Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS142146.roa
File:                     AS142146.roa (raw, json)
Hash identifier:          fseTsz55aq1LPkC0Kw9fthcFhpJ+rLWQ/uwRIch16qQ=
Subject key identifier:   25:F8:D0:E0:A1:6B:D8:12:E2:E7:CC:3B:A4:A8:69:79:C7:DB:62:E3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       44C3038323B15C54584FBF2D8CAC5D17E033917B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS142146.roa
Signing time:             Tue 21 Apr 2026 11:50:15 +0000
ROA not before:           Tue 21 Apr 2026 11:45:15 +0000
ROA not after:            Tue 20 Apr 2027 11:50:15 +0000
asID:                     142146
IP address blocks:        147.79.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c3:03:83:23:b1:5c:54:58:4f:bf:2d:8c:ac:5d:17:e0:33:91:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 21 11:45:15 2026 GMT
            Not After : Apr 20 11:50:15 2027 GMT
        Subject: CN=25F8D0E0A16BD812E2E7CC3BA4A86979C7DB62E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e5:5b:6d:8c:84:cf:1b:78:6f:65:09:15:1a:
                    17:89:f1:e2:7d:21:1f:06:c5:03:c3:1a:3a:fb:7f:
                    a3:6b:15:36:d2:ba:ae:e8:d8:ef:ea:9e:3f:bf:15:
                    76:5d:d8:85:e9:07:d0:9f:8c:59:4d:a6:fe:eb:08:
                    bc:53:b5:c2:85:44:9f:ee:7b:54:1c:ce:55:67:50:
                    71:b9:01:72:35:38:02:9c:30:23:e1:c1:d8:8b:c8:
                    48:59:d9:be:f2:98:5f:2f:a9:7d:2d:48:0d:c2:59:
                    27:54:96:eb:61:45:a4:6a:02:30:e0:1f:9b:d2:7c:
                    49:ed:0e:00:91:2b:2c:66:45:75:c5:a1:b1:31:3f:
                    ca:1a:af:79:84:b8:04:51:1c:d7:5b:46:f2:48:30:
                    00:bd:b5:67:ec:ba:f5:99:b2:34:73:81:a9:1d:66:
                    bf:b2:4f:56:60:2e:09:89:d3:50:cd:2d:09:4a:07:
                    af:fe:8c:fc:a3:28:de:a2:40:06:43:b3:1e:54:97:
                    ba:91:f3:8d:cb:32:e0:d3:cf:f5:15:21:76:d1:4c:
                    a7:9f:e2:df:c4:a3:0d:eb:52:24:79:7d:6f:81:e1:
                    89:1d:38:99:1d:3d:93:3f:cc:24:8b:15:19:14:cb:
                    e3:aa:78:34:fc:1c:19:4a:d8:27:e1:9b:76:3e:a1:
                    c0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F8:D0:E0:A1:6B:D8:12:E2:E7:CC:3B:A4:A8:69:79:C7:DB:62:E3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS142146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ce:dc:3f:06:8d:ec:de:cf:cd:d8:08:82:68:63:06:14:18:
         f5:93:b3:42:4e:fe:1d:18:aa:99:1f:d4:d1:f9:19:f9:c6:25:
         f6:ed:a6:35:61:f0:6b:21:52:b4:f4:77:35:70:fb:15:c1:8d:
         09:14:4b:59:27:0a:fd:7a:5d:4f:50:4c:88:0e:19:fb:58:f8:
         12:46:31:6d:79:c9:a6:c0:ed:f7:21:d3:29:2b:f7:ba:05:ba:
         f3:ac:86:c3:60:ce:d6:4f:c6:6d:4f:f9:63:16:e0:75:8d:9d:
         d0:58:0c:50:bd:ca:93:ba:40:db:d5:5c:77:e9:2d:de:ec:61:
         96:35:8b:91:45:61:58:ad:89:07:a4:ea:b4:7b:d9:d4:df:cd:
         25:04:06:75:17:a2:ab:6d:80:2e:c9:27:ef:50:21:90:00:00:
         b8:71:3b:78:53:77:f0:2c:5e:65:85:6b:ae:db:35:56:eb:02:
         ee:28:7a:bd:07:73:57:a9:1b:0e:ca:b0:3d:8c:bf:55:7f:d9:
         df:67:a2:b7:30:d3:9e:73:52:50:5d:91:7e:ef:52:6d:58:4b:
         78:4c:71:c4:c5:59:66:31:ff:30:7e:56:1d:59:05:d4:4c:28:
         53:ae:89:e2:61:5e:dd:d3:68:34:fc:4f:eb:09:ae:ed:62:df:
         32:db:30:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURMMDgyOxXFRYT78tjKxdF+AzkXswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjExMTQ1MTVaFw0yNzA0MjAxMTUwMTVaMDMxMTAvBgNV
BAMTKDI1RjhEMEUwQTE2QkQ4MTJFMkU3Q0MzQkE0QTg2OTc5QzdEQjYyRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP5VttjITPG3hvZQkVGheJ8eJ9
IR8GxQPDGjr7f6NrFTbSuq7o2O/qnj+/FXZd2IXpB9CfjFlNpv7rCLxTtcKFRJ/u
e1QczlVnUHG5AXI1OAKcMCPhwdiLyEhZ2b7ymF8vqX0tSA3CWSdUluthRaRqAjDg
H5vSfEntDgCRKyxmRXXFobExP8oar3mEuARRHNdbRvJIMAC9tWfsuvWZsjRzgakd
Zr+yT1ZgLgmJ01DNLQlKB6/+jPyjKN6iQAZDsx5Ul7qR843LMuDTz/UVIXbRTKef
4t/Eow3rUiR5fW+B4YkdOJkdPZM/zCSLFRkUy+OqeDT8HBlK2Cfhm3Y+ocBvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJfjQ4KFr2BLi58w7pKhpecfbYuMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTQyMTQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk086
MA0GCSqGSIb3DQEBCwUAA4IBAQCDztw/Bo3s3s/N2AiCaGMGFBj1k7NCTv4dGKqZ
H9TR+Rn5xiX27aY1YfBrIVK09Hc1cPsVwY0JFEtZJwr9el1PUEyIDhn7WPgSRjFt
ecmmwO33IdMpK/e6BbrzrIbDYM7WT8ZtT/ljFuB1jZ3QWAxQvcqTukDb1Vx36S3e
7GGWNYuRRWFYrYkHpOq0e9nU380lBAZ1F6KrbYAuySfvUCGQAAC4cTt4U3fwLF5l
hWuu2zVW6wLuKHq9B3NXqRsOyrA9jL9Vf9nfZ6K3MNOec1JQXZF+71JtWEt4THHE
xVlmMf8wflYdWQXUTChTroniYV7d02g0/E/rCa7tYt8y2zCm
-----END CERTIFICATE-----