Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215050.roa
File:                     AS215050.roa (raw, json)
Hash identifier:          h/sD7ea8assaeZFmH+2jcnmoUBwNQ2oQvec08xxasPg=
Subject key identifier:   F1:1C:03:0E:89:88:2D:C1:01:07:05:B4:DF:AD:5A:F0:C7:6F:19:4D
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6414C0F5B22657B197ACEE75E89AAA2AF43A1104
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215050.roa
Signing time:             Sat 18 Oct 2025 07:02:10 +0000
ROA not before:           Sat 18 Oct 2025 06:57:10 +0000
ROA not after:            Sat 17 Oct 2026 07:02:10 +0000
asID:                     215050
IP address blocks:        2a14:7580:f500::/40 maxlen: 48
                          2a14:7580:f600::/40 maxlen: 48
                          2a14:7580:f700::/40 maxlen: 48
                          2a14:7580:f800::/40 maxlen: 48
                          2a14:7580:f900::/40 maxlen: 48
                          2a14:7581:9700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:14:c0:f5:b2:26:57:b1:97:ac:ee:75:e8:9a:aa:2a:f4:3a:11:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct 18 06:57:10 2025 GMT
            Not After : Oct 17 07:02:10 2026 GMT
        Subject: CN=F11C030E89882DC1010705B4DFAD5AF0C76F194D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:58:0d:37:97:b9:dd:f5:fa:3c:ad:d9:be:1a:
                    d5:c3:8e:9d:2c:d0:85:02:43:7d:9d:94:4c:2e:b7:
                    60:09:bb:98:93:55:6f:98:65:fd:c4:dc:11:e6:a4:
                    c9:37:d4:11:85:44:a5:42:7a:71:0a:7c:a5:f8:52:
                    cc:57:17:c1:07:6f:d8:dd:e1:eb:f7:a8:ed:ae:e9:
                    c1:72:2e:13:1c:eb:ff:fc:6b:53:b6:bc:ec:ab:b8:
                    19:2c:fe:b2:51:c2:91:20:2f:96:15:e2:50:0b:7c:
                    86:49:45:c8:c0:aa:bf:c2:aa:9d:bc:f6:35:13:6c:
                    8c:ed:55:f0:15:84:9d:5b:d8:f2:70:c6:5d:b6:98:
                    b7:93:fe:b4:cf:2e:a0:28:ef:ed:ad:e1:c6:ed:01:
                    ca:9a:bd:dd:56:af:ef:41:22:7e:1a:44:5c:8c:d6:
                    b5:92:90:d2:ae:8f:4a:12:d9:38:85:fb:35:9e:97:
                    b7:3a:77:31:ef:50:ea:ed:5a:1e:e4:6c:39:42:e7:
                    dc:61:41:bf:28:41:25:e8:62:de:f0:c2:36:b8:cf:
                    49:95:c6:bd:5f:d2:c6:f5:4b:29:4f:67:6d:9e:d1:
                    1b:66:46:97:d3:1b:30:0b:5f:a6:a0:75:51:15:46:
                    74:2f:f5:22:03:67:4a:5a:1e:62:d8:91:3f:2b:2b:
                    db:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:1C:03:0E:89:88:2D:C1:01:07:05:B4:DF:AD:5A:F0:C7:6F:19:4D
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS215050.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:f500::-2a14:7580:f9ff:ffff:ffff:ffff:ffff:ffff
                  2a14:7581:9700::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:59:92:d1:0b:df:ba:22:c3:19:18:58:b8:ab:0d:f6:c5:b7:
         c7:e8:2b:d0:12:ea:c6:be:77:4e:77:ab:36:a2:7d:c4:1e:a5:
         92:c5:86:6b:5b:3e:74:56:ef:62:bb:da:d8:a6:bf:1e:46:7d:
         80:99:f9:b0:07:c7:e8:e7:85:59:1d:e9:9b:3b:99:96:52:d2:
         ad:22:74:ad:80:ce:1a:48:57:9f:15:fb:75:c3:21:61:bd:e0:
         fe:1b:56:3b:94:d5:9c:d4:27:5c:b5:b8:68:f4:89:70:c6:7d:
         1f:16:dc:b8:3d:e3:be:2d:e9:e3:af:1b:c1:f5:93:2e:d6:22:
         40:12:28:2e:38:02:15:12:96:c6:ad:6c:b4:2a:db:ba:bb:a0:
         c2:77:81:a9:6f:22:78:02:0e:61:65:6d:3e:d6:38:7d:48:2d:
         36:a9:5e:e3:7e:26:4f:ed:cd:b5:5e:53:bc:5c:49:00:5c:3e:
         9e:61:42:97:94:7e:0b:e9:f1:0a:20:5e:f3:6f:d0:02:10:d8:
         96:d3:73:62:04:ba:d5:41:37:87:40:53:0d:1d:44:d5:61:29:
         a6:6a:20:8e:c7:bd:c5:99:39:ab:e6:91:56:b0:46:06:a4:1e:
         ca:a4:88:1b:93:e1:3e:1a:1e:eb:0b:b5:43:8c:9c:1a:d1:39:
         fc:0f:e8:9e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUZBTA9bImV7GXrO516JqqKvQ6EQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMTgwNjU3MTBaFw0yNjEwMTcwNzAyMTBaMDMxMTAvBgNV
BAMTKEYxMUMwMzBFODk4ODJEQzEwMTA3MDVCNERGQUQ1QUYwQzc2RjE5NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUWA03l7nd9fo8rdm+GtXDjp0s
0IUCQ32dlEwut2AJu5iTVW+YZf3E3BHmpMk31BGFRKVCenEKfKX4UsxXF8EHb9jd
4ev3qO2u6cFyLhMc6//8a1O2vOyruBks/rJRwpEgL5YV4lALfIZJRcjAqr/Cqp28
9jUTbIztVfAVhJ1b2PJwxl22mLeT/rTPLqAo7+2t4cbtAcqavd1Wr+9BIn4aRFyM
1rWSkNKuj0oS2TiF+zWel7c6dzHvUOrtWh7kbDlC59xhQb8oQSXoYt7wwja4z0mV
xr1f0sb1SylPZ22e0RtmRpfTGzALX6agdVEVRnQv9SIDZ0paHmLYkT8rK9sdAgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQU8RwDDomILcEBBwW0361a8MdvGU0wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE1MDUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaMBADBgAq
FHWA9QMGASoUdYD4AwYAKhR1gZcwDQYJKoZIhvcNAQELBQADggEBAIVZktEL37oi
wxkYWLirDfbFt8foK9AS6sa+d053qzaifcQepZLFhmtbPnRW72K72timvx5GfYCZ
+bAHx+jnhVkd6Zs7mZZS0q0idK2AzhpIV58V+3XDIWG94P4bVjuU1ZzUJ1y1uGj0
iXDGfR8W3Lg9474t6eOvG8H1ky7WIkASKC44AhUSlsatbLQq27q7oMJ3galvIngC
DmFlbT7WOH1ILTapXuN+Jk/tzbVeU7xcSQBcPp5hQpeUfgvp8QogXvNv0AIQ2JbT
c2IEutVBN4dAUw0dRNVhKaZqII7HvcWZOavmkVawRgakHsqkiBuT4T4aHusLtUOM
nBrROfwP6J4=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:34:09 2025 by rpki-client