Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa
File:                     AS215353.roa (raw, json)
Hash identifier:          R4SC5k8CHeorLPjWEm1ILlQhUmoUz6BMJqyaryxWWn0=
Subject key identifier:   6F:66:F9:1A:2E:CC:46:91:C1:D2:25:8C:F8:45:CD:5A:4C:61:98:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7E6CC4164F924C7C0EC11A91F62AD4FB35A3AB02
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa
Signing time:             Fri 06 Mar 2026 10:15:28 +0000
ROA not before:           Fri 06 Mar 2026 10:10:28 +0000
ROA not after:            Fri 05 Mar 2027 10:15:28 +0000
asID:                     215353
IP address blocks:        82.41.51.0/24 maxlen: 24
                          2a13:9500:bf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:6c:c4:16:4f:92:4c:7c:0e:c1:1a:91:f6:2a:d4:fb:35:a3:ab:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  6 10:10:28 2026 GMT
            Not After : Mar  5 10:15:28 2027 GMT
        Subject: CN=6F66F91A2ECC4691C1D2258CF845CD5A4C619871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e7:3e:66:c3:b3:8b:9b:14:f1:b7:ae:b8:86:
                    3e:fd:48:60:35:82:1a:6e:15:6c:8d:c1:62:aa:a4:
                    14:47:18:02:07:19:4b:0d:8f:f7:89:72:cf:2d:22:
                    94:b3:40:d4:b2:6f:14:ee:b7:ab:f9:5d:60:7f:fe:
                    28:8a:7d:2b:b1:47:29:b6:47:1e:89:ca:fa:d4:91:
                    96:34:d0:26:a6:5c:0a:85:a9:d1:48:1d:0d:36:cf:
                    ff:3a:5e:f5:03:01:87:33:12:6a:4c:e4:b2:30:25:
                    8e:50:75:66:7e:f7:cb:9d:91:a5:e1:96:49:9a:fa:
                    fb:33:12:de:80:b2:6e:14:e7:e7:5f:3c:52:83:09:
                    a6:88:80:b5:1a:b8:5e:a9:54:e3:16:35:95:c3:2f:
                    8c:4f:44:7d:7f:80:11:b8:31:01:da:d4:bd:6b:de:
                    83:85:6f:42:20:83:74:36:a5:6e:8c:a8:ed:dd:2d:
                    b1:04:04:f6:6b:31:09:39:ee:4d:ca:8c:83:39:eb:
                    47:21:f2:99:74:82:ed:d7:4b:98:16:af:88:87:fb:
                    18:d3:82:ce:27:5c:d1:ac:0c:2c:f9:36:f6:58:ea:
                    2a:fb:84:9d:e8:b6:8f:a5:ed:85:92:76:38:cb:fb:
                    2c:d0:93:63:31:17:da:09:71:ff:5e:2e:fe:67:1d:
                    34:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:66:F9:1A:2E:CC:46:91:C1:D2:25:8C:F8:45:CD:5A:4C:61:98:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.51.0/24
                IPv6:
                  2a13:9500:bf::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:3c:da:58:fb:57:43:64:35:64:e5:d5:96:5b:27:e7:54:ec:
         0f:bf:b3:6e:19:12:44:ec:43:d6:a3:62:fd:42:e8:b9:03:55:
         b9:b9:62:c2:30:55:6c:ef:17:51:b8:eb:91:96:23:51:93:05:
         40:45:4a:a6:ef:a2:0c:d5:2d:7c:06:56:eb:b6:5d:77:15:2c:
         d0:17:56:ad:bb:39:b0:df:f7:54:bc:de:95:a3:8c:a7:ee:71:
         2d:f6:08:b9:50:f9:3e:e0:15:d2:54:5f:4c:8e:f6:dd:47:c8:
         cb:1b:1b:87:05:f1:31:98:4c:fa:a0:e6:66:70:42:ca:4e:00:
         d7:32:3c:cf:ef:57:02:71:88:90:ac:38:e3:14:d0:26:73:bc:
         50:cb:2f:65:a8:f7:64:53:0c:70:41:48:3b:eb:6b:db:bf:d1:
         22:f3:ce:5a:84:1a:e0:57:b7:70:80:22:0e:c6:06:cc:37:cd:
         ac:ad:55:44:ca:bc:2c:b2:27:4e:a8:7e:ed:7b:5b:b5:78:49:
         3b:da:3e:9d:6b:1a:98:a9:76:74:b9:04:3b:af:7e:dd:f8:0a:
         82:d6:d4:2b:40:07:70:28:dc:34:dd:46:e2:35:af:1d:8a:28:
         a6:b7:49:cc:11:1d:6f:c8:3d:42:45:2a:9a:51:61:63:d1:4e:
         2c:05:36:c2
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUfmzEFk+STHwOwRqR9irU+zWjqwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDYxMDEwMjhaFw0yNzAzMDUxMDE1MjhaMDMxMTAvBgNV
BAMTKDZGNjZGOTFBMkVDQzQ2OTFDMUQyMjU4Q0Y4NDVDRDVBNEM2MTk4NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe5z5mw7OLmxTxt664hj79SGA1
ghpuFWyNwWKqpBRHGAIHGUsNj/eJcs8tIpSzQNSybxTut6v5XWB//iiKfSuxRym2
Rx6JyvrUkZY00CamXAqFqdFIHQ02z/86XvUDAYczEmpM5LIwJY5QdWZ+98udkaXh
lkma+vszEt6Asm4U5+dfPFKDCaaIgLUauF6pVOMWNZXDL4xPRH1/gBG4MQHa1L1r
3oOFb0Igg3Q2pW6MqO3dLbEEBPZrMQk57k3KjIM560ch8pl0gu3XS5gWr4iH+xjT
gs4nXNGsDCz5NvZY6ir7hJ3oto+l7YWSdjjL+yzQk2MxF9oJcf9eLv5nHTSZAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUb2b5Gi7MRpHB0iWM+EXNWkxhmHEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUikz
MA8EAgACMAkDBwAqE5UAAL8wDQYJKoZIhvcNAQELBQADggEBABw82lj7V0NkNWTl
1ZZbJ+dU7A+/s24ZEkTsQ9ajYv1C6LkDVbm5YsIwVWzvF1G465GWI1GTBUBFSqbv
ogzVLXwGVuu2XXcVLNAXVq27ObDf91S83pWjjKfucS32CLlQ+T7gFdJUX0yO9t1H
yMsbG4cF8TGYTPqg5mZwQspOANcyPM/vVwJxiJCsOOMU0CZzvFDLL2Wo92RTDHBB
SDvra9u/0SLzzlqEGuBXt3CAIg7GBsw3zaytVUTKvCyyJ06ofu17W7V4STvaPp1r
GpipdnS5BDuvft34CoLW1CtAB3Ao3DTdRuI1rx2KKKa3ScwRHW/IPUJFKppRYWPR
TiwFNsI=
-----END CERTIFICATE-----