Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215993.roa
File:                     AS215993.roa (raw, json)
Hash identifier:          hfb9+QCiIEptqIWgr7knMG6sm//vOH6GXyDSsysreh8=
Subject key identifier:   8E:86:A6:9D:F1:AE:9E:47:C5:C3:56:94:05:AB:90:35:12:B9:45:B2
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5F2A33067C57D00BD3C7FE07AD53B05B7F98E84D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215993.roa
Signing time:             Tue 19 Aug 2025 05:07:49 +0000
ROA not before:           Tue 19 Aug 2025 05:02:49 +0000
ROA not after:            Tue 18 Aug 2026 05:07:49 +0000
asID:                     215993
IP address blocks:        2a0f:85c1:298::/48 maxlen: 48
                          2a0f:85c1:393::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:2a:33:06:7c:57:d0:0b:d3:c7:fe:07:ad:53:b0:5b:7f:98:e8:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 19 05:02:49 2025 GMT
            Not After : Aug 18 05:07:49 2026 GMT
        Subject: CN=8E86A69DF1AE9E47C5C3569405AB903512B945B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:51:19:5a:0c:3b:9a:27:db:86:6b:92:c4:4f:
                    f7:f6:96:e8:b4:c5:b7:8a:55:32:b4:4e:8b:fb:45:
                    8c:b3:2f:ad:f3:67:8f:37:ef:07:37:5f:26:fe:7a:
                    8d:73:73:33:8c:53:1a:12:3d:c8:c4:24:a6:f5:99:
                    31:5e:43:e7:94:9f:a6:4e:e8:a4:a9:a6:cb:0b:99:
                    3b:74:c2:b7:43:31:97:07:89:4a:64:45:b7:c1:35:
                    c3:f7:d3:aa:71:9c:12:ee:b0:f8:6c:95:cc:be:86:
                    e4:35:16:7b:59:0c:4b:4f:04:10:f3:8f:c7:96:3b:
                    7c:d0:35:a7:c8:ad:a7:a4:99:81:1c:da:75:8c:a8:
                    57:45:e7:b9:20:dd:de:41:8c:a1:9e:c2:cc:c8:03:
                    b3:cf:a2:61:e3:a7:dc:57:58:a9:e3:b5:c2:d8:a7:
                    74:25:89:0a:1f:51:b5:5d:cf:f0:80:be:db:de:ef:
                    f4:48:f0:df:4f:e3:13:2f:1b:71:54:e9:a1:81:91:
                    44:61:b2:e2:bc:9e:43:4b:fd:82:8a:82:e5:1c:9d:
                    44:f2:93:7a:c3:46:2a:f3:5c:2d:5b:7d:62:64:d4:
                    8a:db:bc:09:f0:3f:cc:09:50:67:c6:0e:5d:f5:6e:
                    ad:bc:6b:bd:dc:3e:07:13:33:8b:23:70:ac:40:1b:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:86:A6:9D:F1:AE:9E:47:C5:C3:56:94:05:AB:90:35:12:B9:45:B2
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:298::/48
                  2a0f:85c1:393::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:2d:08:5e:e5:25:49:fd:95:40:b0:e6:e2:ff:57:1b:61:4c:
         5b:0a:9e:de:47:17:75:22:96:f5:bc:ea:b1:78:61:a3:b4:d0:
         ed:99:4d:be:ce:3a:ce:31:c5:51:24:24:e6:e6:4e:fb:c8:d1:
         64:38:a3:0d:c6:7c:36:ee:37:b1:1c:87:1d:83:85:b0:28:dd:
         1a:8c:14:35:ee:36:05:c2:32:cb:95:61:91:ca:ef:de:f3:0a:
         da:d1:61:a3:cb:8a:f9:08:5c:89:bd:d6:00:00:cd:4f:0a:e7:
         e9:43:fa:e5:52:db:66:c4:fb:0c:e4:07:d2:a4:ac:64:3e:88:
         25:38:55:09:4e:b0:23:bc:e1:14:8e:70:c7:44:40:7a:a5:d1:
         4c:54:e1:62:53:13:be:0b:ea:a5:bc:b7:36:a1:c6:d1:3d:6f:
         bc:59:3a:dc:19:bb:92:2d:62:aa:76:d3:e6:55:7e:4c:b5:7d:
         7f:42:c9:d7:69:3c:48:3c:bd:b9:bc:89:6b:d6:bc:da:3e:55:
         91:92:c8:10:65:25:e0:1f:e2:c0:98:05:f8:de:c8:d2:bb:8e:
         f7:3a:39:c8:fd:bc:b7:6a:40:6b:ef:01:01:be:1f:4b:83:76:
         96:7e:67:5e:e5:1e:66:ef:4f:6e:80:3e:de:53:c0:aa:19:5a:
         a1:54:4f:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXyozBnxX0AvTx/4HrVOwW3+Y6E0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTkwNTAyNDlaFw0yNjA4MTgwNTA3NDlaMDMxMTAvBgNV
BAMTKDhFODZBNjlERjFBRTlFNDdDNUMzNTY5NDA1QUI5MDM1MTJCOTQ1QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMURlaDDuaJ9uGa5LET/f2lui0
xbeKVTK0Tov7RYyzL63zZ4837wc3Xyb+eo1zczOMUxoSPcjEJKb1mTFeQ+eUn6ZO
6KSppssLmTt0wrdDMZcHiUpkRbfBNcP306pxnBLusPhslcy+huQ1FntZDEtPBBDz
j8eWO3zQNafIraekmYEc2nWMqFdF57kg3d5BjKGewszIA7PPomHjp9xXWKnjtcLY
p3QliQofUbVdz/CAvtve7/RI8N9P4xMvG3FU6aGBkURhsuK8nkNL/YKKguUcnUTy
k3rDRirzXC1bfWJk1IrbvAnwP8wJUGfGDl31bq28a73cPgcTM4sjcKxAG4ltAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUjoamnfGunkfFw1aUBauQNRK5RbIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1OTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQKYAwcAKg+FwQOTMA0GCSqGSIb3DQEBCwUAA4IBAQBILQhe5SVJ/ZVAsObi/1cb
YUxbCp7eRxd1Ipb1vOqxeGGjtNDtmU2+zjrOMcVRJCTm5k77yNFkOKMNxnw27jex
HIcdg4WwKN0ajBQ17jYFwjLLlWGRyu/e8wra0WGjy4r5CFyJvdYAAM1PCufpQ/rl
UttmxPsM5AfSpKxkPoglOFUJTrAjvOEUjnDHREB6pdFMVOFiUxO+C+qlvLc2ocbR
PW+8WTrcGbuSLWKqdtPmVX5MtX1/QsnXaTxIPL25vIlr1rzaPlWRksgQZSXgH+LA
mAX43sjSu473OjnI/by3akBr7wEBvh9Lg3aWfmde5R5m709ugD7eU8CqGVqhVE/c
-----END CERTIFICATE-----