Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215427.roa
File:                     AS215427.roa (raw, json)
Hash identifier:          TVCJhs7tebastZbgrNx88Dhmxp+R3f/92/gTEvkdPoI=
Subject key identifier:   41:4C:16:0E:22:C8:C3:48:35:D5:57:57:89:8B:DA:96:5E:84:9A:9D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4EAD482ADC007546C2725156536FE88FDDE8D793
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215427.roa
Signing time:             Thu 12 Jun 2025 14:10:11 +0000
ROA not before:           Thu 12 Jun 2025 14:05:11 +0000
ROA not after:            Thu 11 Jun 2026 14:10:11 +0000
asID:                     215427
IP address blocks:        2a0b:8707::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ad:48:2a:dc:00:75:46:c2:72:51:56:53:6f:e8:8f:dd:e8:d7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:11 2025 GMT
            Not After : Jun 11 14:10:11 2026 GMT
        Subject: CN=414C160E22C8C34835D55757898BDA965E849A9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:72:66:3e:88:e1:6a:6b:b0:cc:b1:13:ca:b9:
                    fc:10:37:b7:ca:c6:90:c2:d3:b5:cc:2c:3f:3f:d9:
                    35:6e:8b:d6:81:cc:be:06:7f:3d:2d:44:4d:99:a3:
                    9f:94:e6:ff:20:1f:f5:be:36:b6:5d:be:f2:ef:fe:
                    40:cb:d6:c8:2f:01:18:9e:b8:0e:de:ba:86:fe:af:
                    14:9a:4b:7b:f8:34:a7:92:02:ee:ce:9e:59:b6:e4:
                    20:3d:f1:71:e2:c4:0d:b0:75:51:e1:82:2d:17:fc:
                    0b:2a:3d:04:be:41:d6:7c:ed:c4:9d:2b:cc:90:6e:
                    eb:07:dd:9e:ea:9a:59:e5:a3:ba:83:26:1d:b9:fa:
                    9f:26:cd:34:6b:ad:96:1a:73:b1:20:b6:99:36:14:
                    3e:df:77:3a:44:31:c9:03:cd:6f:6c:54:c9:c2:01:
                    85:9a:e5:7a:7e:5a:a3:c8:8b:0a:af:90:de:74:e5:
                    4e:1b:3d:e6:c3:88:92:fe:99:6d:4a:c7:00:8f:e0:
                    7b:31:74:1b:cf:58:c9:37:05:eb:e4:13:b3:18:c0:
                    75:be:6d:86:ce:66:96:6d:3e:ae:e9:27:6f:1a:29:
                    a2:40:d7:dc:e3:32:a0:3a:a0:d4:a7:fa:11:c5:a4:
                    2d:59:f8:9d:48:ba:60:bd:b2:8d:87:69:51:c9:ec:
                    54:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4C:16:0E:22:C8:C3:48:35:D5:57:57:89:8B:DA:96:5E:84:9A:9D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8707::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:b4:b1:25:26:34:d0:60:64:f2:9c:13:10:63:6e:b8:dc:10:
         3a:d8:6b:bf:46:0e:93:ef:02:06:34:14:2e:11:e0:ba:53:fe:
         8f:ca:2c:8d:4b:a9:50:a5:ab:11:c6:fa:4e:28:89:cd:c7:eb:
         96:c7:65:1d:19:40:ae:b3:86:85:e0:64:cf:9c:32:f1:ba:f9:
         cf:19:3d:09:84:0b:34:41:6d:08:3f:9b:cc:9d:62:33:e1:84:
         43:ac:e1:b1:2a:55:9b:b8:e9:d4:81:ca:8a:79:a8:9a:f9:1d:
         a1:4a:dd:a7:2a:2a:cd:00:94:8c:cd:e7:19:f4:da:a5:fd:bf:
         b5:6f:2a:d3:98:a1:10:d4:64:e1:a8:65:0a:55:af:76:ac:39:
         33:74:0d:1b:be:02:6e:41:b0:dd:a9:fe:8b:72:15:27:e5:8c:
         0e:3d:e6:72:21:75:db:64:53:c5:1f:29:11:f3:5c:57:e3:53:
         6a:a8:2f:da:1c:4a:83:40:a5:58:7d:50:6f:b8:35:1f:48:7f:
         43:b4:de:e8:0d:2c:3d:f9:38:16:72:0f:34:57:e5:a8:04:0e:
         31:79:0c:2d:2e:9d:c0:70:d5:21:8b:5a:63:61:08:5c:08:d1:
         b2:fb:e9:71:76:72:1f:d2:57:32:4c:d1:21:da:61:6b:ca:3f:
         16:f4:0f:f5
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUTq1IKtwAdUbCclFWU2/oj93o15MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MTFaFw0yNjA2MTExNDEwMTFaMDMxMTAvBgNV
BAMTKDQxNEMxNjBFMjJDOEMzNDgzNUQ1NTc1Nzg5OEJEQTk2NUU4NDlBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCecmY+iOFqa7DMsRPKufwQN7fK
xpDC07XMLD8/2TVui9aBzL4Gfz0tRE2Zo5+U5v8gH/W+NrZdvvLv/kDL1sgvARie
uA7euob+rxSaS3v4NKeSAu7Onlm25CA98XHixA2wdVHhgi0X/AsqPQS+QdZ87cSd
K8yQbusH3Z7qmlnlo7qDJh25+p8mzTRrrZYac7Egtpk2FD7fdzpEMckDzW9sVMnC
AYWa5Xp+WqPIiwqvkN505U4bPebDiJL+mW1KxwCP4HsxdBvPWMk3BevkE7MYwHW+
bYbOZpZtPq7pJ28aKaJA19zjMqA6oNSn+hHFpC1Z+J1IumC9so2HaVHJ7FSDAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUQUwWDiLIw0g11VdXiYvall6Emp0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguH
BzANBgkqhkiG9w0BAQsFAAOCAQEAlrSxJSY00GBk8pwTEGNuuNwQOthrv0YOk+8C
BjQULhHgulP+j8osjUupUKWrEcb6TiiJzcfrlsdlHRlArrOGheBkz5wy8br5zxk9
CYQLNEFtCD+bzJ1iM+GEQ6zhsSpVm7jp1IHKinmomvkdoUrdpyoqzQCUjM3nGfTa
pf2/tW8q05ihENRk4ahlClWvdqw5M3QNG74CbkGw3an+i3IVJ+WMDj3mciF122RT
xR8pEfNcV+NTaqgv2hxKg0ClWH1Qb7g1H0h/Q7Te6A0sPfk4FnIPNFflqAQOMXkM
LS6dwHDVIYtaY2EIXAjRsvvpcXZyH9JXMkzRIdpha8o/FvQP9Q==
-----END CERTIFICATE-----