Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          x7zdtR5Gix7xJ6+L6Os0Fi7jzuL/cu3618yUzu1zLtw=
Subject key identifier:   C9:72:41:EF:76:8E:7A:4C:43:81:1D:60:41:96:79:BB:66:A5:2D:73
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4A113B6246F5501BC13CB45356B6A9AC618FCCCD
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa
Signing time:             Mon 16 Mar 2026 07:39:17 +0000
ROA not before:           Mon 16 Mar 2026 07:34:17 +0000
ROA not after:            Mon 15 Mar 2027 07:39:17 +0000
asID:                     215287
IP address blocks:        82.38.131.0/24 maxlen: 24
                          82.39.119.0/24 maxlen: 24
                          82.40.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:11:3b:62:46:f5:50:1b:c1:3c:b4:53:56:b6:a9:ac:61:8f:cc:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 16 07:34:17 2026 GMT
            Not After : Mar 15 07:39:17 2027 GMT
        Subject: CN=C97241EF768E7A4C43811D60419679BB66A52D73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a2:a5:30:15:2e:a0:8a:68:0e:ff:b4:fc:79:
                    57:c9:c3:eb:c2:20:4b:18:e2:3b:de:fb:e7:53:f8:
                    b5:2a:e5:a4:8e:04:48:b9:78:42:b0:25:ec:63:80:
                    a6:80:6c:a2:ec:3b:89:ca:36:ed:ab:5f:62:b2:e6:
                    49:df:36:17:c4:9c:fd:ed:e7:4b:54:67:6e:48:ef:
                    85:ed:20:24:9d:c1:d4:f4:0a:a1:b8:af:11:80:7f:
                    51:b7:c7:f7:a0:aa:52:04:b4:5b:45:16:1a:e1:49:
                    4a:99:28:06:5e:c7:f2:ce:d4:5c:40:37:ab:38:fb:
                    ca:49:39:4e:8e:de:73:81:b6:9e:5c:c5:35:ba:77:
                    14:15:29:3d:a8:9e:63:c8:2e:90:32:f7:10:0f:99:
                    e4:f1:f0:f7:50:a4:72:80:91:74:7c:78:e3:cc:32:
                    1f:09:f6:74:1e:1d:a3:15:b9:b2:e9:9f:8b:63:80:
                    12:6c:91:00:f1:0c:2a:ee:87:b7:65:97:5a:4d:72:
                    bf:e9:bb:eb:2f:8e:42:34:4a:f0:51:70:53:19:b8:
                    92:4c:f2:5d:ef:c5:32:f1:1b:1e:a4:eb:7e:12:db:
                    dc:92:4c:f3:92:73:0c:4a:d4:de:f7:80:8e:75:69:
                    dd:8b:25:82:d2:b1:0e:7f:84:97:c4:4a:3d:48:bf:
                    f1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:72:41:EF:76:8E:7A:4C:43:81:1D:60:41:96:79:BB:66:A5:2D:73
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.131.0/24
                  82.39.119.0/24
                  82.40.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:fa:8d:a8:b8:97:68:f2:29:c7:85:2b:33:d5:d2:fc:11:9f:
         ff:c6:34:a7:3b:22:93:ff:93:23:96:75:fa:96:a6:5a:df:54:
         a2:4a:fa:64:d4:34:3a:45:2f:aa:7c:65:5d:12:52:4c:6b:82:
         b5:77:08:40:92:38:77:a4:42:26:51:29:8c:52:b6:b5:8a:f6:
         b4:4e:88:98:ea:d9:33:8f:6a:12:27:8b:da:14:32:15:2b:13:
         d3:4c:e1:63:54:3e:30:e4:41:40:fa:3e:b1:8b:de:eb:88:f0:
         69:dc:61:25:3e:3d:b2:41:29:b0:df:18:48:19:05:25:b1:e7:
         c2:47:cf:cc:4a:d2:1c:d6:42:af:2c:80:10:39:ae:17:f2:3b:
         d4:22:81:75:7f:96:ab:b9:09:76:8b:72:a5:a4:a5:9b:65:1d:
         a7:a1:7c:21:9a:08:ed:ca:f5:e9:2f:f8:b3:12:80:cb:0a:57:
         fd:55:0c:c1:f0:a1:92:ae:79:a9:ce:5f:f5:04:0d:54:04:df:
         36:0e:ac:02:bd:ee:f2:49:ea:b9:a1:ed:d4:ca:d9:00:fd:78:
         db:9f:91:97:a2:e3:8b:40:0d:aa:46:3e:26:37:11:b4:89:61:
         8b:e8:04:3b:03:2f:50:c6:7d:d8:50:12:5c:8e:87:5e:9e:a1:
         10:47:65:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUShE7Ykb1UBvBPLRTVraprGGPzM0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTYwNzM0MTdaFw0yNzAzMTUwNzM5MTdaMDMxMTAvBgNV
BAMTKEM5NzI0MUVGNzY4RTdBNEM0MzgxMUQ2MDQxOTY3OUJCNjZBNTJENzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+oqUwFS6gimgO/7T8eVfJw+vC
IEsY4jve++dT+LUq5aSOBEi5eEKwJexjgKaAbKLsO4nKNu2rX2Ky5knfNhfEnP3t
50tUZ25I74XtICSdwdT0CqG4rxGAf1G3x/egqlIEtFtFFhrhSUqZKAZex/LO1FxA
N6s4+8pJOU6O3nOBtp5cxTW6dxQVKT2onmPILpAy9xAPmeTx8PdQpHKAkXR8eOPM
Mh8J9nQeHaMVubLpn4tjgBJskQDxDCruh7dll1pNcr/pu+svjkI0SvBRcFMZuJJM
8l3vxTLxGx6k634S29ySTPOScwxK1N73gI51ad2LJYLSsQ5/hJfESj1Iv/GxAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUyXJB73aOekxDgR1gQZZ5u2alLXMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUiaD
AwQAUid3AwQAUig/MA0GCSqGSIb3DQEBCwUAA4IBAQAv+o2ouJdo8inHhSsz1dL8
EZ//xjSnOyKT/5MjlnX6lqZa31SiSvpk1DQ6RS+qfGVdElJMa4K1dwhAkjh3pEIm
USmMUra1iva0ToiY6tkzj2oSJ4vaFDIVKxPTTOFjVD4w5EFA+j6xi97riPBp3GEl
Pj2yQSmw3xhIGQUlsefCR8/MStIc1kKvLIAQOa4X8jvUIoF1f5aruQl2i3KlpKWb
ZR2noXwhmgjtyvXpL/izEoDLClf9VQzB8KGSrnmpzl/1BA1UBN82DqwCve7ySeq5
oe3UytkA/Xjbn5GXouOLQA2qRj4mNxG0iWGL6AQ7Ay9Qxn3YUBJcjodenqEQR2X3
-----END CERTIFICATE-----