Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa
File:                     AS215228.roa (raw, json)
Hash identifier:          hAbetGBieaEchMEY3E/hBmwNp/xzBHklFDRzRzVhIgs=
Subject key identifier:   99:17:F3:FD:02:C7:46:C4:18:A1:52:65:F6:DE:AF:13:CC:30:56:DE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       45DAA4C47C3ACE569681911E77417A45422EE0C3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa
Signing time:             Thu 19 Mar 2026 05:53:36 +0000
ROA not before:           Thu 19 Mar 2026 05:48:36 +0000
ROA not after:            Thu 18 Mar 2027 05:53:36 +0000
asID:                     215228
IP address blocks:        162.141.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:da:a4:c4:7c:3a:ce:56:96:81:91:1e:77:41:7a:45:42:2e:e0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 19 05:48:36 2026 GMT
            Not After : Mar 18 05:53:36 2027 GMT
        Subject: CN=9917F3FD02C746C418A15265F6DEAF13CC3056DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:08:78:ce:87:d6:4c:fa:de:95:cf:8e:6a:68:
                    a8:34:13:b3:20:c9:1b:44:bd:1a:4a:0e:5f:ad:55:
                    8c:4f:92:2e:41:46:c0:4a:c6:48:f2:64:6f:8c:79:
                    2e:7f:2f:3e:89:7f:01:50:fe:ee:75:78:e7:59:5a:
                    bc:0d:a5:4d:b2:54:ed:cb:51:0c:40:35:66:0a:91:
                    d9:51:97:18:7c:39:70:3b:46:7c:07:66:bb:ee:82:
                    0a:50:33:7d:72:5e:13:9b:89:ec:d6:6f:7a:0e:00:
                    b8:de:be:4c:bd:8e:8c:4c:bb:8d:42:ed:a5:a1:09:
                    28:35:06:ef:93:fe:d0:05:d2:b7:c5:44:8b:5d:67:
                    6a:07:a0:11:bd:0b:cc:b0:15:21:04:e0:ff:2c:e3:
                    09:d7:dc:b9:42:ad:cd:a0:c9:2d:8e:fd:2a:18:63:
                    b6:a4:b0:7b:fd:81:e7:af:54:8a:cc:26:00:fa:b1:
                    78:9c:29:86:29:0d:53:f5:fc:db:b8:35:b8:75:7d:
                    e0:17:02:29:51:43:6e:11:78:4b:8b:ad:ff:dc:0c:
                    fa:4d:5e:fb:8f:8d:90:eb:cc:55:b9:c0:c6:75:4d:
                    c7:24:86:f0:69:f0:5d:d8:f5:07:72:12:a3:fc:05:
                    1f:42:b2:bd:b6:c8:f7:8d:21:10:fc:b8:11:b1:6b:
                    cd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:17:F3:FD:02:C7:46:C4:18:A1:52:65:F6:DE:AF:13:CC:30:56:DE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215228.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:c0:a0:f4:f7:75:70:0e:0b:16:9e:ef:9d:72:e8:d9:d3:
         9f:9c:49:7b:55:df:de:ed:b2:c0:35:3b:78:35:73:df:f4:86:
         74:a9:f8:bd:d1:29:f5:bf:70:d7:a3:1b:38:49:f5:a3:91:ef:
         8d:a5:81:c9:bc:e5:42:8e:c4:b7:68:1d:8e:2d:6d:40:81:1f:
         d0:a7:3d:62:90:95:66:e0:81:ac:43:22:74:ab:7f:e2:8e:19:
         8e:46:e1:2a:9c:ed:b0:03:af:52:43:81:35:d6:da:be:56:58:
         5d:ec:ef:96:a7:f5:de:4d:88:ed:b3:26:29:66:b2:b8:6e:6f:
         29:25:82:7e:ca:11:4b:4b:b3:00:0a:a8:63:6f:3d:83:61:72:
         c2:75:92:61:18:0a:dd:ac:09:f0:28:49:1c:ba:d2:f4:1f:b6:
         5e:b4:6b:fa:21:45:25:2e:e5:01:09:89:33:9b:8f:53:7a:b6:
         9f:c6:2e:36:f2:12:0a:4b:3b:d5:bb:72:86:7d:33:18:24:95:
         7c:64:b4:e5:07:8f:5f:a1:80:7b:ef:82:9d:a8:1d:54:59:7f:
         85:58:7b:5c:40:0f:0d:76:ba:ba:60:4e:1f:06:0a:87:89:85:
         62:18:36:dd:83:86:2f:f3:ce:d0:6e:29:ff:06:83:39:45:b0:
         5d:b6:90:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURdqkxHw6zlaWgZEed0F6RUIu4MMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTkwNTQ4MzZaFw0yNzAzMTgwNTUzMzZaMDMxMTAvBgNV
BAMTKDk5MTdGM0ZEMDJDNzQ2QzQxOEExNTI2NUY2REVBRjEzQ0MzMDU2REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRCHjOh9ZM+t6Vz45qaKg0E7Mg
yRtEvRpKDl+tVYxPki5BRsBKxkjyZG+MeS5/Lz6JfwFQ/u51eOdZWrwNpU2yVO3L
UQxANWYKkdlRlxh8OXA7RnwHZrvuggpQM31yXhObiezWb3oOALjevky9joxMu41C
7aWhCSg1Bu+T/tAF0rfFRItdZ2oHoBG9C8ywFSEE4P8s4wnX3LlCrc2gyS2O/SoY
Y7aksHv9geevVIrMJgD6sXicKYYpDVP1/Nu4Nbh1feAXAilRQ24ReEuLrf/cDPpN
XvuPjZDrzFW5wMZ1TcckhvBp8F3Y9QdyEqP8BR9Csr22yPeNIRD8uBGxa80tAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmRfz/QLHRsQYoVJl9t6vE8wwVt4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MjI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAdDsCg9Pd1cA4LFp7vnXLo2dOfnEl7Vd/e7bLA
NTt4NXPf9IZ0qfi90Sn1v3DXoxs4SfWjke+NpYHJvOVCjsS3aB2OLW1AgR/Qpz1i
kJVm4IGsQyJ0q3/ijhmORuEqnO2wA69SQ4E11tq+Vlhd7O+Wp/XeTYjtsyYpZrK4
bm8pJYJ+yhFLS7MACqhjbz2DYXLCdZJhGArdrAnwKEkcutL0H7ZetGv6IUUlLuUB
CYkzm49Terafxi428hIKSzvVu3KGfTMYJJV8ZLTlB49foYB774KdqB1UWX+FWHtc
QA8Ndrq6YE4fBgqHiYViGDbdg4Yv887Qbin/BoM5RbBdtpCl
-----END CERTIFICATE-----