Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215281.roa
File:                     AS215281.roa (raw, json)
Hash identifier:          prBO0pEunZApK61wLqykCDoNoifjctC/zZx+9bU8R74=
Subject key identifier:   AB:74:20:07:A1:67:F7:AF:29:CF:87:D1:A5:3E:6B:30:A4:5B:00:96
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       677A2540018B014532F2E16A1707FD99E4438BFA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215281.roa
Signing time:             Fri 05 Sep 2025 00:38:22 +0000
ROA not before:           Fri 05 Sep 2025 00:33:22 +0000
ROA not after:            Fri 04 Sep 2026 00:38:22 +0000
asID:                     215281
IP address blocks:        2a0f:85c1:d3e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:7a:25:40:01:8b:01:45:32:f2:e1:6a:17:07:fd:99:e4:43:8b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep  5 00:33:22 2025 GMT
            Not After : Sep  4 00:38:22 2026 GMT
        Subject: CN=AB742007A167F7AF29CF87D1A53E6B30A45B0096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:23:b9:85:91:cb:a8:6b:81:3e:c2:3a:97:35:
                    15:cb:47:c3:0b:6a:f3:2b:28:06:e2:10:e4:92:ed:
                    a4:0d:c1:dc:9e:58:b1:0b:4c:7a:38:35:82:fc:ad:
                    70:5b:a5:f4:86:99:f3:7d:51:39:3a:d2:b9:1a:1b:
                    68:fe:a7:69:90:85:2a:95:d4:5e:f8:54:40:da:48:
                    ed:6c:a7:50:d7:d7:81:66:06:b0:2b:e4:84:7e:de:
                    8e:68:83:37:b4:0a:c1:b6:30:fb:9a:65:b1:7e:3a:
                    c9:fe:89:f3:d0:be:6a:12:86:17:3f:41:ed:91:19:
                    b0:7e:38:c2:5e:34:32:31:bd:e2:42:d4:51:a4:7a:
                    e0:11:f5:6b:3e:da:55:53:6e:11:77:f3:e9:eb:bb:
                    c3:d7:ee:e2:80:58:bf:d4:e9:e9:19:b9:65:4b:c0:
                    76:8a:3b:c3:3e:c5:67:ca:e8:6f:7c:19:9b:4e:15:
                    11:5a:67:b3:5c:3b:36:32:22:b4:54:23:69:df:ed:
                    d9:9c:d7:7d:09:ff:99:67:f1:b0:10:55:bd:9f:3b:
                    dd:e4:15:49:9a:33:cd:55:81:3b:0f:43:66:4a:26:
                    c4:72:b2:1f:8c:35:85:ab:03:4a:7c:d4:55:68:e7:
                    68:9f:9a:76:b0:6c:2e:05:f5:e9:53:53:ad:61:35:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:74:20:07:A1:67:F7:AF:29:CF:87:D1:A5:3E:6B:30:A4:5B:00:96
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215281.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d3e::/48

    Signature Algorithm: sha256WithRSAEncryption
         cc:16:3f:3a:7d:d9:0d:ce:36:a1:35:96:bb:c5:0e:8d:f5:ff:
         75:1a:2e:9c:c7:d6:8e:64:34:5e:ef:c6:d8:24:de:fd:8e:ab:
         4b:b4:21:ef:15:00:ba:9e:e3:f7:63:5a:09:5b:db:45:67:a6:
         f6:3c:ca:4c:53:47:f2:a1:63:9c:a4:32:fc:4e:b9:23:d0:3e:
         38:01:b7:5d:7d:d0:09:a3:b4:9a:e7:7e:fc:fc:be:7c:ec:f5:
         8e:c8:11:26:a5:2a:df:6b:56:fe:d6:00:ff:a1:f7:db:ad:8a:
         e3:7d:65:5d:22:9f:fb:b6:b4:60:37:f7:b0:99:1d:b7:2a:03:
         84:4f:33:96:c8:7b:5c:f6:60:a7:4a:01:2b:a4:b1:0c:57:ce:
         5e:3f:b7:cb:2b:ce:4c:04:c7:38:fe:11:18:c5:b8:73:2b:20:
         a1:de:3b:8d:00:88:26:77:5c:58:4a:87:20:b9:19:a2:3c:cc:
         fd:10:38:64:e4:b6:33:d5:f5:29:3e:f9:57:73:27:32:e5:3b:
         23:d0:10:f7:1b:18:d2:32:1e:82:bb:79:8b:8e:ee:e0:06:fe:
         55:f3:4b:c8:e9:dc:8b:4d:f1:2c:be:49:bd:f3:46:7a:35:40:
         12:2b:56:e3:3f:5a:0d:4e:70:20:c0:9e:ad:26:6d:af:38:5f:
         ad:05:3e:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZ3olQAGLAUUy8uFqFwf9meRDi/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MDUwMDMzMjJaFw0yNjA5MDQwMDM4MjJaMDMxMTAvBgNV
BAMTKEFCNzQyMDA3QTE2N0Y3QUYyOUNGODdEMUE1M0U2QjMwQTQ1QjAwOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDII7mFkcuoa4E+wjqXNRXLR8ML
avMrKAbiEOSS7aQNwdyeWLELTHo4NYL8rXBbpfSGmfN9UTk60rkaG2j+p2mQhSqV
1F74VEDaSO1sp1DX14FmBrAr5IR+3o5ogze0CsG2MPuaZbF+Osn+ifPQvmoShhc/
Qe2RGbB+OMJeNDIxveJC1FGkeuAR9Ws+2lVTbhF38+nru8PX7uKAWL/U6ekZuWVL
wHaKO8M+xWfK6G98GZtOFRFaZ7NcOzYyIrRUI2nf7dmc130J/5ln8bAQVb2fO93k
FUmaM81VgTsPQ2ZKJsRysh+MNYWrA0p81FVo52ifmnawbC4F9elTU61hNRI3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUq3QgB6Fn968pz4fRpT5rMKRbAJYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ0+MA0GCSqGSIb3DQEBCwUAA4IBAQDMFj86fdkNzjahNZa7xQ6N9f91Gi6cx9aO
ZDRe78bYJN79jqtLtCHvFQC6nuP3Y1oJW9tFZ6b2PMpMU0fyoWOcpDL8Trkj0D44
AbddfdAJo7Sa5378/L587PWOyBEmpSrfa1b+1gD/offbrYrjfWVdIp/7trRgN/ew
mR23KgOETzOWyHtc9mCnSgErpLEMV85eP7fLK85MBMc4/hEYxbhzKyCh3juNAIgm
d1xYSocguRmiPMz9EDhk5LYz1fUpPvlXcycy5Tsj0BD3GxjSMh6Cu3mLju7gBv5V
80vI6dyLTfEsvkm980Z6NUASK1bjP1oNTnAgwJ6tJm2vOF+tBT7U
-----END CERTIFICATE-----