Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa
File:                     AS215459.roa (raw, json)
Hash identifier:          Wt4nmQqEmcrU2Z/QYcuekJljMG52DsxxY25pPJtMsTg=
Subject key identifier:   25:A1:4E:62:92:86:79:E6:B7:21:3C:F4:7D:39:BB:D8:9C:84:9D:C5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2782A3451B472A61BA47C412C3188E2CEEE774B2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa
Signing time:             Tue 17 Mar 2026 14:10:04 +0000
ROA not before:           Tue 17 Mar 2026 14:05:04 +0000
ROA not after:            Tue 16 Mar 2027 14:10:04 +0000
asID:                     215459
IP address blocks:        82.38.120.0/24 maxlen: 24
                          2a13:9500:12a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:82:a3:45:1b:47:2a:61:ba:47:c4:12:c3:18:8e:2c:ee:e7:74:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 17 14:05:04 2026 GMT
            Not After : Mar 16 14:10:04 2027 GMT
        Subject: CN=25A14E62928679E6B7213CF47D39BBD89C849DC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7a:c0:92:af:c2:53:d9:9e:6f:50:75:e8:d4:
                    a3:bb:63:a5:d6:36:4b:d2:3a:f7:f8:44:58:b4:44:
                    cf:7a:67:90:6c:93:b4:dd:5b:e2:7b:0b:bb:50:be:
                    ca:58:5f:56:c8:25:e5:06:51:ed:5e:fb:4a:b6:52:
                    ac:37:41:47:81:35:e2:84:d6:12:c8:73:01:9e:1f:
                    73:81:cf:88:da:18:da:5a:31:22:fc:e8:34:be:8a:
                    2a:8e:9e:9a:4a:f0:27:0c:ea:47:3f:c9:a3:a7:26:
                    ec:c9:52:3d:21:a5:2b:ea:b4:c3:76:75:4b:ee:25:
                    ee:51:bf:4a:15:24:79:39:7d:90:18:10:61:d0:ec:
                    8d:0c:8d:8c:c8:4d:7d:b4:c7:49:ce:bb:5e:d1:64:
                    38:58:e6:2c:cb:93:25:82:3b:44:52:78:fc:fa:1b:
                    a8:09:d5:1c:f2:7d:fa:c6:79:5f:08:79:a4:ed:2c:
                    f4:de:18:61:a1:d2:c2:70:51:5c:20:cc:95:f9:95:
                    74:7f:2e:d5:08:c9:7b:40:76:33:20:38:7b:4e:97:
                    78:3f:bc:c4:df:77:6f:e4:19:8d:b0:00:26:ed:74:
                    df:98:38:c4:0d:96:1e:69:c2:0d:53:56:80:4d:14:
                    79:0b:b5:bd:52:26:be:26:31:b5:cc:79:8f:29:80:
                    bd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A1:4E:62:92:86:79:E6:B7:21:3C:F4:7D:39:BB:D8:9C:84:9D:C5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.120.0/24
                IPv6:
                  2a13:9500:12a::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:08:24:a0:2c:6e:39:87:f5:c8:c4:55:e4:11:35:0a:eb:74:
         79:3a:f5:49:68:d1:72:4b:6a:56:38:99:67:5a:10:4c:b8:0a:
         2a:ec:74:20:df:49:e8:f3:5c:df:df:d3:03:d1:04:21:60:a0:
         9e:37:42:37:5e:f0:e9:ce:b5:6f:8d:35:78:32:84:83:cd:eb:
         b6:09:c7:08:7d:48:b6:40:40:8a:be:8c:bc:53:30:76:e2:a4:
         54:b8:38:09:8b:9d:2c:c2:ac:9f:c8:0e:ee:c1:9a:c0:af:7f:
         c9:9a:b4:7c:79:96:e2:76:76:59:3e:0f:17:3f:6a:3d:b7:19:
         a0:1d:28:d2:dc:51:6d:d1:f4:0a:ed:4c:b3:4a:d0:19:3f:ec:
         c7:57:87:93:4a:00:8c:11:7d:bc:1e:94:d5:14:58:00:0a:b5:
         ed:85:38:f2:87:1c:d2:0e:d2:92:48:d8:4d:1d:39:3c:b4:5e:
         72:28:6d:c4:b8:91:0c:97:13:c6:5e:fb:17:7d:28:b6:68:23:
         6c:39:83:d9:46:43:33:f3:29:56:f3:6b:25:9f:7b:d2:dc:f4:
         c5:b7:82:e5:85:5c:55:b8:da:62:29:fd:72:16:b5:41:a6:a7:
         b7:0d:59:53:d7:4f:06:ff:70:5f:e7:ec:d0:e0:9c:a5:45:60:
         82:2e:6b:b2
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUJ4KjRRtHKmG6R8QSwxiOLO7ndLIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTcxNDA1MDRaFw0yNzAzMTYxNDEwMDRaMDMxMTAvBgNV
BAMTKDI1QTE0RTYyOTI4Njc5RTZCNzIxM0NGNDdEMzlCQkQ4OUM4NDlEQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKesCSr8JT2Z5vUHXo1KO7Y6XW
NkvSOvf4RFi0RM96Z5Bsk7TdW+J7C7tQvspYX1bIJeUGUe1e+0q2Uqw3QUeBNeKE
1hLIcwGeH3OBz4jaGNpaMSL86DS+iiqOnppK8CcM6kc/yaOnJuzJUj0hpSvqtMN2
dUvuJe5Rv0oVJHk5fZAYEGHQ7I0MjYzITX20x0nOu17RZDhY5izLkyWCO0RSePz6
G6gJ1RzyffrGeV8IeaTtLPTeGGGh0sJwUVwgzJX5lXR/LtUIyXtAdjMgOHtOl3g/
vMTfd2/kGY2wACbtdN+YOMQNlh5pwg1TVoBNFHkLtb1SJr4mMbXMeY8pgL1PAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUJaFOYpKGeea3ITz0fTm72JyEncUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUiZ4
MA8EAgACMAkDBwAqE5UAASowDQYJKoZIhvcNAQELBQADggEBAA0IJKAsbjmH9cjE
VeQRNQrrdHk69Ulo0XJLalY4mWdaEEy4CirsdCDfSejzXN/f0wPRBCFgoJ43Qjde
8OnOtW+NNXgyhIPN67YJxwh9SLZAQIq+jLxTMHbipFS4OAmLnSzCrJ/IDu7BmsCv
f8matHx5luJ2dlk+Dxc/aj23GaAdKNLcUW3R9ArtTLNK0Bk/7MdXh5NKAIwRfbwe
lNUUWAAKte2FOPKHHNIO0pJI2E0dOTy0XnIobcS4kQyXE8Ze+xd9KLZoI2w5g9lG
QzPzKVbzayWfe9Lc9MW3guWFXFW42mIp/XIWtUGmp7cNWVPXTwb/cF/n7NDgnKVF
YIIua7I=
-----END CERTIFICATE-----