Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215224.roa
File:                     AS215224.roa (raw, json)
Hash identifier:          Wd25JHYAPTT6uZoBPXfd0J3GZ/MyqcJkohFaV83eYPM=
Subject key identifier:   C8:C6:67:7F:C7:DC:2B:30:85:80:55:53:0D:24:78:7B:3A:9E:94:E5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       33EBDA60B2B336800E9DB41F7C1BB7401100C328
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215224.roa
Signing time:             Thu 07 Aug 2025 00:00:25 +0000
ROA not before:           Wed 06 Aug 2025 23:55:25 +0000
ROA not after:            Thu 06 Aug 2026 00:00:25 +0000
asID:                     215224
IP address blocks:        92.119.34.0/24 maxlen: 24
                          181.215.178.0/24 maxlen: 24
                          191.96.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:23:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:eb:da:60:b2:b3:36:80:0e:9d:b4:1f:7c:1b:b7:40:11:00:c3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  6 23:55:25 2025 GMT
            Not After : Aug  6 00:00:25 2026 GMT
        Subject: CN=C8C6677FC7DC2B30858055530D24787B3A9E94E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:70:87:99:be:97:81:ba:8c:8a:69:1d:94:94:
                    a6:74:7a:f8:c6:bf:aa:f4:e1:ce:aa:1c:03:55:16:
                    cb:ff:05:5f:47:ff:7b:8a:10:64:14:f6:8b:2b:18:
                    b8:14:c7:cc:95:6e:10:5f:b6:d5:9b:71:31:28:4c:
                    9d:18:6d:ec:50:4b:18:45:0f:2d:21:4f:a2:8b:b2:
                    f3:b6:11:3f:57:e9:ea:50:c1:72:8e:70:32:0a:57:
                    f9:7d:2a:5f:08:70:10:91:8b:76:3d:cd:10:64:ab:
                    4a:f5:a3:76:5c:80:f9:3b:a0:c1:c9:1c:eb:f9:6b:
                    00:47:05:3f:c1:10:36:f6:94:88:99:0e:bf:59:46:
                    f3:95:76:97:1d:bf:94:4a:94:f9:5d:d9:fc:c6:d9:
                    16:99:40:4f:b9:13:d0:de:10:a8:51:4b:5e:a6:d2:
                    e2:34:ce:d8:15:8c:bc:2d:b2:4d:0a:c6:6e:13:f0:
                    4e:cf:d3:d5:46:fb:a0:c8:34:68:67:1f:27:03:ab:
                    44:96:bc:0d:15:22:aa:35:5f:4e:af:8a:bc:6c:ba:
                    04:25:43:31:a4:4b:c2:9b:23:44:f7:7e:0f:98:25:
                    74:b1:fe:c3:e1:40:a8:7b:f0:15:92:44:f3:15:0d:
                    c6:b5:03:24:99:95:6d:27:f9:3c:0c:2e:31:6f:e9:
                    31:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C6:67:7F:C7:DC:2B:30:85:80:55:53:0D:24:78:7B:3A:9E:94:E5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.34.0/24
                  181.215.178.0/24
                  191.96.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:99:85:32:d9:eb:55:55:b1:93:b9:08:a5:ff:96:a3:3d:8b:
         cd:0e:04:a8:1a:15:ff:1d:0f:1e:db:88:c6:e2:00:6a:77:a6:
         64:b0:58:9c:fe:15:04:7d:bd:ce:82:a6:2c:db:70:58:d6:36:
         bb:66:78:71:27:62:d4:41:04:73:c6:de:69:e3:64:0d:f0:7f:
         d9:02:e5:04:88:8e:6f:85:c3:67:0a:cc:1f:d9:86:27:73:68:
         f5:bf:78:26:98:d9:92:b8:b5:de:85:72:59:90:07:07:af:f1:
         b3:48:f4:a0:3f:0c:2d:87:68:94:90:00:b3:77:94:1b:0e:cf:
         72:06:ad:70:86:38:8f:ae:e5:3e:19:f2:ee:58:f9:4d:b3:c9:
         72:f4:48:23:6a:f1:ed:64:51:4a:f3:28:c6:f0:e9:d9:64:2c:
         f6:c5:6c:bf:0f:1c:90:4e:2d:5b:4f:5b:67:4b:bf:9a:32:1c:
         6b:01:ad:0a:89:ab:3c:0d:75:b6:3f:0c:1d:b7:e0:41:dc:62:
         fe:d1:00:83:93:44:bc:cf:79:3a:8f:9e:d9:1b:a2:c5:31:7e:
         9c:c9:4a:25:b2:ff:6f:9e:a7:69:35:10:d0:bf:8b:34:3a:a7:
         3a:1e:50:9a:da:6f:46:70:4f:e9:6c:6c:62:46:f1:c8:e1:dd:
         91:7f:b2:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUM+vaYLKzNoAOnbQffBu3QBEAwygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDYyMzU1MjVaFw0yNjA4MDYwMDAwMjVaMDMxMTAvBgNV
BAMTKEM4QzY2NzdGQzdEQzJCMzA4NTgwNTU1MzBEMjQ3ODdCM0E5RTk0RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCcIeZvpeBuoyKaR2UlKZ0evjG
v6r04c6qHANVFsv/BV9H/3uKEGQU9osrGLgUx8yVbhBfttWbcTEoTJ0YbexQSxhF
Dy0hT6KLsvO2ET9X6epQwXKOcDIKV/l9Kl8IcBCRi3Y9zRBkq0r1o3ZcgPk7oMHJ
HOv5awBHBT/BEDb2lIiZDr9ZRvOVdpcdv5RKlPld2fzG2RaZQE+5E9DeEKhRS16m
0uI0ztgVjLwtsk0Kxm4T8E7P09VG+6DINGhnHycDq0SWvA0VIqo1X06virxsugQl
QzGkS8KbI0T3fg+YJXSx/sPhQKh78BWSRPMVDca1AySZlW0n+TwMLjFv6TFjAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUyMZnf8fcKzCFgFVTDSR4ezqelOUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXHci
AwQAtdeyAwQAv2BkMA0GCSqGSIb3DQEBCwUAA4IBAQBSmYUy2etVVbGTuQil/5aj
PYvNDgSoGhX/HQ8e24jG4gBqd6ZksFic/hUEfb3OgqYs23BY1ja7ZnhxJ2LUQQRz
xt5p42QN8H/ZAuUEiI5vhcNnCswf2YYnc2j1v3gmmNmSuLXehXJZkAcHr/GzSPSg
Pwwth2iUkACzd5QbDs9yBq1whjiPruU+GfLuWPlNs8ly9EgjavHtZFFK8yjG8OnZ
ZCz2xWy/DxyQTi1bT1tnS7+aMhxrAa0Kias8DXW2Pwwdt+BB3GL+0QCDk0S8z3k6
j57ZG6LFMX6cyUolsv9vnqdpNRDQv4s0Oqc6HlCa2m9GcE/pbGxiRvHI4d2Rf7Jb
-----END CERTIFICATE-----