Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215819.roa
File:                     AS215819.roa (raw, json)
Hash identifier:          2xBpsaKyjpZR8SxgHsoK4PgvgKiPf3vJpkVwm840ir4=
Subject key identifier:   CE:A6:8C:47:2B:43:8D:FB:FB:9F:32:79:E5:A6:5A:6D:80:9B:04:AA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       21610E0FA554FB3ACB57057931E37C21D85B2BF1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215819.roa
Signing time:             Thu 12 Jun 2025 14:10:08 +0000
ROA not before:           Thu 12 Jun 2025 14:05:08 +0000
ROA not after:            Thu 11 Jun 2026 14:10:08 +0000
asID:                     215819
IP address blocks:        2a0b:8706::/32 maxlen: 48
                          2a0c:fa45::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:61:0e:0f:a5:54:fb:3a:cb:57:05:79:31:e3:7c:21:d8:5b:2b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:08 2025 GMT
            Not After : Jun 11 14:10:08 2026 GMT
        Subject: CN=CEA68C472B438DFBFB9F3279E5A65A6D809B04AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ac:79:7f:cc:e8:18:0e:ce:6b:2c:6f:36:98:
                    a0:d5:f3:06:a7:e3:f6:9e:98:b0:79:fe:a4:07:5d:
                    86:e0:17:49:87:c5:f1:6b:4e:6c:bf:68:86:0d:30:
                    51:06:b1:33:e3:f5:88:46:2b:17:b5:22:cf:43:13:
                    2a:18:88:cc:19:2a:ce:13:f1:d7:01:13:52:06:f8:
                    4a:73:10:ae:ad:b4:e1:ce:0b:c3:0b:39:b9:83:ff:
                    10:c6:90:74:3e:d2:6d:3e:05:83:2e:11:36:4f:7a:
                    72:73:f0:10:1f:ab:ab:41:2c:fd:66:bd:9d:ad:8c:
                    98:e5:5b:5c:b7:7b:15:da:4f:dc:9c:d3:44:2c:b3:
                    2a:2c:0c:6d:45:ab:b3:fb:bd:cb:bf:60:b0:4f:8e:
                    3b:ad:4e:a9:a3:b5:91:21:6e:70:48:cd:dc:19:cf:
                    b6:6f:19:00:1c:0d:03:c8:28:f1:3a:d6:e9:b8:f5:
                    c0:1a:7e:31:6b:db:5b:be:d3:e8:71:05:cc:8d:e8:
                    65:dd:c7:51:85:b3:6a:01:3a:2f:44:99:ea:47:33:
                    89:cb:25:07:b3:69:05:45:b2:5e:d3:c8:d4:8b:3c:
                    f9:23:48:47:df:12:51:4d:6b:7e:3d:b2:55:a9:09:
                    1a:89:bc:2f:5c:84:b1:7c:9b:d3:b5:97:54:ce:4a:
                    73:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A6:8C:47:2B:43:8D:FB:FB:9F:32:79:E5:A6:5A:6D:80:9B:04:AA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215819.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8706::/32
                  2a0c:fa45::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:f7:1a:17:22:90:cf:d6:39:f9:fb:47:f1:e8:92:8a:7d:b7:
         78:d3:cd:76:1e:76:0c:57:0d:0e:45:cf:df:4a:87:7b:a1:c2:
         9a:a6:86:e0:3e:d3:1b:15:f1:95:b9:bb:c7:a2:64:e8:9e:82:
         4d:66:92:2e:92:06:dc:bd:d5:a0:fa:9e:2c:57:dd:d2:d1:8e:
         f8:81:5a:ed:be:63:7f:25:de:9b:c3:91:a6:03:fe:15:28:1d:
         a1:a2:63:7e:63:63:7c:03:4d:1f:c6:88:cf:89:32:a4:7a:f5:
         61:fc:60:a5:8b:e3:39:06:0a:c6:f3:11:84:7d:fe:ba:ae:d7:
         02:13:d7:76:49:03:34:f5:f1:6c:4e:bc:c5:a9:c5:3b:b2:4d:
         29:38:62:91:45:14:ab:58:2b:05:99:2b:41:39:56:2b:0c:7d:
         10:a9:e9:dc:79:c0:72:c3:5e:52:49:95:b5:6a:cb:ec:84:5a:
         45:9a:06:9c:6d:8a:28:fa:1f:e9:47:ff:1b:ca:18:05:02:51:
         6b:b9:c1:14:5c:fa:23:50:f3:6f:91:b2:52:41:5c:8b:1d:4d:
         b9:fe:b8:5b:9b:08:aa:dc:ce:30:25:9b:44:76:25:8d:29:75:
         1d:b8:95:84:aa:7e:88:15:4b:4a:2c:fc:fb:21:4f:0e:93:49:
         65:84:20:21
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUIWEOD6VU+zrLVwV5MeN8IdhbK/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MDhaFw0yNjA2MTExNDEwMDhaMDMxMTAvBgNV
BAMTKENFQTY4QzQ3MkI0MzhERkJGQjlGMzI3OUU1QTY1QTZEODA5QjA0QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzrHl/zOgYDs5rLG82mKDV8wan
4/aemLB5/qQHXYbgF0mHxfFrTmy/aIYNMFEGsTPj9YhGKxe1Is9DEyoYiMwZKs4T
8dcBE1IG+EpzEK6ttOHOC8MLObmD/xDGkHQ+0m0+BYMuETZPenJz8BAfq6tBLP1m
vZ2tjJjlW1y3exXaT9yc00QssyosDG1Fq7P7vcu/YLBPjjutTqmjtZEhbnBIzdwZ
z7ZvGQAcDQPIKPE61um49cAafjFr21u+0+hxBcyN6GXdx1GFs2oBOi9EmepHM4nL
JQezaQVFsl7TyNSLPPkjSEffElFNa349slWpCRqJvC9chLF8m9O1l1TOSnO5AgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUzqaMRytDjfv7nzJ55aZabYCbBKowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1ODE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKguH
BgMFACoM+kUwDQYJKoZIhvcNAQELBQADggEBAED3GhcikM/WOfn7R/Hokop9t3jT
zXYedgxXDQ5Fz99Kh3uhwpqmhuA+0xsV8ZW5u8eiZOiegk1mki6SBty91aD6nixX
3dLRjviBWu2+Y38l3pvDkaYD/hUoHaGiY35jY3wDTR/GiM+JMqR69WH8YKWL4zkG
CsbzEYR9/rqu1wIT13ZJAzT18WxOvMWpxTuyTSk4YpFFFKtYKwWZK0E5VisMfRCp
6dx5wHLDXlJJlbVqy+yEWkWaBpxtiij6H+lH/xvKGAUCUWu5wRRc+iNQ82+RslJB
XIsdTbn+uFubCKrczjAlm0R2JY0pdR24lYSqfogVS0os/PshTw6TSWWEICE=
-----END CERTIFICATE-----