEfUoA5UyhxCNvh
TcrKSs0DP8Mitaw4Aqw0oDtIImyjeIwHx66Xh9Ue3aQlF9sHGiqa/Uja9hX8qqne
c/rT+nOjN1g4pPXOO+Lg8L8rPry/WbrrvNuPtZ0EgfLpDDBY/BB+3u5gEOEHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+NnmV9den/KKtOvpByid0ZdE0ykwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk33y
MA0GCSqGSIb3DQEBCwUAA4IBAQAHUNO4DxPNZd5oTAQjO8hMBZguiZr+ofXj2cwu
uD2c9sSnzea0kgm3QgCqyCq1AMx+A6K2pjBeNDyUfD4av+oLmQgzuF0+OP8BfxqB
r1K2E9a1tiFXqXlBz+4NxdShsiNhoF2HNzgQXY+WgW190EPKQI8PW+j/eoY7PHaB
wCYiB2ZPkKXJb5ytTqUZ1JHCeaUEi0Y8pQrktKpA+XhT5fxKzyRDTAN0si8chyWy
LetCRNxWBtUT71czhTpIObsq0/pZCVLleddk3gRml2t3Qqc/b1Mcng8Ay4uUpTq9
o2hbG9PtMJ7fvzp16FIGl2ZiXybKSFgwPa0VxdRCSrNcae2f
-----END CERTIFICATE-----