Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa
File:                     AS215238.roa (raw, json)
Hash identifier:          vIze26VJHAnOn4Mpg4tIDBiBVkQpsoDRkWUAcP+vC3g=
Subject key identifier:   96:65:DF:23:31:62:11:6E:A0:C7:A4:C9:17:41:8A:D5:75:D5:5F:B7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       79A71BFCF4BFF9414FBF6CB95DCFBE9750C5FC4C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa
Signing time:             Wed 25 Jun 2025 17:30:29 +0000
ROA not before:           Wed 25 Jun 2025 17:25:29 +0000
ROA not after:            Wed 24 Jun 2026 17:30:29 +0000
asID:                     215238
IP address blocks:        146.103.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:a7:1b:fc:f4:bf:f9:41:4f:bf:6c:b9:5d:cf:be:97:50:c5:fc:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 25 17:25:29 2025 GMT
            Not After : Jun 24 17:30:29 2026 GMT
        Subject: CN=9665DF233162116EA0C7A4C917418AD575D55FB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:94:96:3b:17:3d:68:f5:b9:3b:2f:49:ba:7a:
                    8c:2b:d0:c9:ba:c0:9a:8e:04:91:dd:b3:7e:fd:9d:
                    32:32:41:56:e2:84:8c:d6:10:e6:86:33:2b:76:68:
                    c3:7a:58:cc:c0:84:02:5e:bf:c8:b1:4f:0b:b2:14:
                    39:91:c3:f7:f0:54:90:20:03:d1:57:75:e9:36:ea:
                    2c:cc:30:9b:64:82:c6:45:a9:12:ed:2d:b3:27:f0:
                    ff:97:79:3a:9b:2c:29:e8:85:ec:c6:e7:44:68:0d:
                    2e:45:b2:86:6b:38:d5:51:3c:99:63:b1:c9:48:33:
                    c8:fd:c9:a4:d8:fa:c2:be:7d:7f:69:fb:e2:32:83:
                    2b:6a:21:90:51:68:06:c6:9f:a0:2b:ef:9c:c5:3d:
                    b6:6d:49:c7:95:76:32:52:15:29:1b:f7:22:af:b3:
                    40:d6:f1:d3:e0:58:23:97:dc:f5:02:4f:c0:31:89:
                    68:f1:68:bf:1f:57:e6:65:05:e9:b6:b4:31:56:cd:
                    89:20:b0:7c:07:fe:d8:d0:b4:d4:ca:07:a2:ed:8e:
                    ab:33:e3:5c:cb:c0:02:1f:73:e1:eb:0f:3a:93:1c:
                    bd:9e:23:41:09:6c:65:d2:6e:c3:80:f8:87:a0:7e:
                    87:cb:e9:6c:d4:68:98:fe:7f:b3:9c:39:70:42:27:
                    80:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:65:DF:23:31:62:11:6E:A0:C7:A4:C9:17:41:8A:D5:75:D5:5F:B7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS215238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:cd:12:90:cc:48:27:eb:b0:ef:d8:71:c6:36:e1:8d:d2:96:
         f9:89:43:c4:1b:40:d5:cd:e5:17:fc:1c:8c:8d:8c:25:b7:0e:
         55:b4:5e:5d:cd:9a:50:e6:8f:1b:b4:ea:f8:a1:d9:e3:27:5e:
         96:e5:9e:57:93:24:3e:af:ef:10:cf:02:28:f5:f7:17:ea:24:
         60:76:c2:f4:11:db:94:23:3c:6b:9b:0e:38:e1:cf:02:4e:af:
         16:2c:87:91:13:ad:0d:64:11:c0:c3:41:4a:ce:d7:13:f8:3f:
         d4:2d:db:69:cc:3b:16:46:f6:d7:19:6d:49:02:7c:4a:84:5a:
         3f:d9:ef:de:13:35:2c:1a:46:a1:78:ae:c9:ab:67:92:d2:65:
         8f:e4:80:d0:d2:e8:9d:4f:be:f6:35:6a:73:6a:ef:63:75:19:
         98:45:9a:ff:1d:c6:2e:11:6d:62:74:2e:2e:2d:48:19:3f:b1:
         cc:e6:6e:9d:6f:77:2a:14:13:76:8e:e0:7e:2d:c1:b6:7b:83:
         3c:7a:42:9c:50:2b:ec:57:2e:76:41:97:1a:37:be:7d:cc:69:
         8c:a1:c5:60:33:98:37:49:07:4a:8b:12:50:19:77:fa:c4:61:
         08:b1:79:44:66:8b:4e:be:6c:09:c2:af:50:95:0e:d5:d1:b3:
         7d:09:3e:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeacb/PS/+UFPv2y5Xc++l1DF/EwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjUxNzI1MjlaFw0yNjA2MjQxNzMwMjlaMDMxMTAvBgNV
BAMTKDk2NjVERjIzMzE2MjExNkVBMEM3QTRDOTE3NDE4QUQ1NzVENTVGQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjlJY7Fz1o9bk7L0m6eowr0Mm6
wJqOBJHds379nTIyQVbihIzWEOaGMyt2aMN6WMzAhAJev8ixTwuyFDmRw/fwVJAg
A9FXdek26izMMJtkgsZFqRLtLbMn8P+XeTqbLCnohezG50RoDS5FsoZrONVRPJlj
sclIM8j9yaTY+sK+fX9p++IygytqIZBRaAbGn6Ar75zFPbZtSceVdjJSFSkb9yKv
s0DW8dPgWCOX3PUCT8AxiWjxaL8fV+ZlBem2tDFWzYkgsHwH/tjQtNTKB6Ltjqsz
41zLwAIfc+HrDzqTHL2eI0EJbGXSbsOA+IegfofL6WzUaJj+f7OcOXBCJ4DjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlmXfIzFiEW6gx6TJF0GK1XXVX7cwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE1MjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcY
MA0GCSqGSIb3DQEBCwUAA4IBAQCLzRKQzEgn67Dv2HHGNuGN0pb5iUPEG0DVzeUX
/ByMjYwltw5VtF5dzZpQ5o8btOr4odnjJ16W5Z5XkyQ+r+8QzwIo9fcX6iRgdsL0
EduUIzxrmw444c8CTq8WLIeRE60NZBHAw0FKztcT+D/ULdtpzDsWRvbXGW1JAnxK
hFo/2e/eEzUsGkaheK7Jq2eS0mWP5IDQ0uidT772NWpzau9jdRmYRZr/HcYuEW1i
dC4uLUgZP7HM5m6db3cqFBN2juB+LcG2e4M8ekKcUCvsVy52QZcaN759zGmMocVg
M5g3SQdKixJQGXf6xGEIsXlEZotOvmwJwq9QlQ7V0bN9CT7j
-----END CERTIFICATE-----