Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215975.roa
File:                     AS215975.roa (raw, json)
Hash identifier:          AGLWw5aqexnlxkvi6aECCctR8QtP/Ey1BYx0vW3Zg+g=
Subject key identifier:   FC:95:6F:C4:C9:0F:C8:91:09:47:57:72:CF:80:61:52:BF:34:F4:F6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6C48B943B9D9785A3B752228A128E80C40EB941F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215975.roa
Signing time:             Mon 27 Apr 2026 07:07:28 +0000
ROA not before:           Mon 27 Apr 2026 07:02:28 +0000
ROA not after:            Mon 26 Apr 2027 07:07:28 +0000
asID:                     215975
IP address blocks:        82.29.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:48:b9:43:b9:d9:78:5a:3b:75:22:28:a1:28:e8:0c:40:eb:94:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 27 07:02:28 2026 GMT
            Not After : Apr 26 07:07:28 2027 GMT
        Subject: CN=FC956FC4C90FC89109475772CF806152BF34F4F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7a:9b:a3:08:f0:af:8b:2f:2d:f8:46:00:83:
                    6a:b9:1d:ea:e1:d7:8b:08:dc:6a:d9:87:ff:5b:c2:
                    ab:83:55:96:72:02:7f:89:10:bc:7c:8a:9b:07:05:
                    07:80:4a:21:fc:2a:13:43:1f:c8:5c:80:0b:e4:29:
                    36:25:bb:7c:d4:26:3c:7b:f9:ff:d9:c3:ad:dc:8a:
                    00:55:4a:4b:cd:fa:9a:f2:7f:3d:24:34:7e:31:64:
                    a4:d1:30:42:cf:de:fc:34:8d:19:5f:ae:cc:c8:ca:
                    6f:ff:9a:59:9b:4d:d9:5e:8a:e8:98:0c:6c:b9:0d:
                    47:f7:f3:b5:24:a0:e3:3e:e6:c5:99:fa:25:d2:ff:
                    6b:01:e5:73:f4:ff:a0:1b:97:2a:90:a6:51:d9:f9:
                    47:02:53:10:13:cf:2f:f2:39:1f:4f:e1:68:f7:5e:
                    06:37:68:2b:fe:3a:36:01:62:8f:19:eb:b6:57:be:
                    60:f6:f1:a7:32:48:e6:ea:bb:4a:29:89:b7:f6:21:
                    0e:35:e1:91:36:d7:13:68:c4:8c:3e:d4:63:da:42:
                    6f:3e:78:d9:a2:58:10:9d:60:90:de:7e:d3:ac:5d:
                    1b:ad:f9:f1:6d:d7:42:a7:1b:01:f4:ec:0f:f2:45:
                    ba:96:3d:44:5b:a1:3c:d2:cc:e7:d0:95:93:79:00:
                    59:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:95:6F:C4:C9:0F:C8:91:09:47:57:72:CF:80:61:52:BF:34:F4:F6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215975.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b6:5f:a8:06:03:ad:7d:1d:c3:13:37:7c:e8:a4:08:d7:88:
         63:5b:df:a1:90:89:2e:c5:14:fd:39:1b:1f:82:76:b7:9c:f7:
         8c:2a:40:5d:06:13:2c:25:8e:57:58:24:62:63:e0:1f:5d:e0:
         66:7a:af:32:82:a5:97:3c:a1:c9:68:b8:55:bf:d3:e0:17:9b:
         52:6f:d0:4c:61:51:20:f4:13:fd:14:1c:1b:b8:5c:c4:f1:e5:
         c6:c9:fc:08:38:cd:49:a6:90:39:f5:b9:93:fe:14:7e:1c:15:
         f6:c5:2a:c9:a1:d7:76:68:50:39:37:02:6e:43:92:df:24:89:
         c5:c6:fd:73:c3:01:32:1c:07:e4:ae:e1:bd:2c:34:2d:f3:bc:
         97:f0:13:99:93:bc:c9:80:82:a5:c6:06:86:87:fc:b2:d7:aa:
         fd:e7:26:ca:10:e8:18:e0:04:41:d4:70:39:e0:62:98:b0:44:
         54:91:3b:0c:be:78:65:53:22:a4:d3:22:42:14:8d:59:95:85:
         4f:28:f7:1f:ad:04:2a:58:e2:2f:9f:d6:ae:2c:20:86:17:fb:
         83:bc:5b:d3:fe:83:cd:e4:65:d2:64:17:46:00:6d:bb:d6:c8:
         c7:81:73:07:6a:56:49:1d:ae:a0:12:06:82:6c:6f:4b:e3:b2:
         80:03:0c:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbEi5Q7nZeFo7dSIooSjoDEDrlB8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjcwNzAyMjhaFw0yNzA0MjYwNzA3MjhaMDMxMTAvBgNV
BAMTKEZDOTU2RkM0QzkwRkM4OTEwOTQ3NTc3MkNGODA2MTUyQkYzNEY0RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYepujCPCviy8t+EYAg2q5Herh
14sI3GrZh/9bwquDVZZyAn+JELx8ipsHBQeASiH8KhNDH8hcgAvkKTYlu3zUJjx7
+f/Zw63cigBVSkvN+pryfz0kNH4xZKTRMELP3vw0jRlfrszIym//mlmbTdleiuiY
DGy5DUf387UkoOM+5sWZ+iXS/2sB5XP0/6AblyqQplHZ+UcCUxATzy/yOR9P4Wj3
XgY3aCv+OjYBYo8Z67ZXvmD28acySObqu0opibf2IQ414ZE21xNoxIw+1GPaQm8+
eNmiWBCdYJDeftOsXRut+fFt10KnGwH07A/yRbqWPURboTzSzOfQlZN5AFkvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/JVvxMkPyJEJR1dyz4BhUr809PYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1OTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh0o
MA0GCSqGSIb3DQEBCwUAA4IBAQAItl+oBgOtfR3DEzd86KQI14hjW9+hkIkuxRT9
ORsfgna3nPeMKkBdBhMsJY5XWCRiY+AfXeBmeq8ygqWXPKHJaLhVv9PgF5tSb9BM
YVEg9BP9FBwbuFzE8eXGyfwIOM1JppA59bmT/hR+HBX2xSrJodd2aFA5NwJuQ5Lf
JInFxv1zwwEyHAfkruG9LDQt87yX8BOZk7zJgIKlxgaGh/yy16r95ybKEOgY4ARB
1HA54GKYsERUkTsMvnhlUyKk0yJCFI1ZlYVPKPcfrQQqWOIvn9auLCCGF/uDvFvT
/oPN5GXSZBdGAG271sjHgXMHalZJHa6gEgaCbG9L47KAAwxH
-----END CERTIFICATE-----