Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS215540.roa
File:                     AS215540.roa (raw, json)
Hash identifier:          SNS+le//SAZrjn+mq1N5CbKteOSgOJKb6NNuJldHnzc=
Subject key identifier:   5C:2D:BF:FE:02:50:BD:0E:F4:0F:DC:A7:D7:12:5F:EA:9D:85:2F:EC
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       F1387AA27CA496594ADB2D337BD42F7B345641
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS215540.roa
Signing time:             Mon 20 Apr 2026 12:15:21 +0000
ROA not before:           Mon 20 Apr 2026 12:10:21 +0000
ROA not after:            Mon 19 Apr 2027 12:15:21 +0000
asID:                     215540
IP address blocks:        139.28.240.0/24 maxlen: 24
                          139.28.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f1:38:7a:a2:7c:a4:96:59:4a:db:2d:33:7b:d4:2f:7b:34:56:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 20 12:10:21 2026 GMT
            Not After : Apr 19 12:15:21 2027 GMT
        Subject: CN=5C2DBFFE0250BD0EF40FDCA7D7125FEA9D852FEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3c:ef:f4:52:f7:5b:a4:b1:cc:01:da:ad:7c:
                    fd:8a:a0:bf:60:da:fa:07:57:b1:dc:f4:da:09:b1:
                    8e:bd:b5:4f:97:4e:df:67:fc:aa:95:15:e7:b1:16:
                    b3:ce:da:42:37:b0:06:7a:25:28:b3:fd:7c:92:1b:
                    3b:36:78:93:b4:e2:90:3c:cf:82:fc:7e:da:3f:a5:
                    93:a6:3f:b6:28:43:38:94:c3:cb:c8:ac:aa:1e:3f:
                    7b:46:61:9d:96:70:b0:38:b2:c7:0e:17:1f:34:03:
                    81:a8:23:04:cc:24:98:ff:ea:a9:55:6f:01:db:b3:
                    9a:ba:30:e5:a9:6c:81:4a:46:04:e8:b9:6f:f9:d3:
                    f0:8b:a4:4c:97:2f:b8:eb:f9:62:6c:aa:90:1b:20:
                    3c:0e:3a:4c:73:4f:02:a0:c2:e0:76:db:e6:d5:70:
                    ee:96:c6:01:6f:be:13:b6:bd:f8:25:d1:14:42:f4:
                    c5:90:c3:29:72:55:36:cf:44:85:47:01:3d:f7:d9:
                    f3:bb:53:2c:52:07:98:a3:36:6d:8e:56:ca:e8:10:
                    8a:74:29:e6:62:e1:7f:2c:44:e5:db:ad:d3:4a:35:
                    00:75:90:59:80:2c:3b:06:01:7d:fb:61:a2:ed:11:
                    0e:78:3d:00:19:a5:4f:5e:57:19:47:a9:72:b6:bd:
                    6d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2D:BF:FE:02:50:BD:0E:F4:0F:DC:A7:D7:12:5F:EA:9D:85:2F:EC
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS215540.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e1:2d:1f:55:27:8c:d2:fc:fa:8e:31:a5:7f:86:27:cb:60:76:
         93:d8:fc:9f:c0:b1:14:fe:23:32:b6:cc:50:cd:a1:90:e5:ae:
         76:34:f6:19:e0:61:06:e6:f1:43:2d:8c:27:63:b4:0c:52:ad:
         63:5b:8c:42:38:ae:17:38:d2:90:ba:9a:67:33:a8:ef:ec:28:
         01:e3:e5:ee:67:bc:94:82:86:52:d8:f3:af:07:4f:a0:0d:88:
         a6:83:0c:8e:c8:08:18:03:e4:7c:dd:a2:b9:bb:cb:5e:b7:e3:
         fb:2b:f6:8b:59:a5:b2:ec:48:5a:05:59:e6:4e:1f:c1:a0:be:
         26:db:de:bd:f5:21:11:80:34:de:f2:23:bf:a9:e7:c1:51:23:
         47:b1:6c:14:5d:61:d8:85:2e:53:38:d0:4b:05:48:35:93:6b:
         ac:40:d5:a9:54:7f:28:ae:8d:45:79:bb:a1:37:57:de:23:aa:
         28:b8:14:a9:fb:79:39:be:c7:91:e0:68:cb:72:7d:44:d8:8a:
         5c:77:fd:b4:b3:7b:af:a7:19:36:21:34:d0:5e:58:60:85:11:
         a3:31:f3:86:77:e9:fe:fa:ba:ba:4c:54:ae:e8:41:42:7e:1e:
         b7:b9:1f:f3:bc:be:63:4e:94:44:0c:04:3b:33:09:19:2f:89:
         49:c5:2c:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAPE4eqJ8pJZZStstM3vUL3s0VkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MjAxMjEwMjFaFw0yNzA0MTkxMjE1MjFaMDMxMTAvBgNV
BAMTKDVDMkRCRkZFMDI1MEJEMEVGNDBGRENBN0Q3MTI1RkVBOUQ4NTJGRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXPO/0UvdbpLHMAdqtfP2KoL9g
2voHV7Hc9NoJsY69tU+XTt9n/KqVFeexFrPO2kI3sAZ6JSiz/XySGzs2eJO04pA8
z4L8fto/pZOmP7YoQziUw8vIrKoeP3tGYZ2WcLA4sscOFx80A4GoIwTMJJj/6qlV
bwHbs5q6MOWpbIFKRgTouW/50/CLpEyXL7jr+WJsqpAbIDwOOkxzTwKgwuB22+bV
cO6WxgFvvhO2vfgl0RRC9MWQwylyVTbPRIVHAT332fO7UyxSB5ijNm2OVsroEIp0
KeZi4X8sROXbrdNKNQB1kFmALDsGAX37YaLtEQ54PQAZpU9eVxlHqXK2vW3nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXC2//gJQvQ70D9yn1xJf6p2FL+wwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjE1NTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBixzw
MA0GCSqGSIb3DQEBCwUAA4IBAQDhLR9VJ4zS/PqOMaV/hifLYHaT2PyfwLEU/iMy
tsxQzaGQ5a52NPYZ4GEG5vFDLYwnY7QMUq1jW4xCOK4XONKQuppnM6jv7CgB4+Xu
Z7yUgoZS2POvB0+gDYimgwyOyAgYA+R83aK5u8tet+P7K/aLWaWy7EhaBVnmTh/B
oL4m29699SERgDTe8iO/qefBUSNHsWwUXWHYhS5TONBLBUg1k2usQNWpVH8oro1F
ebuhN1feI6oouBSp+3k5vseR4GjLcn1E2Ipcd/20s3uvpxk2ITTQXlhghRGjMfOG
d+n++rq6TFSu6EFCfh63uR/zvL5jTpREDAQ7MwkZL4lJxSw+
-----END CERTIFICATE-----