Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa
File:                     AS215727.roa (raw, json)
Hash identifier:          EJ1c1ftEkVNCgMSiECZ3+I5GhWpaNhi1C5/TBUGwDpc=
Subject key identifier:   CA:06:44:5E:CC:16:61:7F:8D:A4:EF:DD:6B:8B:9D:CF:6C:B2:EB:DF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7136C13C5F348B87F2559DEFBE3108C637F82159
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa
Signing time:             Sat 21 Mar 2026 00:00:12 +0000
ROA not before:           Fri 20 Mar 2026 23:55:12 +0000
ROA not after:            Sat 20 Mar 2027 00:00:12 +0000
asID:                     215727
IP address blocks:        82.24.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:43:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:36:c1:3c:5f:34:8b:87:f2:55:9d:ef:be:31:08:c6:37:f8:21:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 20 23:55:12 2026 GMT
            Not After : Mar 20 00:00:12 2027 GMT
        Subject: CN=CA06445ECC16617F8DA4EFDD6B8B9DCF6CB2EBDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:28:8f:c1:59:86:9e:c3:82:5f:b2:37:24:4e:
                    de:81:18:10:55:e0:05:ea:11:43:ae:cf:ad:a8:7e:
                    1d:b0:64:d9:3b:66:d8:a2:c9:34:c6:b7:b5:55:72:
                    b8:c6:14:e1:da:85:16:e5:73:3d:de:c2:c1:63:cb:
                    e5:b0:34:37:bc:65:1f:9b:bf:a6:f1:65:49:89:f9:
                    59:48:e0:01:c5:57:27:85:90:28:85:35:ac:1d:2f:
                    92:f7:9d:d2:bf:d6:a0:84:f8:80:f9:bc:7d:96:b8:
                    8a:c4:e8:fb:5f:79:60:9f:4a:1a:fc:6f:c6:78:1e:
                    e3:5a:66:e1:2a:76:14:3f:67:10:78:f6:48:c7:78:
                    89:0b:4c:49:3c:f0:8b:aa:2b:ab:ca:df:5b:23:8e:
                    1f:11:56:18:ba:dd:01:73:0e:1a:d2:44:cb:e6:99:
                    8b:07:97:d0:8b:a4:3e:39:07:31:af:d9:87:9d:51:
                    24:a8:16:39:55:2c:3f:18:24:c2:61:8e:71:64:8b:
                    60:b7:84:42:7e:07:b3:80:ac:06:2b:52:16:2d:af:
                    38:a7:a5:98:64:7a:2c:61:63:7b:67:00:d2:15:48:
                    0d:2f:62:2f:c7:dd:0f:10:20:1c:39:a1:a4:00:35:
                    08:d3:eb:93:39:40:f0:23:99:17:b0:43:41:c3:bb:
                    2f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:44:5E:CC:16:61:7F:8D:A4:EF:DD:6B:8B:9D:CF:6C:B2:EB:DF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215727.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:dd:6e:18:3e:10:d6:92:6b:16:79:04:2e:2f:77:78:8d:fe:
         b0:9e:4d:cd:dd:ec:c5:bc:6e:2e:3b:96:4f:91:3e:4b:49:4f:
         fe:9c:1e:fe:f6:cd:a1:d3:f2:d2:35:99:10:6d:6b:fb:de:37:
         f7:03:e5:c6:59:89:6e:14:9e:91:c0:88:84:73:10:88:c8:5b:
         b3:5c:7b:93:97:9f:67:b0:ad:5d:21:39:a7:28:28:f7:b9:6a:
         be:47:39:82:ad:67:6b:30:c4:08:9e:c8:c7:19:8e:04:a5:b3:
         12:8c:cc:b0:6b:0b:7a:d8:8c:2a:9d:ac:da:9e:7a:2b:4e:51:
         41:3b:c8:22:80:e1:9f:c0:0a:34:0a:43:e8:46:70:91:77:54:
         16:e6:68:d1:42:e4:8d:2a:7e:99:a0:39:f8:2e:31:1e:57:81:
         5c:7b:a8:27:2b:92:ff:e7:77:39:98:0c:fc:c0:42:b1:31:e2:
         36:c1:79:21:dd:88:53:d3:38:42:e8:90:0a:56:f5:78:b2:b2:
         20:c6:be:cd:28:58:12:51:f1:c3:0d:7f:8c:4e:56:e3:4a:cf:
         b7:b1:bf:65:d6:d1:9b:8b:15:c5:c9:04:06:85:08:93:39:15:
         ee:bd:e5:d5:02:80:19:ca:db:ed:e6:0d:ba:a0:ab:75:91:5b:
         6a:58:25:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcTbBPF80i4fyVZ3vvjEIxjf4IVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjAyMzU1MTJaFw0yNzAzMjAwMDAwMTJaMDMxMTAvBgNV
BAMTKENBMDY0NDVFQ0MxNjYxN0Y4REE0RUZERDZCOEI5RENGNkNCMkVCREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYKI/BWYaew4JfsjckTt6BGBBV
4AXqEUOuz62ofh2wZNk7ZtiiyTTGt7VVcrjGFOHahRblcz3ewsFjy+WwNDe8ZR+b
v6bxZUmJ+VlI4AHFVyeFkCiFNawdL5L3ndK/1qCE+ID5vH2WuIrE6PtfeWCfShr8
b8Z4HuNaZuEqdhQ/ZxB49kjHeIkLTEk88IuqK6vK31sjjh8RVhi63QFzDhrSRMvm
mYsHl9CLpD45BzGv2YedUSSoFjlVLD8YJMJhjnFki2C3hEJ+B7OArAYrUhYtrzin
pZhkeixhY3tnANIVSA0vYi/H3Q8QIBw5oaQANQjT65M5QPAjmRewQ0HDuy8/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUygZEXswWYX+NpO/da4udz2yy698wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NzI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhiv
MA0GCSqGSIb3DQEBCwUAA4IBAQCE3W4YPhDWkmsWeQQuL3d4jf6wnk3N3ezFvG4u
O5ZPkT5LSU/+nB7+9s2h0/LSNZkQbWv73jf3A+XGWYluFJ6RwIiEcxCIyFuzXHuT
l59nsK1dITmnKCj3uWq+RzmCrWdrMMQInsjHGY4EpbMSjMywawt62Iwqnazannor
TlFBO8gigOGfwAo0CkPoRnCRd1QW5mjRQuSNKn6ZoDn4LjEeV4Fce6gnK5L/53c5
mAz8wEKxMeI2wXkh3YhT0zhC6JAKVvV4srIgxr7NKFgSUfHDDX+MTlbjSs+3sb9l
1tGbixXFyQQGhQiTORXuveXVAoAZytvt5g26oKt1kVtqWCUg
-----END CERTIFICATE-----