Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          b8F3DsyctczGHNyF2TwMJhFiuJeVEFgjsZtJO/esPWk=
Subject key identifier:   D7:B3:77:1E:8B:10:A2:12:DB:46:D8:A6:42:BA:69:29:72:DE:30:3D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       13D7B352C83E2D3BE4996E17054D2D6E58D7B6AA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
Signing time:             Sat 20 Sep 2025 13:36:25 +0000
ROA not before:           Sat 20 Sep 2025 13:31:25 +0000
ROA not after:            Sat 19 Sep 2026 13:36:25 +0000
asID:                     215304
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d7:b3:52:c8:3e:2d:3b:e4:99:6e:17:05:4d:2d:6e:58:d7:b6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 20 13:31:25 2025 GMT
            Not After : Sep 19 13:36:25 2026 GMT
        Subject: CN=D7B3771E8B10A212DB46D8A642BA692972DE303D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:62:a2:ed:ab:21:0b:e7:10:67:a1:57:87:c5:
                    e3:d0:29:42:cb:52:7c:80:0c:01:6f:a1:ca:b9:cb:
                    b1:1a:cd:02:6e:7f:eb:2a:c3:53:b6:f8:88:9f:7a:
                    2f:52:40:06:7e:e4:66:98:f4:2e:07:2c:3c:e7:f2:
                    20:6d:2e:82:fa:4b:63:0c:46:de:d8:c9:2c:e4:9e:
                    08:62:4a:39:f7:ff:ae:b8:11:a6:85:36:6f:ec:cb:
                    32:f5:b7:2d:36:a7:df:b5:76:6e:64:9d:73:f0:0b:
                    a2:bd:7d:b6:e9:6a:48:b6:4d:f4:94:d0:53:42:fb:
                    55:6b:47:d6:90:33:89:e4:a7:33:16:c1:28:72:b5:
                    80:ca:3d:7b:6f:16:86:4e:d0:80:e2:7c:73:a2:75:
                    88:43:62:78:c2:06:be:d7:0e:97:d0:53:72:cc:c3:
                    fb:81:7c:b1:19:ff:68:c6:b3:65:01:5f:8c:8d:21:
                    87:c2:15:6b:1c:75:fa:25:33:8a:4c:ab:7b:03:24:
                    9f:78:93:1b:fb:a7:fa:7a:8b:a6:e5:19:29:d1:fb:
                    30:03:c2:6d:34:3f:f0:ae:56:71:a0:40:27:6d:1a:
                    be:35:3c:e7:9e:f5:a3:b0:a3:b0:dd:c5:47:3c:d5:
                    05:8b:c8:5d:c7:97:a3:df:11:57:62:d7:91:b8:5f:
                    f6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B3:77:1E:8B:10:A2:12:DB:46:D8:A6:42:BA:69:29:72:DE:30:3D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:c4:3f:9f:fa:13:ef:c3:cd:c9:71:18:ab:cb:f2:35:07:de:
         62:12:51:4f:93:1b:a4:3a:a7:27:6e:05:6e:16:3a:86:28:3d:
         01:67:92:e6:cd:4b:81:4e:46:b5:10:98:7c:bd:74:61:7d:f7:
         9a:17:4b:a2:db:ba:2d:82:84:aa:87:94:e5:e0:62:b1:22:b0:
         15:3f:e2:fe:34:78:94:e8:5e:31:fa:51:0d:ce:c3:5d:30:b8:
         8d:65:2a:14:75:e2:32:25:33:4c:8e:ba:03:03:cc:c2:3b:46:
         b8:cc:a4:28:38:29:3b:5c:05:52:ab:e9:3b:be:62:9b:a3:d8:
         4c:8a:32:af:d5:8e:ec:98:57:d0:a5:c1:83:ed:9d:48:15:81:
         95:af:a1:1c:46:33:9c:2d:18:e1:c9:f4:00:1b:c1:86:b3:8c:
         15:3b:d8:e5:59:b9:ae:be:e8:fb:d1:96:49:2b:57:4c:29:53:
         43:49:7f:70:c1:b4:7e:86:55:18:e3:96:46:a7:5e:fc:0e:2f:
         9d:b6:24:04:99:c6:90:46:90:58:e3:8d:9f:f1:e1:7d:79:47:
         e1:33:80:52:8c:17:92:ff:07:8d:e5:c1:0b:b4:fa:19:49:c7:
         9c:56:19:54:98:3d:2a:70:6f:1e:a0:e5:ed:b3:a2:bd:e2:0e:
         e6:ba:83:6f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUE9ezUsg+LTvkmW4XBU0tbljXtqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MjAxMzMxMjVaFw0yNjA5MTkxMzM2MjVaMDMxMTAvBgNV
BAMTKEQ3QjM3NzFFOEIxMEEyMTJEQjQ2RDhBNjQyQkE2OTI5NzJERTMwM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzYqLtqyEL5xBnoVeHxePQKULL
UnyADAFvocq5y7EazQJuf+sqw1O2+Iifei9SQAZ+5GaY9C4HLDzn8iBtLoL6S2MM
Rt7YySzknghiSjn3/664EaaFNm/syzL1ty02p9+1dm5knXPwC6K9fbbpaki2TfSU
0FNC+1VrR9aQM4nkpzMWwShytYDKPXtvFoZO0IDifHOidYhDYnjCBr7XDpfQU3LM
w/uBfLEZ/2jGs2UBX4yNIYfCFWscdfolM4pMq3sDJJ94kxv7p/p6i6blGSnR+zAD
wm00P/CuVnGgQCdtGr41POee9aOwo7DdxUc81QWLyF3Hl6PfEVdi15G4X/btAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU17N3HosQohLbRtimQrppKXLeMD0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQts
AwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQARxD+f+hPvw83JcRiry/I1B95iElFP
kxukOqcnbgVuFjqGKD0BZ5LmzUuBTka1EJh8vXRhffeaF0ui27otgoSqh5Tl4GKx
IrAVP+L+NHiU6F4x+lENzsNdMLiNZSoUdeIyJTNMjroDA8zCO0a4zKQoOCk7XAVS
q+k7vmKbo9hMijKv1Y7smFfQpcGD7Z1IFYGVr6EcRjOcLRjhyfQAG8GGs4wVO9jl
Wbmuvuj70ZZJK1dMKVNDSX9wwbR+hlUY45ZGp178Di+dtiQEmcaQRpBY442f8eF9
eUfhM4BSjBeS/weN5cELtPoZScecVhlUmD0qcG8eoOXts6K94g7muoNv
-----END CERTIFICATE-----