Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          zYuQ8+tsP9i0AjU8baCOvm4qsPAaP6kWxDerxOUL7wc=
Subject key identifier:   53:93:3C:2E:B9:59:AB:48:0B:3A:3B:4B:D3:A7:D7:66:08:40:5E:B2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5F1B2650601B37D5F31A7336034E5E85C179672D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
Signing time:             Wed 09 Jul 2025 14:13:17 +0000
ROA not before:           Wed 09 Jul 2025 14:08:17 +0000
ROA not after:            Wed 08 Jul 2026 14:13:17 +0000
asID:                     53356
IP address blocks:        148.135.163.0/24 maxlen: 24
                          155.117.16.0/24 maxlen: 24
                          167.148.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:1b:26:50:60:1b:37:d5:f3:1a:73:36:03:4e:5e:85:c1:79:67:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  9 14:08:17 2025 GMT
            Not After : Jul  8 14:13:17 2026 GMT
        Subject: CN=53933C2EB959AB480B3A3B4BD3A7D76608405EB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:40:e2:93:75:49:4a:24:d3:de:c8:6f:bc:07:
                    4d:59:ce:cb:ec:24:ca:09:96:81:aa:f1:96:75:28:
                    93:e2:84:6d:65:ae:3b:6c:9f:7f:5c:3b:85:55:1d:
                    36:bf:d5:d5:4f:24:1c:22:56:ac:50:05:be:98:f9:
                    7d:7f:bc:b7:61:6c:10:77:a5:c2:96:49:6d:9e:03:
                    7b:5a:25:d0:87:49:2f:6d:b2:dd:ec:f6:41:8c:82:
                    15:e6:21:08:04:c0:4b:a8:bf:68:14:0a:ea:db:0e:
                    67:44:5e:0d:a1:d1:d5:73:f7:1c:58:b1:75:e0:cf:
                    c9:d1:cb:83:fb:ab:63:dc:8d:ad:eb:cc:7c:43:55:
                    84:93:20:14:f7:33:31:69:55:2f:8d:2b:15:27:20:
                    3e:d9:76:a1:4f:d7:56:3d:1c:0c:78:32:1c:5a:db:
                    b6:e5:82:35:0d:e4:a1:4a:9e:91:78:ac:1e:c3:2b:
                    a0:be:9d:15:93:1b:79:9d:0a:f1:d3:76:1b:f6:8f:
                    3b:5b:5b:c9:99:06:82:2f:fb:9b:3f:75:93:22:ec:
                    1a:47:61:40:c1:2e:8d:5f:60:61:83:d9:18:7d:6f:
                    c4:74:60:f6:28:7d:d2:b2:65:a1:e8:c1:f4:9f:54:
                    db:d6:fb:f0:42:c6:44:5d:d2:f7:c8:d1:e3:a8:66:
                    87:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:93:3C:2E:B9:59:AB:48:0B:3A:3B:4B:D3:A7:D7:66:08:40:5E:B2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.163.0/24
                  155.117.16.0/24
                  167.148.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:cc:72:8a:f8:f6:f8:20:94:0c:bc:b6:9b:75:ac:a4:ea:99:
         22:e4:c7:2c:5f:be:03:08:ab:1c:c6:b7:56:c7:31:0c:36:38:
         e1:9f:fc:4d:05:08:0d:00:3f:63:9a:b4:9a:1d:c5:be:9e:19:
         26:2d:19:4a:ac:71:3a:1a:a0:b5:3f:54:34:3a:49:7d:ef:c6:
         61:17:b1:d7:b2:cc:35:b0:9a:1e:00:fd:05:e0:30:ca:f4:fc:
         ac:31:9c:c7:42:2f:f8:b9:9e:e4:51:6c:f4:3a:1f:39:dc:50:
         2a:76:7a:41:11:71:47:bb:f2:56:c4:e1:07:f8:17:34:76:89:
         0d:38:c8:72:d9:e1:64:3e:c7:a8:7b:02:c0:26:7c:d6:2c:50:
         e9:7a:cb:2a:de:66:5d:26:b1:0f:8e:e4:66:b4:31:9b:81:ae:
         27:e3:aa:b6:1b:50:fe:02:4b:6a:58:e0:1d:34:a2:fa:e0:8f:
         91:95:70:08:8e:8c:54:4e:b5:52:65:c8:1c:41:12:96:23:ae:
         e9:c0:ed:49:f0:ee:fe:d2:a6:a3:ce:7c:67:40:69:c3:7e:06:
         a9:0c:15:ef:6c:86:32:16:24:a7:d4:40:93:03:50:e1:ed:c3:
         48:39:3c:44:f5:f6:ec:4b:d6:ef:2b:dd:06:34:d9:a6:bf:4b:
         ad:6e:08:d4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUXxsmUGAbN9XzGnM2A05ehcF5Zy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDkxNDA4MTdaFw0yNjA3MDgxNDEzMTdaMDMxMTAvBgNV
BAMTKDUzOTMzQzJFQjk1OUFCNDgwQjNBM0I0QkQzQTdENzY2MDg0MDVFQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtQOKTdUlKJNPeyG+8B01Zzsvs
JMoJloGq8ZZ1KJPihG1lrjtsn39cO4VVHTa/1dVPJBwiVqxQBb6Y+X1/vLdhbBB3
pcKWSW2eA3taJdCHSS9tst3s9kGMghXmIQgEwEuov2gUCurbDmdEXg2h0dVz9xxY
sXXgz8nRy4P7q2Pcja3rzHxDVYSTIBT3MzFpVS+NKxUnID7ZdqFP11Y9HAx4Mhxa
27blgjUN5KFKnpF4rB7DK6C+nRWTG3mdCvHTdhv2jztbW8mZBoIv+5s/dZMi7BpH
YUDBLo1fYGGD2Rh9b8R0YPYofdKyZaHowfSfVNvW+/BCxkRd0vfI0eOoZoedAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUU5M8LrlZq0gLOjtL06fXZghAXrIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACUh6MD
BACbdRADBACnlA8wDQYJKoZIhvcNAQELBQADggEBADDMcor49vgglAy8tpt1rKTq
mSLkxyxfvgMIqxzGt1bHMQw2OOGf/E0FCA0AP2OatJodxb6eGSYtGUqscToaoLU/
VDQ6SX3vxmEXsdeyzDWwmh4A/QXgMMr0/KwxnMdCL/i5nuRRbPQ6HzncUCp2ekER
cUe78lbE4Qf4FzR2iQ04yHLZ4WQ+x6h7AsAmfNYsUOl6yyreZl0msQ+O5Ga0MZuB
rifjqrYbUP4CS2pY4B00ovrgj5GVcAiOjFROtVJlyBxBEpYjrunA7Unw7v7SpqPO
fGdAacN+BqkMFe9shjIWJKfUQJMDUOHtw0g5PET19uxL1u8r3QY02aa/S61uCNQ=
-----END CERTIFICATE-----