Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          E00Xtz1ZcWX+eaK/v2aeiWJ0F9Kzyg1cwXBF/npNXqg=
Subject key identifier:   E4:C9:87:70:1C:6F:0B:46:95:52:E7:10:C0:B9:DE:E0:92:85:27:D0
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7246D331DFFE867FA0C54D5E8297EC5652743995
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
Signing time:             Wed 18 Jun 2025 19:10:38 +0000
ROA not before:           Wed 18 Jun 2025 19:05:38 +0000
ROA not after:            Wed 17 Jun 2026 19:10:38 +0000
asID:                     215304
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:46:d3:31:df:fe:86:7f:a0:c5:4d:5e:82:97:ec:56:52:74:39:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 18 19:05:38 2025 GMT
            Not After : Jun 17 19:10:38 2026 GMT
        Subject: CN=E4C987701C6F0B469552E710C0B9DEE0928527D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:04:9f:ae:be:f2:6a:f1:d3:e8:cd:ea:5a:99:
                    be:62:f8:c1:7d:8c:03:d9:e9:bd:cc:e5:bd:4e:87:
                    58:2d:38:87:23:19:09:d1:51:ea:68:29:f2:84:85:
                    4b:43:ce:6f:e9:6e:70:ff:30:21:53:03:3c:57:56:
                    f1:b9:88:8c:cf:24:74:48:f0:4c:b4:6e:0e:46:6d:
                    94:17:78:fb:2f:89:ae:61:16:f4:d1:b2:80:05:f4:
                    7d:89:ae:40:e6:99:7a:ec:ce:9c:b5:4f:d5:30:15:
                    56:ff:7a:01:5d:e5:be:42:5e:ef:6c:17:6c:9c:40:
                    a8:08:bf:2f:9f:6a:c9:91:aa:8f:dd:22:12:d0:c3:
                    bc:da:ba:60:07:4d:f3:27:62:8f:56:02:f3:96:ec:
                    e6:ec:70:f7:f1:4f:80:85:26:4a:91:62:80:a3:1b:
                    fb:89:e8:ee:6a:d2:6f:3b:bd:10:48:ce:76:06:51:
                    13:fb:ae:d2:25:e4:a7:fd:cc:3e:57:b6:e0:bd:69:
                    65:64:c8:df:20:85:8c:78:e1:b2:60:90:02:ad:2e:
                    ab:b4:b7:55:b5:8b:3b:23:9b:00:71:6f:4f:e2:63:
                    f8:30:a8:c1:95:4e:2e:d5:c4:20:ae:64:6f:09:07:
                    b3:1c:34:b3:cb:6c:75:f0:2b:cd:63:a7:34:11:e3:
                    cf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:C9:87:70:1C:6F:0B:46:95:52:E7:10:C0:B9:DE:E0:92:85:27:D0
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0e:39:e2:28:18:d0:db:d2:26:25:36:8b:e0:bb:be:89:59:
         43:8c:d8:89:8f:63:f0:c5:46:4b:42:a2:c6:48:60:c0:41:c3:
         e6:4f:b1:14:f5:4b:bc:5d:36:fb:cf:4b:10:b0:bb:3d:dd:be:
         fc:d9:ed:22:b7:3a:e4:f5:51:41:ab:48:75:fa:d7:37:d7:cc:
         7b:f8:6c:bb:e1:fe:30:9b:0f:95:73:42:08:78:0a:f7:b1:25:
         2f:fb:92:0a:df:58:1c:a8:a6:a6:40:1b:c1:95:62:2f:8e:cc:
         2c:48:ae:8f:3f:44:87:d2:90:76:7b:d7:c8:8b:d2:3a:d9:5f:
         87:f8:68:9d:48:f2:61:8c:c4:a4:e6:56:25:6d:75:70:52:12:
         6c:d0:e5:1d:88:91:50:53:18:51:f8:b8:fb:0c:06:7e:f5:15:
         46:2c:9a:98:a8:65:89:94:9e:12:48:38:b5:5f:02:de:20:bc:
         d1:d7:29:ab:a2:28:d2:a2:50:58:78:f7:19:4a:c7:0e:68:6e:
         9e:d4:1e:a5:ce:55:c4:23:22:db:f0:b7:e5:6e:3d:ca:f9:03:
         45:10:93:6e:b4:2f:82:3b:a8:c0:7f:33:08:83:f3:88:72:97:
         52:de:22:24:03:8f:6a:74:8b:56:41:e7:69:a2:9e:d3:99:a6:
         3a:5d:38:4f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUckbTMd/+hn+gxU1egpfsVlJ0OZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTgxOTA1MzhaFw0yNjA2MTcxOTEwMzhaMDMxMTAvBgNV
BAMTKEU0Qzk4NzcwMUM2RjBCNDY5NTUyRTcxMEMwQjlERUUwOTI4NTI3RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1BJ+uvvJq8dPozepamb5i+MF9
jAPZ6b3M5b1Oh1gtOIcjGQnRUepoKfKEhUtDzm/pbnD/MCFTAzxXVvG5iIzPJHRI
8Ey0bg5GbZQXePsvia5hFvTRsoAF9H2JrkDmmXrszpy1T9UwFVb/egFd5b5CXu9s
F2ycQKgIvy+fasmRqo/dIhLQw7zaumAHTfMnYo9WAvOW7ObscPfxT4CFJkqRYoCj
G/uJ6O5q0m87vRBIznYGURP7rtIl5Kf9zD5XtuC9aWVkyN8ghYx44bJgkAKtLqu0
t1W1izsjmwBxb0/iY/gwqMGVTi7VxCCuZG8JB7McNLPLbHXwK81jpzQR488ZAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU5MmHcBxvC0aVUucQwLne4JKFJ9AwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQts
AwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQBVDjniKBjQ29ImJTaL4Lu+iVlDjNiJ
j2PwxUZLQqLGSGDAQcPmT7EU9Uu8XTb7z0sQsLs93b782e0itzrk9VFBq0h1+tc3
18x7+Gy74f4wmw+Vc0IIeAr3sSUv+5IK31gcqKamQBvBlWIvjswsSK6PP0SH0pB2
e9fIi9I62V+H+GidSPJhjMSk5lYlbXVwUhJs0OUdiJFQUxhR+Lj7DAZ+9RVGLJqY
qGWJlJ4SSDi1XwLeILzR1ymroijSolBYePcZSscOaG6e1B6lzlXEIyLb8Lflbj3K
+QNFEJNutC+CO6jAfzMIg/OIcpdS3iIkA49qdItWQedpop7TmaY6XThP
-----END CERTIFICATE-----