Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215059.roa
File:                     AS215059.roa (raw, json)
Hash identifier:          nj4iSFuuzL/EJOI9r0uxcPRiEqLclynhWAI/1URkhjg=
Subject key identifier:   88:67:43:7A:39:43:31:68:29:F6:07:E1:58:CD:31:0F:D8:8D:30:09
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       61433E3FDB65EC9E948E2E99E2B5903DCCEFD7DD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215059.roa
Signing time:             Wed 11 Jun 2025 07:25:48 +0000
ROA not before:           Wed 11 Jun 2025 07:20:48 +0000
ROA not after:            Wed 10 Jun 2026 07:25:48 +0000
asID:                     215059
IP address blocks:        2a06:2b84::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:43:3e:3f:db:65:ec:9e:94:8e:2e:99:e2:b5:90:3d:cc:ef:d7:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:20:48 2025 GMT
            Not After : Jun 10 07:25:48 2026 GMT
        Subject: CN=8867437A3943316829F607E158CD310FD88D3009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:42:96:3d:0c:b3:6b:12:f5:f5:d2:1c:1d:71:
                    30:c8:b9:52:be:fb:c4:df:ef:f7:c7:08:3f:97:39:
                    c0:32:96:cf:b7:c7:b9:e7:48:99:24:3c:11:68:bf:
                    6f:e9:2e:7b:16:11:b8:9a:c7:0f:36:9d:93:fc:86:
                    a1:3b:7f:96:12:60:fa:2f:eb:61:1e:63:54:c6:3f:
                    6c:da:6a:25:94:86:4a:6f:3f:db:69:c8:5a:15:a7:
                    92:71:d5:37:4a:3f:f7:75:af:14:47:55:45:2c:4b:
                    01:47:1f:f6:ee:1c:b5:27:62:03:75:4c:f4:5d:89:
                    31:be:4b:88:77:1a:cb:40:7e:7b:9e:c0:b1:4f:7b:
                    37:2d:d0:29:55:05:ba:f1:01:6a:0c:19:57:a3:08:
                    5a:fa:91:f2:d5:55:04:72:aa:7c:0c:98:00:a6:ca:
                    b3:84:a4:12:7c:96:27:40:92:f2:b1:32:fa:47:df:
                    6a:aa:c6:91:1b:68:b7:20:0f:2b:11:b2:64:fe:fd:
                    2f:e0:63:f2:03:e9:81:36:1b:f8:d4:50:fa:66:d7:
                    d0:82:d5:0d:da:8c:ae:28:b2:eb:46:7d:cb:06:f6:
                    cd:25:58:5b:21:23:50:f2:a6:a8:c6:3b:53:33:cb:
                    d8:66:6f:68:ad:be:2b:a6:ad:9c:fb:9a:4b:43:e2:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:67:43:7A:39:43:31:68:29:F6:07:E1:58:CD:31:0F:D8:8D:30:09
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215059.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2b84::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:90:fa:bd:92:91:86:58:08:de:48:05:8d:83:53:f4:c9:8f:
         5a:6d:a2:2f:8c:33:b6:95:a0:d7:e7:48:10:8e:89:b9:92:79:
         b7:73:2d:b9:4e:7e:22:76:a4:d2:cc:89:0f:2b:ac:b4:03:2a:
         83:8d:85:e6:42:d5:65:bc:84:73:4b:32:0d:8d:18:cd:ad:db:
         4d:3b:97:cc:b9:6e:f9:2c:e0:36:46:99:fb:ed:37:af:27:bc:
         c4:f3:de:56:b6:f9:59:6e:21:ed:31:4f:55:b1:2b:6e:a4:42:
         4e:07:6f:a7:97:e0:3b:44:c6:a1:18:e1:4d:5c:72:df:dd:27:
         dc:f2:59:cc:d7:29:b7:7c:38:07:37:47:c4:55:5c:8a:54:82:
         69:82:62:29:90:d6:cd:32:42:d6:81:90:d2:3e:93:26:d9:57:
         75:d6:ef:16:88:55:68:59:1a:e7:a4:06:87:bf:c6:7b:d3:d8:
         be:bd:38:4b:e5:36:3d:ff:e1:73:0b:3e:08:8f:c8:36:d9:68:
         46:c2:6e:6e:0d:54:45:99:e9:99:b9:66:88:5f:44:1b:23:02:
         d9:e7:9c:ad:3e:2d:19:bc:a5:aa:3d:53:37:d8:81:9e:8c:41:
         af:cf:36:30:0b:08:45:07:25:e2:47:92:43:28:a6:80:95:3d:
         50:cf:16:8b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUYUM+P9tl7J6Uji6Z4rWQPczv190wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIwNDhaFw0yNjA2MTAwNzI1NDhaMDMxMTAvBgNV
BAMTKDg4Njc0MzdBMzk0MzMxNjgyOUY2MDdFMTU4Q0QzMTBGRDg4RDMwMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQpY9DLNrEvX10hwdcTDIuVK+
+8Tf7/fHCD+XOcAyls+3x7nnSJkkPBFov2/pLnsWEbiaxw82nZP8hqE7f5YSYPov
62EeY1TGP2zaaiWUhkpvP9tpyFoVp5Jx1TdKP/d1rxRHVUUsSwFHH/buHLUnYgN1
TPRdiTG+S4h3GstAfnuewLFPezct0ClVBbrxAWoMGVejCFr6kfLVVQRyqnwMmACm
yrOEpBJ8lidAkvKxMvpH32qqxpEbaLcgDysRsmT+/S/gY/ID6YE2G/jUUPpm19CC
1Q3ajK4osutGfcsG9s0lWFshI1DypqjGO1Mzy9hmb2itviumrZz7mktD4gszAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUiGdDejlDMWgp9gfhWM0xD9iNMAkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgYr
hDANBgkqhkiG9w0BAQsFAAOCAQEARZD6vZKRhlgI3kgFjYNT9MmPWm2iL4wztpWg
1+dIEI6JuZJ5t3MtuU5+Inak0syJDyustAMqg42F5kLVZbyEc0syDY0Yza3bTTuX
zLlu+SzgNkaZ++03rye8xPPeVrb5WW4h7TFPVbErbqRCTgdvp5fgO0TGoRjhTVxy
390n3PJZzNcpt3w4BzdHxFVcilSCaYJiKZDWzTJC1oGQ0j6TJtlXddbvFohVaFka
56QGh7/Ge9PYvr04S+U2Pf/hcws+CI/INtloRsJubg1URZnpmblmiF9EGyMC2eec
rT4tGbylqj1TN9iBnoxBr882MAsIRQcl4keSQyimgJU9UM8Wiw==
-----END CERTIFICATE-----