Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151373.roa
File:                     AS151373.roa (raw, json)
Hash identifier:          j/8TUsp/nO1LKyKFEUpt/yAUCdwsZVcskxhccxLWug4=
Subject key identifier:   C2:3D:13:43:BE:82:CF:98:7A:09:8F:B4:F0:3B:69:DE:7F:77:B1:69
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       55C2BBBBC895D113006ED71EE940D70DE5CD9B5F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151373.roa
Signing time:             Thu 03 Jul 2025 11:57:20 +0000
ROA not before:           Thu 03 Jul 2025 11:52:20 +0000
ROA not after:            Thu 02 Jul 2026 11:57:20 +0000
asID:                     151373
IP address blocks:        155.117.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 03:57:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c2:bb:bb:c8:95:d1:13:00:6e:d7:1e:e9:40:d7:0d:e5:cd:9b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  3 11:52:20 2025 GMT
            Not After : Jul  2 11:57:20 2026 GMT
        Subject: CN=C23D1343BE82CF987A098FB4F03B69DE7F77B169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:a9:04:63:ca:15:2a:73:09:0c:a6:03:c8:
                    73:c9:00:f5:f0:5a:0c:ad:e0:0f:34:a2:ab:f3:e8:
                    4f:25:f4:e4:18:82:dc:38:d7:b2:89:39:4c:6d:f4:
                    27:2b:8c:d0:66:0f:9b:65:f5:30:1c:5c:aa:bb:10:
                    cd:31:47:14:92:f1:c6:8f:b5:32:31:51:92:68:78:
                    af:1b:77:7c:d9:20:83:3a:5b:48:a1:27:f6:50:35:
                    88:30:c3:cf:13:c1:fb:14:12:f0:99:9a:05:bb:a8:
                    70:cf:24:9b:2a:1f:02:bf:ed:73:ae:ab:15:44:2d:
                    a2:7d:a9:05:31:16:e9:c7:0e:53:3d:de:27:28:1a:
                    d9:3a:0b:8b:d3:8d:b6:75:a0:b9:13:ea:4f:1f:8b:
                    d0:71:6a:7f:12:db:2c:7b:73:2e:c1:df:0c:2a:ed:
                    36:93:64:6e:c4:62:7c:cc:1c:01:63:3c:27:1b:f7:
                    06:07:3e:be:02:f1:15:b7:34:ee:fa:22:e4:fc:2c:
                    94:45:c0:89:f6:fc:8c:af:26:64:05:b9:08:31:b1:
                    93:75:6e:42:52:7b:5f:ed:4a:ef:be:b4:68:d8:ad:
                    b2:ad:d2:17:25:58:84:68:de:de:e9:00:ba:28:82:
                    0e:14:be:88:1f:56:9c:f2:15:4c:20:6c:7c:f9:89:
                    89:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3D:13:43:BE:82:CF:98:7A:09:8F:B4:F0:3B:69:DE:7F:77:B1:69
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:9d:6d:5e:41:04:af:f3:58:2d:06:ac:ab:68:49:42:49:c4:
         27:4c:a7:15:3f:ac:d1:84:49:ee:aa:53:c4:9a:bb:00:d7:1e:
         36:f5:3b:78:22:ad:e5:6d:fd:d7:33:94:8e:b3:e9:e7:db:ad:
         27:83:7c:62:6b:44:07:9f:7a:08:58:e0:2b:9d:04:47:aa:05:
         64:68:24:fe:97:1c:2d:29:a0:17:9f:13:47:62:6d:8f:25:86:
         48:e8:93:87:eb:9d:b6:e1:da:fe:44:7c:a5:7c:b5:60:ba:3d:
         82:8f:ef:d8:30:96:f4:83:80:95:cd:63:dc:e7:72:b1:90:03:
         c1:93:f2:2a:d0:ea:8c:0f:54:74:35:dd:4c:03:dc:8c:bb:12:
         df:bd:24:73:f0:3c:e7:24:b1:b2:9a:03:87:01:b3:49:a0:0d:
         6c:10:4c:87:da:89:d3:b1:40:ef:68:32:0a:67:bd:b5:53:46:
         de:df:2b:2b:1d:f4:bd:63:37:5e:60:fb:20:2c:30:0e:6a:12:
         1f:7e:57:0f:c2:4d:c2:28:dc:45:5b:73:ba:73:ee:a6:21:74:
         70:11:97:0f:3d:e3:ae:ec:95:3b:10:8a:5a:d1:02:5b:ba:cc:
         55:97:20:b0:6b:a4:ec:02:3a:a0:39:96:7c:6d:37:76:47:d9:
         c4:4e:f6:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVcK7u8iV0RMAbtce6UDXDeXNm18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDMxMTUyMjBaFw0yNjA3MDIxMTU3MjBaMDMxMTAvBgNV
BAMTKEMyM0QxMzQzQkU4MkNGOTg3QTA5OEZCNEYwM0I2OURFN0Y3N0IxNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC50KkEY8oVKnMJDKYDyHPJAPXw
Wgyt4A80oqvz6E8l9OQYgtw417KJOUxt9CcrjNBmD5tl9TAcXKq7EM0xRxSS8caP
tTIxUZJoeK8bd3zZIIM6W0ihJ/ZQNYgww88TwfsUEvCZmgW7qHDPJJsqHwK/7XOu
qxVELaJ9qQUxFunHDlM93icoGtk6C4vTjbZ1oLkT6k8fi9Bxan8S2yx7cy7B3wwq
7TaTZG7EYnzMHAFjPCcb9wYHPr4C8RW3NO76IuT8LJRFwIn2/IyvJmQFuQgxsZN1
bkJSe1/tSu++tGjYrbKt0hclWIRo3t7pALoogg4UvogfVpzyFUwgbHz5iYnzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwj0TQ76Cz5h6CY+08Dtp3n93sWkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUxMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3W4
MA0GCSqGSIb3DQEBCwUAA4IBAQAbnW1eQQSv81gtBqyraElCScQnTKcVP6zRhEnu
qlPEmrsA1x429Tt4Iq3lbf3XM5SOs+nn260ng3xia0QHn3oIWOArnQRHqgVkaCT+
lxwtKaAXnxNHYm2PJYZI6JOH65224dr+RHylfLVguj2Cj+/YMJb0g4CVzWPc53Kx
kAPBk/Iq0OqMD1R0Nd1MA9yMuxLfvSRz8DznJLGymgOHAbNJoA1sEEyH2onTsUDv
aDIKZ721U0be3ysrHfS9YzdeYPsgLDAOahIfflcPwk3CKNxFW3O6c+6mIXRwEZcP
PeOu7JU7EIpa0QJbusxVlyCwa6TsAjqgOZZ8bTd2R9nETvaM
-----END CERTIFICATE-----