Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          CQnRq6vKwbUpJ9bxrXtnbV9SEGHtdF6CJHl6/szsq7w=
Subject key identifier:   CC:34:91:17:09:40:9C:E0:D2:4F:8A:6C:DB:F1:0D:EE:F8:1F:CE:7D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       128F6083CBCD178F89D390DC6B9CF78829F0A79D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa
Signing time:             Fri 08 Aug 2025 16:34:11 +0000
ROA not before:           Fri 08 Aug 2025 16:29:11 +0000
ROA not after:            Fri 07 Aug 2026 16:34:11 +0000
asID:                     215304
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.181.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:8f:60:83:cb:cd:17:8f:89:d3:90:dc:6b:9c:f7:88:29:f0:a7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug  8 16:29:11 2025 GMT
            Not After : Aug  7 16:34:11 2026 GMT
        Subject: CN=CC34911709409CE0D24F8A6CDBF10DEEF81FCE7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c9:cd:8d:bb:10:4e:f9:55:be:6d:0a:05:c9:
                    7b:2a:4a:16:37:97:a0:c6:34:98:90:32:17:73:92:
                    ff:5c:c5:63:8f:d6:fb:97:cb:6e:28:28:09:18:4c:
                    83:57:94:4c:1f:65:5d:1a:20:d3:63:25:f5:0a:4a:
                    00:8b:56:fe:8e:b0:45:40:ea:54:57:c1:11:5e:d5:
                    f3:9c:f3:6c:2f:55:46:17:a4:77:56:70:5f:94:ce:
                    83:67:4a:e5:a7:cb:35:00:49:03:47:6a:8a:6a:9d:
                    84:24:98:10:85:7c:88:00:a3:cd:d1:f4:96:46:9e:
                    7f:e0:7c:f6:62:ea:93:70:a8:65:52:30:a9:49:91:
                    fb:f7:ff:cc:f0:2a:5f:c5:15:be:6f:33:96:99:59:
                    84:36:cf:e5:fb:78:38:c5:4d:9c:5d:08:2c:eb:1e:
                    14:d0:ee:ba:07:8a:d9:14:ea:fd:fb:03:dd:bf:3c:
                    79:70:9d:f4:52:9b:00:b1:26:1d:28:ec:bd:56:4c:
                    e1:bf:84:98:fb:d3:1d:9f:0c:a3:fa:35:67:e0:13:
                    28:6d:1d:c3:bb:d3:28:1b:da:26:53:74:19:41:72:
                    d6:b1:8b:f5:8d:fc:6e:70:c2:15:18:fc:48:eb:f4:
                    96:c5:6f:81:b3:48:60:c2:1d:6a:ec:93:f7:ae:5e:
                    66:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:34:91:17:09:40:9C:E0:D2:4F:8A:6C:DB:F1:0D:EE:F8:1F:CE:7D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.181.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d8:15:03:1c:ab:36:26:bb:d3:40:82:d2:39:a4:fd:47:2b:
         30:23:ea:d5:6b:6e:13:8b:eb:6c:02:d2:da:9e:75:eb:ba:ab:
         24:51:af:9f:11:9e:eb:6d:bb:ee:1a:e0:f0:f7:b4:8c:8f:9e:
         0c:5a:67:ec:3b:b1:02:14:f6:98:04:27:2a:0d:46:65:42:f2:
         b4:4e:33:9c:39:dd:73:b3:0b:97:f9:95:9f:84:71:d5:eb:0b:
         c6:c5:31:7f:10:1f:1f:f0:3c:8e:e9:25:19:9d:93:3e:3a:37:
         8b:94:e2:e1:de:0f:aa:d6:b7:e2:c5:d6:ee:d5:d1:a4:7e:b7:
         96:ae:a3:ae:52:32:51:d4:47:a6:ac:e5:80:47:ce:03:e3:87:
         f8:68:e3:82:42:06:5a:37:c6:17:35:9a:0c:35:18:10:58:03:
         6c:91:2f:73:3c:05:e6:04:99:2a:8f:37:db:d1:ee:60:13:7b:
         e0:d6:58:1e:8d:f1:24:30:c8:b6:14:8c:6e:9b:47:ff:05:03:
         88:e4:4d:aa:ec:55:cd:1b:ec:60:0a:d0:35:dc:81:b5:0e:12:
         b0:50:a6:77:6e:a3:65:41:fd:83:4a:13:23:d0:a6:d3:20:39:
         0e:5c:72:8a:4e:91:73:a4:e7:c2:22:c5:ed:05:72:9d:1d:5b:
         ef:9a:f1:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUEo9gg8vNF4+J05Dca5z3iCnwp50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA4MDgxNjI5MTFaFw0yNjA4MDcxNjM0MTFaMDMxMTAvBgNV
BAMTKENDMzQ5MTE3MDk0MDlDRTBEMjRGOEE2Q0RCRjEwREVFRjgxRkNFN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+yc2NuxBO+VW+bQoFyXsqShY3
l6DGNJiQMhdzkv9cxWOP1vuXy24oKAkYTINXlEwfZV0aINNjJfUKSgCLVv6OsEVA
6lRXwRFe1fOc82wvVUYXpHdWcF+UzoNnSuWnyzUASQNHaopqnYQkmBCFfIgAo83R
9JZGnn/gfPZi6pNwqGVSMKlJkfv3/8zwKl/FFb5vM5aZWYQ2z+X7eDjFTZxdCCzr
HhTQ7roHitkU6v37A92/PHlwnfRSmwCxJh0o7L1WTOG/hJj70x2fDKP6NWfgEyht
HcO70ygb2iZTdBlBctaxi/WN/G5wwhUY/Ejr9JbFb4GzSGDCHWrsk/euXmY3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUzDSRFwlAnODST4ps2/EN7vgfzn0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQts
AwQAjQu1AwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQBb2BUDHKs2JrvTQILSOaT9
RyswI+rVa24Ti+tsAtLannXruqskUa+fEZ7rbbvuGuDw97SMj54MWmfsO7ECFPaY
BCcqDUZlQvK0TjOcOd1zswuX+ZWfhHHV6wvGxTF/EB8f8DyO6SUZnZM+OjeLlOLh
3g+q1rfixdbu1dGkfreWrqOuUjJR1EemrOWAR84D44f4aOOCQgZaN8YXNZoMNRgQ
WANskS9zPAXmBJkqjzfb0e5gE3vg1lgejfEkMMi2FIxum0f/BQOI5E2q7FXNG+xg
CtA13IG1DhKwUKZ3bqNlQf2DShMj0KbTIDkOXHKKTpFzpOfCIsXtBXKdHVvvmvGg
-----END CERTIFICATE-----