Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa
File:                     AS215228.roa (raw, json)
Hash identifier:          HrmfgZdMsxYctEkaZ89+kRWZDt2umvl+GpsivAUjL+4=
Subject key identifier:   1E:76:C4:57:DF:A1:B0:B5:8A:45:C5:4C:B3:FD:97:E8:B4:00:7F:04
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       21CC94F4B84A5CF2824D4286E03CC5FD99499A26
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa
Signing time:             Wed 29 Apr 2026 11:45:45 +0000
ROA not before:           Wed 29 Apr 2026 11:40:45 +0000
ROA not after:            Wed 28 Apr 2027 11:45:45 +0000
asID:                     215228
IP address blocks:        162.141.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:cc:94:f4:b8:4a:5c:f2:82:4d:42:86:e0:3c:c5:fd:99:49:9a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 11:40:45 2026 GMT
            Not After : Apr 28 11:45:45 2027 GMT
        Subject: CN=1E76C457DFA1B0B58A45C54CB3FD97E8B4007F04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:de:0f:3a:a4:ef:f1:8e:74:a4:e7:35:12:c1:
                    28:5b:46:10:7f:f7:98:ce:f2:bb:3d:cb:02:1c:c9:
                    49:60:c6:6d:99:6c:83:b5:c1:82:2f:36:d0:ee:a7:
                    be:84:76:47:93:9c:86:80:ed:7a:d7:a8:03:4d:eb:
                    8f:aa:02:60:b3:6a:cb:ef:f7:7e:69:e5:5a:36:ee:
                    05:60:97:54:40:ec:06:ad:00:2e:d2:ba:f6:be:fa:
                    dc:d0:83:e2:bf:3f:96:7e:3d:b2:99:c6:aa:a6:34:
                    24:98:da:66:b3:26:1f:6e:e9:4b:64:a4:dd:b3:1f:
                    cc:73:10:ee:3e:fa:08:3e:7e:f6:e6:44:af:85:1d:
                    c6:e3:ee:ae:46:c4:86:d5:ee:f9:34:67:95:72:fd:
                    4b:35:ca:0b:10:b3:1f:b6:22:51:5a:4d:56:f8:85:
                    f6:e4:8d:78:e0:96:6a:0e:62:2b:3f:ab:74:9c:cd:
                    93:61:91:c1:90:4e:5f:23:70:d4:13:af:60:3d:1c:
                    64:fa:5f:3c:43:d2:bd:b1:32:fa:cc:9c:6b:57:bc:
                    54:36:98:f7:e2:87:6b:94:df:cb:f4:79:a7:5d:47:
                    c2:b0:cc:89:45:90:65:7a:24:4e:dd:5b:a6:ce:9a:
                    80:bd:c3:f1:32:2b:47:ed:ec:ea:46:25:33:f9:a2:
                    f0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:76:C4:57:DF:A1:B0:B5:8A:45:C5:4C:B3:FD:97:E8:B4:00:7F:04
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a2:0a:c2:73:df:2d:91:d9:9c:47:76:55:16:16:24:05:5c:
         33:3e:d1:55:0c:ff:60:85:6a:7f:66:bf:02:5a:83:ef:7b:17:
         57:de:b1:d4:aa:0a:25:02:88:9b:64:fd:6f:11:9a:e0:ec:a9:
         71:0a:a4:7d:6f:31:98:a4:26:eb:e0:c4:65:f2:c2:42:67:6a:
         27:ba:2d:89:fb:da:a8:82:52:3e:84:e7:f7:b1:c0:60:31:43:
         25:0f:2b:a1:6f:06:43:2a:b2:59:74:30:99:23:f5:c0:67:ae:
         8c:f7:96:31:a5:77:09:44:a2:03:51:aa:a7:f2:9b:1f:e0:92:
         23:d4:87:51:eb:93:f7:53:cf:a9:09:8c:61:70:02:7d:a1:cb:
         90:89:cd:d1:c2:10:4a:9a:40:42:fe:96:bb:42:ca:aa:83:de:
         32:61:e4:07:99:3d:87:a5:2b:b9:e7:a1:d0:1f:d0:49:35:6d:
         07:72:fe:9a:f8:ee:ef:e8:bb:15:16:45:bc:c0:35:fb:d7:fb:
         ff:b5:be:9f:c6:d5:69:e0:b9:8e:ec:55:d2:f1:66:d7:59:0e:
         22:1d:e4:31:8e:12:ee:7c:10:b6:74:eb:63:07:ec:b2:e0:1c:
         2c:cf:fc:eb:3b:ac:14:01:f6:80:fd:9d:85:c7:47:73:bd:9e:
         d0:90:13:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIcyU9LhKXPKCTUKG4DzF/ZlJmiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjkxMTQwNDVaFw0yNzA0MjgxMTQ1NDVaMDMxMTAvBgNV
BAMTKDFFNzZDNDU3REZBMUIwQjU4QTQ1QzU0Q0IzRkQ5N0U4QjQwMDdGMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3g86pO/xjnSk5zUSwShbRhB/
95jO8rs9ywIcyUlgxm2ZbIO1wYIvNtDup76EdkeTnIaA7XrXqANN64+qAmCzasvv
935p5Vo27gVgl1RA7AatAC7Suva++tzQg+K/P5Z+PbKZxqqmNCSY2mazJh9u6Utk
pN2zH8xzEO4++gg+fvbmRK+FHcbj7q5GxIbV7vk0Z5Vy/Us1ygsQsx+2IlFaTVb4
hfbkjXjglmoOYis/q3SczZNhkcGQTl8jcNQTr2A9HGT6XzxD0r2xMvrMnGtXvFQ2
mPfih2uU38v0eaddR8KwzIlFkGV6JE7dW6bOmoC9w/EyK0ft7OpGJTP5ovCJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHnbEV9+hsLWKRcVMs/2X6LQAfwQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MjI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAhogrCc98tkdmcR3ZVFhYkBVwzPtFVDP9ghWp/
Zr8CWoPvexdX3rHUqgolAoibZP1vEZrg7KlxCqR9bzGYpCbr4MRl8sJCZ2onui2J
+9qoglI+hOf3scBgMUMlDyuhbwZDKrJZdDCZI/XAZ66M95YxpXcJRKIDUaqn8psf
4JIj1IdR65P3U8+pCYxhcAJ9ocuQic3RwhBKmkBC/pa7Qsqqg94yYeQHmT2HpSu5
56HQH9BJNW0Hcv6a+O7v6LsVFkW8wDX71/v/tb6fxtVp4LmO7FXS8WbXWQ4iHeQx
jhLufBC2dOtjB+yy4Bwsz/zrO6wUAfaA/Z2Fx0dzvZ7QkBMW
-----END CERTIFICATE-----