Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          wcLGAZYeMSS0X98Zp9IGuqLSn0mxxJ+3JhmiFopY/tw=
Subject key identifier:   50:DB:7C:78:10:0D:AE:F1:16:B7:AE:81:C6:94:C7:6B:1B:26:02:8D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4831A5729C4A9CA482867B2AC442931DA67F3E4D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
Signing time:             Fri 01 May 2026 14:48:00 +0000
ROA not before:           Fri 01 May 2026 14:43:00 +0000
ROA not after:            Fri 30 Apr 2027 14:48:00 +0000
asID:                     215152
IP address blocks:        2a0a:7a00::/29 maxlen: 48
                          2a0a:9200::/29 maxlen: 48
                          2a0a:a600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:31:a5:72:9c:4a:9c:a4:82:86:7b:2a:c4:42:93:1d:a6:7f:3e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  1 14:43:00 2026 GMT
            Not After : Apr 30 14:48:00 2027 GMT
        Subject: CN=50DB7C78100DAEF116B7AE81C694C76B1B26028D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ca:52:0d:87:34:b2:2d:70:7e:70:b8:3d:e8:
                    ee:a1:0f:3a:4b:ab:81:ee:c7:93:5d:51:16:28:33:
                    79:61:f4:35:33:8e:ca:79:55:b0:57:0c:7e:ec:9b:
                    3d:2c:7c:a7:58:1a:ba:11:8f:59:4e:d7:cc:fb:41:
                    bf:28:71:fa:52:7d:44:70:a8:67:0c:aa:62:22:ba:
                    d4:af:bc:bb:45:40:90:76:d6:8b:50:ee:64:22:80:
                    19:e6:6c:21:eb:51:c6:04:64:2b:8f:de:f0:63:7d:
                    a3:29:10:dc:2b:4d:62:1a:bc:64:37:f1:3a:86:29:
                    11:8f:0a:af:2e:56:9c:09:68:3e:a0:83:09:cc:c7:
                    d0:c2:90:31:c0:9e:bf:a6:18:82:09:e5:fc:b5:6b:
                    22:8c:95:17:4d:c1:be:5b:80:95:a5:b5:c2:e7:5e:
                    8b:7d:9e:39:21:cb:b5:ad:d2:33:f6:d1:da:59:b3:
                    f6:ee:70:be:b3:31:70:8f:86:31:1e:60:61:5e:13:
                    8c:df:3a:71:c5:60:be:c3:17:85:a2:77:8c:4b:e7:
                    c5:cd:0c:c4:c6:db:9c:2c:53:6f:93:5b:f5:64:fa:
                    56:3d:c2:b9:21:3e:af:ba:1a:5f:80:af:01:fa:e0:
                    0e:23:42:ea:49:a8:0c:49:20:64:ca:c4:03:13:58:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DB:7C:78:10:0D:AE:F1:16:B7:AE:81:C6:94:C7:6B:1B:26:02:8D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7a00::/29
                  2a0a:9200::/29
                  2a0a:a600::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:72:13:30:c5:d3:17:2f:4e:93:86:75:18:90:c3:be:fb:f3:
         16:a9:38:0e:63:03:56:01:34:ab:df:26:24:77:ae:6a:b4:fc:
         d0:f2:e6:06:3d:a5:41:0e:bb:02:8e:dc:85:42:2f:76:3d:51:
         48:98:4f:73:26:d2:ef:03:cd:55:a2:74:ac:2d:02:5c:78:8e:
         f2:20:7e:e3:23:62:21:ff:a5:7f:16:69:7b:75:07:c7:9f:27:
         c0:6b:7b:11:96:e7:97:22:c1:16:3d:0f:77:20:e0:6c:25:21:
         4c:82:f6:b7:de:c8:47:66:96:89:66:8b:30:a5:1a:b3:40:ca:
         49:7c:82:b5:dd:75:79:9d:17:22:1f:78:31:25:a1:27:49:17:
         48:c0:4f:08:2a:f1:18:b2:7f:96:12:5b:d5:56:6e:26:9e:65:
         7c:29:c4:95:de:c4:63:61:e3:e2:3b:0e:e2:a9:7f:c0:ed:12:
         f8:df:2d:72:ed:b8:ae:15:69:14:a7:2e:4f:12:19:75:e0:c9:
         5c:8d:85:7e:5e:58:b4:b9:e5:c0:aa:c2:d1:ae:d7:90:47:91:
         80:0f:26:73:fb:27:93:e1:9a:76:ac:78:b7:70:e3:67:b5:2c:
         50:eb:92:10:68:ad:15:8a:bd:27:87:fe:5f:2a:b3:e6:e1:ca:
         b6:3a:a9:c9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIUSDGlcpxKnKSChnsqxEKTHaZ/Pk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDExNDQzMDBaFw0yNzA0MzAxNDQ4MDBaMDMxMTAvBgNV
BAMTKDUwREI3Qzc4MTAwREFFRjExNkI3QUU4MUM2OTRDNzZCMUIyNjAyOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaylINhzSyLXB+cLg96O6hDzpL
q4Hux5NdURYoM3lh9DUzjsp5VbBXDH7smz0sfKdYGroRj1lO18z7Qb8ocfpSfURw
qGcMqmIiutSvvLtFQJB21otQ7mQigBnmbCHrUcYEZCuP3vBjfaMpENwrTWIavGQ3
8TqGKRGPCq8uVpwJaD6ggwnMx9DCkDHAnr+mGIIJ5fy1ayKMlRdNwb5bgJWltcLn
Xot9njkhy7Wt0jP20dpZs/bucL6zMXCPhjEeYGFeE4zfOnHFYL7DF4Wid4xL58XN
DMTG25wsU2+TW/Vk+lY9wrkhPq+6Gl+ArwH64A4jQupJqAxJIGTKxAMTWHIBAgMB
AAGjggIZMIICFTAdBgNVHQ4EFgQUUNt8eBANrvEWt66BxpTHaxsmAo0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgp6
AAMFAyoKkgADBQMqCqYAMA0GCSqGSIb3DQEBCwUAA4IBAQBGchMwxdMXL06ThnUY
kMO++/MWqTgOYwNWATSr3yYkd65qtPzQ8uYGPaVBDrsCjtyFQi92PVFImE9zJtLv
A81VonSsLQJceI7yIH7jI2Ih/6V/Fml7dQfHnyfAa3sRlueXIsEWPQ93IOBsJSFM
gva33shHZpaJZoswpRqzQMpJfIK13XV5nRciH3gxJaEnSRdIwE8IKvEYsn+WElvV
Vm4mnmV8KcSV3sRjYePiOw7iqX/A7RL43y1y7biuFWkUpy5PEhl14MlcjYV+Xli0
ueXAqsLRrteQR5GADyZz+yeT4Zp2rHi3cONntSxQ65IQaK0Vir0nh/5fKrPm4cq2
OqnJ
-----END CERTIFICATE-----