Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215645.roa
File:                     AS215645.roa (raw, json)
Hash identifier:          PinfAb5fMOeMqHw3bXXz66FZ6AXjHU6dr2+Swi9ZFto=
Subject key identifier:   76:49:9C:C0:74:97:A7:09:61:FF:93:95:2C:E5:25:87:F1:63:35:D8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4FA57478BF846FF7A60842AA7EFD40372B5FDDB0
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215645.roa
Signing time:             Sun 12 Oct 2025 09:51:20 +0000
ROA not before:           Sun 12 Oct 2025 09:46:20 +0000
ROA not after:            Sun 11 Oct 2026 09:51:20 +0000
asID:                     215645
IP address blocks:        31.40.197.0/24 maxlen: 24
                          85.235.74.0/24 maxlen: 24
                          217.18.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:a5:74:78:bf:84:6f:f7:a6:08:42:aa:7e:fd:40:37:2b:5f:dd:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 12 09:46:20 2025 GMT
            Not After : Oct 11 09:51:20 2026 GMT
        Subject: CN=76499CC07497A70961FF93952CE52587F16335D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4a:a2:c8:4d:94:46:10:c7:42:17:f6:bc:d2:
                    44:19:59:f9:95:ce:d1:58:42:ea:b2:20:43:3c:e8:
                    40:c3:6c:8e:d7:c0:ed:6b:9c:ac:09:34:12:bc:5e:
                    9d:1b:a8:2f:a1:b8:25:b9:b2:d2:39:03:f9:7d:9f:
                    f6:da:68:63:ea:fa:bf:08:41:d7:f9:36:43:39:bf:
                    7f:41:25:43:70:5b:d4:30:a9:25:77:17:67:6b:b7:
                    62:82:cd:d1:03:67:02:be:6c:25:31:1b:58:9c:58:
                    10:08:e9:29:16:c7:d7:70:fe:da:bb:5e:0e:2d:be:
                    f8:7e:a1:9e:35:64:15:30:a0:62:43:3d:f2:b1:56:
                    97:0f:68:10:e0:bd:9f:a5:05:a9:a3:38:00:96:64:
                    c1:ca:78:37:69:b6:3d:8e:8a:c8:14:84:9d:d2:73:
                    05:09:4e:88:dc:61:62:c8:ee:32:4a:4b:c2:15:40:
                    fd:61:cd:1a:eb:d0:02:c1:2f:78:09:15:8a:62:39:
                    e5:77:f2:9d:e6:32:79:1c:e7:a4:10:b4:26:c0:37:
                    ce:da:4b:34:0f:65:e8:73:d6:98:ce:2e:66:70:e1:
                    18:79:95:ac:b5:69:40:ed:43:6a:bb:64:1f:38:96:
                    60:f4:0c:66:3f:54:4e:3a:58:0b:0a:60:9f:49:c8:
                    4e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:49:9C:C0:74:97:A7:09:61:FF:93:95:2C:E5:25:87:F1:63:35:D8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215645.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.197.0/24
                  85.235.74.0/24
                  217.18.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:44:e1:c2:8a:f3:f7:22:be:45:57:0d:07:59:77:35:c0:04:
         64:30:70:2a:a1:d6:23:d2:2e:05:87:52:de:ea:c5:eb:14:70:
         f7:c3:3e:73:4c:f3:81:13:80:4f:eb:fa:95:55:74:e1:99:45:
         c4:78:ff:5b:76:f6:77:c8:be:2f:be:cc:68:38:37:31:3b:0e:
         ad:a1:5a:0d:d8:24:de:14:00:ae:3d:7e:4a:1b:8f:e9:89:60:
         77:c0:3a:6b:1d:a7:f0:ba:f7:1f:df:f9:aa:73:49:1a:87:61:
         88:67:c6:8c:0e:06:48:1f:ca:75:5b:79:e3:89:56:d2:92:c5:
         17:91:91:ca:1f:10:45:74:e8:6b:2d:99:4f:1a:8e:67:1d:6f:
         02:7d:9f:11:97:85:ef:cc:26:61:9b:98:7b:93:83:6e:95:83:
         cb:ee:05:8c:eb:51:70:f9:fc:5d:64:23:fb:3f:a0:c1:a6:fc:
         f2:37:c7:47:66:ea:cd:dd:da:3e:dd:21:85:f2:1c:28:4f:e0:
         06:1d:d5:bf:a0:74:87:f1:b5:73:f6:2e:3b:46:79:10:61:e0:
         03:a1:b1:cd:51:41:d6:22:db:2c:3d:fb:78:c7:a1:28:4f:75:
         2d:49:3d:08:ef:fd:cb:65:00:ab:9f:0c:d6:2b:23:b6:4b:bf:
         aa:5a:39:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUT6V0eL+Eb/emCEKqfv1ANytf3bAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTIwOTQ2MjBaFw0yNjEwMTEwOTUxMjBaMDMxMTAvBgNV
BAMTKDc2NDk5Q0MwNzQ5N0E3MDk2MUZGOTM5NTJDRTUyNTg3RjE2MzM1RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpSqLITZRGEMdCF/a80kQZWfmV
ztFYQuqyIEM86EDDbI7XwO1rnKwJNBK8Xp0bqC+huCW5stI5A/l9n/baaGPq+r8I
Qdf5NkM5v39BJUNwW9QwqSV3F2drt2KCzdEDZwK+bCUxG1icWBAI6SkWx9dw/tq7
Xg4tvvh+oZ41ZBUwoGJDPfKxVpcPaBDgvZ+lBamjOACWZMHKeDdptj2OisgUhJ3S
cwUJTojcYWLI7jJKS8IVQP1hzRrr0ALBL3gJFYpiOeV38p3mMnkc56QQtCbAN87a
SzQPZehz1pjOLmZw4Rh5lay1aUDtQ2q7ZB84lmD0DGY/VE46WAsKYJ9JyE7FAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUdkmcwHSXpwlh/5OVLOUlh/FjNdgwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1NjQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHyjF
AwQAVetKAwQA2RLQMA0GCSqGSIb3DQEBCwUAA4IBAQA3ROHCivP3Ir5FVw0HWXc1
wARkMHAqodYj0i4Fh1Le6sXrFHD3wz5zTPOBE4BP6/qVVXThmUXEeP9bdvZ3yL4v
vsxoODcxOw6toVoN2CTeFACuPX5KG4/piWB3wDprHafwuvcf3/mqc0kah2GIZ8aM
DgZIH8p1W3njiVbSksUXkZHKHxBFdOhrLZlPGo5nHW8CfZ8Rl4XvzCZhm5h7k4Nu
lYPL7gWM61Fw+fxdZCP7P6DBpvzyN8dHZurN3do+3SGF8hwoT+AGHdW/oHSH8bVz
9i47RnkQYeADobHNUUHWItssPft4x6EoT3UtST0I7/3LZQCrnwzWKyO2S7+qWjnk
-----END CERTIFICATE-----