Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa
File:                     AS215196.roa (raw, json)
Hash identifier:          K/o7jM+RdjDZn7e0LNSX1/e/VDHLR0Slb13Ne4MhxyI=
Subject key identifier:   98:8A:57:31:2A:3B:A9:D1:0B:19:52:BF:7D:D7:8A:BF:14:E4:B9:EB
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       65F972D5775487732E25845C0C614988CE7068E9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa
Signing time:             Wed 17 Sep 2025 03:07:52 +0000
ROA not before:           Wed 17 Sep 2025 03:02:52 +0000
ROA not after:            Wed 16 Sep 2026 03:07:52 +0000
asID:                     215196
IP address blocks:        2a0f:85c1:3ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f9:72:d5:77:54:87:73:2e:25:84:5c:0c:61:49:88:ce:70:68:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 03:02:52 2025 GMT
            Not After : Sep 16 03:07:52 2026 GMT
        Subject: CN=988A57312A3BA9D10B1952BF7DD78ABF14E4B9EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ed:81:8e:b3:00:9d:06:97:ad:83:93:e7:e5:
                    41:8f:d7:0d:7d:42:d1:be:82:92:c0:21:f6:d1:5b:
                    47:c5:b0:06:95:b0:99:3e:14:a1:06:bb:9e:c2:a4:
                    58:04:57:8a:1e:a2:cf:6f:48:f9:ed:74:74:06:a1:
                    16:ff:34:c8:66:e5:25:7e:04:62:92:c6:63:95:6f:
                    c3:1c:a7:05:25:c9:6d:0a:7e:e6:5f:13:9a:73:98:
                    2f:e9:a7:2f:40:04:ae:96:12:39:50:cf:6f:40:2c:
                    eb:87:b7:c9:50:95:a3:9d:73:23:39:4c:c1:16:8d:
                    a6:b0:f9:44:ca:e6:1f:8d:c5:0f:6e:34:97:99:fc:
                    7b:62:a9:07:60:c2:3d:fa:8d:07:57:ca:e8:f1:92:
                    5c:5b:29:e2:61:8c:5a:04:9d:98:3d:a7:db:5c:9d:
                    d8:9a:92:1f:df:6d:7a:50:3c:1d:c8:7a:40:8b:e4:
                    bf:df:18:0d:35:05:a6:19:fe:42:07:c8:e9:6c:2c:
                    30:50:b6:8d:e7:8d:bd:f6:40:34:3c:64:0b:c8:32:
                    02:ee:37:35:54:f9:d1:f6:8b:ff:b9:79:b0:18:02:
                    f6:d3:02:a8:d9:f0:eb:fe:7e:91:1a:e7:04:fb:c7:
                    b6:83:6a:a8:ff:64:7b:90:94:99:46:6b:49:5a:57:
                    2f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8A:57:31:2A:3B:A9:D1:0B:19:52:BF:7D:D7:8A:BF:14:E4:B9:EB
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         d4:2d:02:1c:94:99:35:ca:33:aa:fb:14:68:c9:a6:3c:85:f4:
         e6:d5:04:99:cf:08:d0:15:a5:01:bc:76:e8:1b:24:c1:18:cd:
         b0:68:0d:f6:55:a1:67:0e:b6:60:a5:d3:b6:42:97:23:94:6a:
         21:b1:6e:b6:7d:49:aa:36:72:ed:e1:fd:af:98:ab:88:5e:d1:
         06:f5:bc:c3:87:f7:5e:78:89:a2:9a:9b:b9:aa:5e:88:7b:80:
         9b:0e:78:cb:60:77:94:3e:31:82:52:96:92:64:08:e2:af:0e:
         d0:a1:a4:29:70:f7:4f:b8:ac:5f:c2:1c:1b:cb:37:f4:4a:b4:
         6a:53:d9:df:85:72:ad:99:bb:ac:ef:d9:e4:09:0f:f9:af:09:
         29:56:6c:1c:ea:b5:41:85:da:8b:0d:9f:a8:f7:c8:1a:ae:da:
         d8:cd:8c:28:36:e7:e8:69:d8:84:9e:96:a2:a2:a9:dc:26:36:
         df:4b:95:a3:79:f8:4c:58:67:36:0e:b8:3e:97:ce:28:78:21:
         d8:7e:17:fe:65:1d:91:7a:56:b3:67:36:b7:0a:c2:11:08:57:
         cb:fc:f8:73:8d:d0:b1:8e:ba:77:a9:be:1d:b0:65:4c:79:b9:
         20:8b:f5:d2:a6:b8:04:77:a7:59:12:37:ba:bf:38:4f:26:75:
         53:6a:92:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZfly1XdUh3MuJYRcDGFJiM5waOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTcwMzAyNTJaFw0yNjA5MTYwMzA3NTJaMDMxMTAvBgNV
BAMTKDk4OEE1NzMxMkEzQkE5RDEwQjE5NTJCRjdERDc4QUJGMTRFNEI5RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA7YGOswCdBpetg5Pn5UGP1w19
QtG+gpLAIfbRW0fFsAaVsJk+FKEGu57CpFgEV4oeos9vSPntdHQGoRb/NMhm5SV+
BGKSxmOVb8McpwUlyW0KfuZfE5pzmC/ppy9ABK6WEjlQz29ALOuHt8lQlaOdcyM5
TMEWjaaw+UTK5h+NxQ9uNJeZ/HtiqQdgwj36jQdXyujxklxbKeJhjFoEnZg9p9tc
ndiakh/fbXpQPB3IekCL5L/fGA01BaYZ/kIHyOlsLDBQto3njb32QDQ8ZAvIMgLu
NzVU+dH2i/+5ebAYAvbTAqjZ8Ov+fpEa5wT7x7aDaqj/ZHuQlJlGa0laVy+FAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmIpXMSo7qdELGVK/fdeKvxTkueswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOsMA0GCSqGSIb3DQEBCwUAA4IBAQDULQIclJk1yjOq+xRoyaY8hfTm1QSZzwjQ
FaUBvHboGyTBGM2waA32VaFnDrZgpdO2QpcjlGohsW62fUmqNnLt4f2vmKuIXtEG
9bzDh/deeImimpu5ql6Ie4CbDnjLYHeUPjGCUpaSZAjirw7QoaQpcPdPuKxfwhwb
yzf0SrRqU9nfhXKtmbus79nkCQ/5rwkpVmwc6rVBhdqLDZ+o98gartrYzYwoNufo
adiEnpaioqncJjbfS5WjefhMWGc2Drg+l84oeCHYfhf+ZR2RelazZza3CsIRCFfL
/PhzjdCxjrp3qb4dsGVMebkgi/XSprgEd6dZEje6vzhPJnVTapLH
-----END CERTIFICATE-----