Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215731.roa
File:                     AS215731.roa (raw, json)
Hash identifier:          mTb8LVEQbow9zuaK8OmdQIIMlTdOYWKDFc6+kp6ISp4=
Subject key identifier:   7B:B3:C6:8B:22:43:55:D4:85:41:47:68:51:3A:7B:BE:10:6B:CA:FA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       312C4445DA96843D4A6F776CA3C56987BEA15755
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215731.roa
Signing time:             Fri 25 Jul 2025 08:07:43 +0000
ROA not before:           Fri 25 Jul 2025 08:02:43 +0000
ROA not after:            Fri 24 Jul 2026 08:07:43 +0000
asID:                     215731
IP address blocks:        2a0f:85c1:349::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:2c:44:45:da:96:84:3d:4a:6f:77:6c:a3:c5:69:87:be:a1:57:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:43 2025 GMT
            Not After : Jul 24 08:07:43 2026 GMT
        Subject: CN=7BB3C68B224355D485414768513A7BBE106BCAFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:61:6c:94:9d:ce:e7:db:5c:9d:65:de:4b:2c:
                    79:93:42:45:df:2f:5d:7c:2d:79:02:ec:0e:9c:43:
                    2a:32:cb:54:81:d1:b3:68:52:2e:98:52:42:54:16:
                    9f:a8:a3:63:d5:46:ff:0a:aa:46:2f:47:86:8b:0c:
                    88:75:63:ab:53:11:ac:da:46:0b:ce:4b:fd:78:f7:
                    da:5e:bf:90:79:00:6a:27:71:50:4b:d6:d2:de:d0:
                    1a:ea:27:69:14:3b:3e:c5:28:4e:a6:0b:67:6a:0e:
                    b1:13:82:9a:c3:58:af:10:83:84:30:e6:43:f3:ad:
                    da:58:06:8b:ca:82:66:8d:7c:2b:3d:4b:35:74:f7:
                    75:53:21:93:ff:23:33:03:09:b9:64:70:60:b1:6e:
                    7f:89:1d:85:04:14:b7:d2:6b:7a:e6:72:06:ee:40:
                    75:74:89:14:fa:92:1e:44:93:0d:3e:9c:c6:a8:76:
                    71:61:d4:3a:ba:e0:bc:4f:18:4a:d5:a3:36:62:0a:
                    36:f9:ff:d5:21:cc:08:63:f4:fa:22:c6:5b:1d:04:
                    be:f1:2f:98:69:58:60:6b:9c:2c:f0:67:3c:e8:b7:
                    07:04:68:bd:87:a6:f5:87:72:15:bd:03:e1:73:b8:
                    18:15:a8:37:79:7d:8c:3c:a0:3f:ae:3e:83:99:5f:
                    b4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B3:C6:8B:22:43:55:D4:85:41:47:68:51:3A:7B:BE:10:6B:CA:FA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:349::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:bb:a0:3d:9d:af:c1:5f:39:65:de:30:29:4f:92:86:16:56:
         a2:78:0a:f1:51:7c:76:66:79:88:d4:c2:34:1a:4b:b6:42:de:
         4c:73:69:2e:ed:63:83:00:aa:b8:57:2f:d0:e5:f6:2f:41:96:
         fb:0b:03:4a:35:0b:ce:b7:ff:10:fc:4e:c9:fa:92:df:b0:cb:
         92:3e:34:c6:bf:64:6f:78:6c:34:13:a4:5e:40:6f:e3:15:e4:
         ee:5d:b1:16:23:64:c2:59:5b:f4:a3:d0:ff:74:93:b0:8d:18:
         64:37:aa:08:2b:eb:8a:71:6c:8a:d5:0c:46:2f:ae:e4:af:c9:
         ce:66:63:5f:c4:7b:09:01:58:45:52:98:5b:d3:4c:a2:4c:da:
         88:a5:ae:bf:bf:65:5f:f4:88:a6:94:83:6e:b7:6a:6f:5e:5a:
         45:58:6f:f3:f4:79:43:81:68:12:57:15:17:3c:98:6d:8c:16:
         e3:cc:fc:ad:cb:18:97:0e:49:ee:c0:04:3d:f1:ab:20:17:51:
         67:60:11:80:53:e5:17:bf:70:32:a1:6f:3b:f5:d6:79:9d:56:
         32:90:d2:77:32:11:ac:02:22:ef:1c:02:f0:6b:c2:91:dd:ba:
         76:ce:46:84:7f:a2:6d:1d:e3:97:4e:7d:58:79:18:c0:3d:97:
         07:c0:29:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMSxERdqWhD1Kb3dso8Vph76hV1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDNaFw0yNjA3MjQwODA3NDNaMDMxMTAvBgNV
BAMTKDdCQjNDNjhCMjI0MzU1RDQ4NTQxNDc2ODUxM0E3QkJFMTA2QkNBRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbYWyUnc7n21ydZd5LLHmTQkXf
L118LXkC7A6cQyoyy1SB0bNoUi6YUkJUFp+oo2PVRv8KqkYvR4aLDIh1Y6tTEaza
RgvOS/1499pev5B5AGoncVBL1tLe0BrqJ2kUOz7FKE6mC2dqDrETgprDWK8Qg4Qw
5kPzrdpYBovKgmaNfCs9SzV093VTIZP/IzMDCblkcGCxbn+JHYUEFLfSa3rmcgbu
QHV0iRT6kh5Ekw0+nMaodnFh1Dq64LxPGErVozZiCjb5/9UhzAhj9PoixlsdBL7x
L5hpWGBrnCzwZzzotwcEaL2HpvWHchW9A+FzuBgVqDd5fYw8oD+uPoOZX7RFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUe7PGiyJDVdSFQUdoUTp7vhBryvowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1NzMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNJMA0GCSqGSIb3DQEBCwUAA4IBAQCPu6A9na/BXzll3jApT5KGFlaieArxUXx2
ZnmI1MI0Gku2Qt5Mc2ku7WODAKq4Vy/Q5fYvQZb7CwNKNQvOt/8Q/E7J+pLfsMuS
PjTGv2RveGw0E6ReQG/jFeTuXbEWI2TCWVv0o9D/dJOwjRhkN6oIK+uKcWyK1QxG
L67kr8nOZmNfxHsJAVhFUphb00yiTNqIpa6/v2Vf9IimlINut2pvXlpFWG/z9HlD
gWgSVxUXPJhtjBbjzPytyxiXDknuwAQ98asgF1FnYBGAU+UXv3AyoW879dZ5nVYy
kNJ3MhGsAiLvHALwa8KR3bp2zkaEf6JtHeOXTn1YeRjAPZcHwCkC
-----END CERTIFICATE-----