Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa
File:                     AS215238.roa (raw, json)
Hash identifier:          e6UocXcQjWxi2A0X9Nrn4wSzqnTWItkWfGmTVRsgcjI=
Subject key identifier:   7F:96:78:CC:A1:EF:31:4C:09:43:09:0F:26:F1:93:2E:0C:29:41:00
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       15406410E8955F7AEE4A7941B44B8841FB58C636
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa
Signing time:             Wed 11 Mar 2026 17:03:10 +0000
ROA not before:           Wed 11 Mar 2026 16:58:10 +0000
ROA not after:            Wed 10 Mar 2027 17:03:10 +0000
asID:                     215238
IP address blocks:        155.117.109.0/24 maxlen: 24
                          167.148.181.0/24 maxlen: 24
                          167.148.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:40:64:10:e8:95:5f:7a:ee:4a:79:41:b4:4b:88:41:fb:58:c6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 11 16:58:10 2026 GMT
            Not After : Mar 10 17:03:10 2027 GMT
        Subject: CN=7F9678CCA1EF314C0943090F26F1932E0C294100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:db:29:5b:ab:a0:1d:ab:94:77:73:6e:66:d7:
                    8f:24:17:31:78:7c:dc:6e:ee:43:c8:7a:11:11:3c:
                    ea:7e:e8:af:c3:85:da:ff:50:12:52:84:74:54:5f:
                    ea:ce:a4:19:46:42:09:e5:1d:b6:4c:34:30:73:68:
                    6b:d0:49:d9:26:4d:a8:99:e9:e8:d9:f2:23:a3:1e:
                    50:26:14:74:78:f8:ce:87:33:d8:6a:0a:39:20:f0:
                    90:48:a0:00:8c:1a:15:a2:61:8f:40:34:4c:11:f8:
                    71:c7:9f:86:88:95:aa:a4:5e:79:8d:eb:f0:25:f7:
                    7c:0f:a3:07:f9:6f:73:7b:2f:57:c5:e9:d2:9a:d5:
                    c8:ec:1c:87:15:1c:d6:81:34:49:99:dc:48:14:14:
                    29:dc:de:2f:8f:44:2b:f7:49:7e:de:34:85:8e:54:
                    ca:29:4e:9e:bb:1a:cf:91:ce:4c:ca:5f:8e:41:8e:
                    a1:e5:27:f7:92:fe:c3:3b:4a:d0:06:df:1c:a1:13:
                    e4:22:f6:7b:d9:68:5b:da:5f:08:4c:27:07:44:de:
                    8d:25:c1:4b:c3:e9:af:db:f5:64:11:91:b5:0c:4c:
                    82:a8:4c:ca:c1:33:9f:9b:1e:6f:06:1a:e2:b3:6f:
                    40:60:27:22:f9:ee:ba:b5:41:df:1e:1c:42:5e:7a:
                    be:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:96:78:CC:A1:EF:31:4C:09:43:09:0F:26:F1:93:2E:0C:29:41:00
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.109.0/24
                  167.148.181.0/24
                  167.148.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:35:90:8e:dd:e9:0b:03:7b:ce:f4:0b:47:81:96:64:85:dc:
         3a:79:62:b8:e6:c0:62:c7:d2:b5:1f:45:61:3b:d7:80:42:c5:
         0b:f0:93:8c:b3:08:b2:f4:68:2f:b4:76:e7:c4:04:ca:81:b4:
         03:ca:82:f4:90:f9:f8:4b:0a:e2:ac:4f:ed:d1:df:26:b9:21:
         4f:0d:b6:9c:64:43:24:75:7f:af:39:e7:87:7e:10:98:7c:7b:
         a6:53:30:a2:35:3c:d4:41:b0:6b:cd:3e:cc:3e:1e:4a:30:a2:
         b2:74:ef:ed:7c:2b:5e:ac:43:55:c5:6c:d1:d0:a3:08:5c:84:
         99:10:4f:23:7a:45:ec:6d:76:15:b2:f7:23:91:9f:20:62:7c:
         d2:51:ee:f8:b2:55:75:8c:92:e8:9f:a6:d0:e4:9a:dc:e3:63:
         52:77:3f:27:ad:8a:05:87:71:a3:0b:14:34:2e:99:6c:88:6f:
         ad:53:2a:7f:e4:5a:d7:d8:e6:22:4a:6a:72:b2:f0:9d:34:b5:
         bd:d8:3d:5f:66:88:3d:4d:56:17:5b:e2:90:3e:49:36:be:08:
         b6:42:58:f7:44:dd:12:b8:4e:2c:6d:2c:da:e4:34:74:dd:9c:
         ac:e4:eb:72:4f:f7:a4:f3:bf:d2:2e:a5:6a:99:f3:02:3d:43:
         71:da:be:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUFUBkEOiVX3ruSnlBtEuIQftYxjYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTExNjU4MTBaFw0yNzAzMTAxNzAzMTBaMDMxMTAvBgNV
BAMTKDdGOTY3OENDQTFFRjMxNEMwOTQzMDkwRjI2RjE5MzJFMEMyOTQxMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2ylbq6Adq5R3c25m148kFzF4
fNxu7kPIehERPOp+6K/Dhdr/UBJShHRUX+rOpBlGQgnlHbZMNDBzaGvQSdkmTaiZ
6ejZ8iOjHlAmFHR4+M6HM9hqCjkg8JBIoACMGhWiYY9ANEwR+HHHn4aIlaqkXnmN
6/Al93wPowf5b3N7L1fF6dKa1cjsHIcVHNaBNEmZ3EgUFCnc3i+PRCv3SX7eNIWO
VMopTp67Gs+RzkzKX45BjqHlJ/eS/sM7StAG3xyhE+Qi9nvZaFvaXwhMJwdE3o0l
wUvD6a/b9WQRkbUMTIKoTMrBM5+bHm8GGuKzb0BgJyL57rq1Qd8eHEJeer4vAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUf5Z4zKHvMUwJQwkPJvGTLgwpQQAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAm3Vt
AwQAp5S1AwQAp5TUMA0GCSqGSIb3DQEBCwUAA4IBAQAYNZCO3ekLA3vO9AtHgZZk
hdw6eWK45sBix9K1H0VhO9eAQsUL8JOMswiy9GgvtHbnxATKgbQDyoL0kPn4Swri
rE/t0d8muSFPDbacZEMkdX+vOeeHfhCYfHumUzCiNTzUQbBrzT7MPh5KMKKydO/t
fCterENVxWzR0KMIXISZEE8jekXsbXYVsvcjkZ8gYnzSUe74slV1jJLon6bQ5Jrc
42NSdz8nrYoFh3GjCxQ0LplsiG+tUyp/5FrX2OYiSmpysvCdNLW92D1fZog9TVYX
W+KQPkk2vgi2Qlj3RN0SuE4sbSza5DR03Zys5OtyT/ek87/SLqVqmfMCPUNx2r7W
-----END CERTIFICATE-----