Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215287.roa
File:                     AS215287.roa (raw, json)
Hash identifier:          0J+9m75DmTuLVEV5gJIcILzQ+jiFj03ZOCMQ88VbgbQ=
Subject key identifier:   9A:35:FC:3A:AF:B7:D9:B2:AB:2C:DA:E6:DA:8C:B1:DB:C2:12:8A:9B
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       35E895AC335487C2E119859816905D21224827CA
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215287.roa
Signing time:             Sun 10 Aug 2025 16:27:19 +0000
ROA not before:           Sun 10 Aug 2025 16:22:19 +0000
ROA not after:            Sun 09 Aug 2026 16:27:19 +0000
asID:                     215287
IP address blocks:        188.119.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e8:95:ac:33:54:87:c2:e1:19:85:98:16:90:5d:21:22:48:27:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug 10 16:22:19 2025 GMT
            Not After : Aug  9 16:27:19 2026 GMT
        Subject: CN=9A35FC3AAFB7D9B2AB2CDAE6DA8CB1DBC2128A9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:78:66:d5:93:ad:95:af:5b:3b:ca:4c:29:0b:
                    12:b6:49:3b:c7:30:45:1f:f4:02:ec:eb:5c:95:85:
                    42:58:ab:11:98:c4:5a:be:79:0d:23:a2:96:96:54:
                    53:30:7a:d5:2d:1f:77:75:c8:30:54:ba:96:ae:c3:
                    fe:a8:57:58:b1:f7:f3:f4:c2:02:0b:61:f3:11:53:
                    7c:d6:27:7b:50:a0:5c:a2:34:c0:d9:0b:9b:52:c2:
                    0a:8e:60:9f:35:80:57:1b:1d:f0:23:69:93:67:3a:
                    83:07:fb:8d:da:ee:43:b4:3d:78:65:82:20:61:2a:
                    60:76:ae:1c:a3:5b:bc:8c:0c:1d:ab:71:38:e0:85:
                    6b:2a:1b:27:c7:10:6f:67:0b:57:ff:8f:ff:2d:9e:
                    6c:6e:55:fb:b9:d2:90:b6:2f:0e:71:1b:f7:6b:5c:
                    72:72:e1:df:e2:b8:5a:1b:aa:65:b4:73:a5:f0:18:
                    6f:c3:31:ac:a1:ab:86:e5:2a:59:ce:f8:0e:78:56:
                    93:22:fb:e0:5f:de:db:a4:90:71:65:d8:64:94:2c:
                    86:d2:d2:00:5d:e9:b9:6d:fe:30:5b:24:d1:c5:15:
                    47:bb:ba:cd:c3:26:5a:4e:ae:e9:35:f6:3d:d0:03:
                    cd:0b:c3:e6:cc:a4:17:fc:63:20:8c:87:cc:d0:08:
                    06:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:35:FC:3A:AF:B7:D9:B2:AB:2C:DA:E6:DA:8C:B1:DB:C2:12:8A:9B
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:fc:96:7a:8a:65:3c:94:20:74:70:ab:06:91:02:ed:ae:95:
         28:d4:3d:61:48:68:57:f4:e6:61:d6:3a:ae:28:3f:42:89:e3:
         87:45:4b:03:d7:96:e2:7c:41:55:73:8b:f9:af:37:de:48:4c:
         a7:db:4b:9f:2a:f7:93:f3:e7:84:11:99:6f:84:c8:af:28:f4:
         2d:cf:56:51:ba:23:94:8f:bc:73:c2:31:18:ff:dc:ec:fe:c3:
         be:a4:fb:61:32:12:6c:c2:71:bb:f5:c1:3a:05:dc:80:6c:1d:
         9b:9c:c8:b8:e7:92:60:99:73:90:85:61:83:47:c6:23:01:cd:
         51:9b:fc:85:fe:1b:fe:2f:c6:ba:38:55:03:29:11:8f:b2:61:
         24:b3:4a:84:0b:e0:07:c6:9d:28:0b:4e:4a:4f:38:37:e9:eb:
         f1:e3:b9:f8:98:9b:8e:aa:4d:a5:48:13:17:7d:7a:05:46:8f:
         11:83:21:4a:8a:13:13:25:76:2a:bc:32:6a:39:4b:25:34:45:
         0d:9c:76:d8:36:1c:84:65:d4:8f:91:e4:9a:e8:d2:e6:67:a7:
         28:b6:b0:b8:d9:9b:cd:e7:fe:74:b3:50:71:f3:fe:a2:0a:23:
         35:dc:1d:17:73:64:de:67:75:28:9f:cb:bb:02:af:1a:03:15:
         65:93:86:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNeiVrDNUh8LhGYWYFpBdISJIJ8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MTAxNjIyMTlaFw0yNjA4MDkxNjI3MTlaMDMxMTAvBgNV
BAMTKDlBMzVGQzNBQUZCN0Q5QjJBQjJDREFFNkRBOENCMURCQzIxMjhBOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpeGbVk62Vr1s7ykwpCxK2STvH
MEUf9ALs61yVhUJYqxGYxFq+eQ0jopaWVFMwetUtH3d1yDBUupauw/6oV1ix9/P0
wgILYfMRU3zWJ3tQoFyiNMDZC5tSwgqOYJ81gFcbHfAjaZNnOoMH+43a7kO0PXhl
giBhKmB2rhyjW7yMDB2rcTjghWsqGyfHEG9nC1f/j/8tnmxuVfu50pC2Lw5xG/dr
XHJy4d/iuFobqmW0c6XwGG/DMayhq4blKlnO+A54VpMi++Bf3tukkHFl2GSULIbS
0gBd6blt/jBbJNHFFUe7us3DJlpOruk19j3QA80Lw+bMpBf8YyCMh8zQCAYpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmjX8Oq+32bKrLNrm2oyx28ISipswHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1Mjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHdG
MA0GCSqGSIb3DQEBCwUAA4IBAQCh/JZ6imU8lCB0cKsGkQLtrpUo1D1hSGhX9OZh
1jquKD9CieOHRUsD15bifEFVc4v5rzfeSEyn20ufKveT8+eEEZlvhMivKPQtz1ZR
uiOUj7xzwjEY/9zs/sO+pPthMhJswnG79cE6BdyAbB2bnMi455JgmXOQhWGDR8Yj
Ac1Rm/yF/hv+L8a6OFUDKRGPsmEks0qEC+AHxp0oC05KTzg36evx47n4mJuOqk2l
SBMXfXoFRo8RgyFKihMTJXYqvDJqOUslNEUNnHbYNhyEZdSPkeSa6NLmZ6cotrC4
2ZvN5/50s1Bx8/6iCiM13B0Xc2TeZ3Uon8u7Aq8aAxVlk4Yu
-----END CERTIFICATE-----