Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS147060.roa
File:                     AS147060.roa (raw, json)
Hash identifier:          +s+d+mTgjVOlc+3nHE+CqJgPCyX28iDzWO6NohhVpHI=
Subject key identifier:   B9:95:E3:34:05:6D:3F:B8:54:13:A6:0B:37:49:89:E9:F8:22:AD:23
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       545B44D29EFE1FFC42D25472F673433C225B9DB1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS147060.roa
Signing time:             Wed 01 Oct 2025 08:25:15 +0000
ROA not before:           Wed 01 Oct 2025 08:20:15 +0000
ROA not after:            Wed 30 Sep 2026 08:25:15 +0000
asID:                     147060
IP address blocks:        147.79.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 18:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:5b:44:d2:9e:fe:1f:fc:42:d2:54:72:f6:73:43:3c:22:5b:9d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  1 08:20:15 2025 GMT
            Not After : Sep 30 08:25:15 2026 GMT
        Subject: CN=B995E334056D3FB85413A60B374989E9F822AD23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:20:53:f2:ae:aa:a9:26:5b:a8:86:5f:5c:
                    5c:6c:a7:39:50:a6:d6:8d:69:fb:f1:b9:88:ee:21:
                    48:7b:53:2f:7f:c2:8d:3f:7b:f9:ef:42:0b:68:51:
                    39:58:a5:e7:64:31:cc:ae:b6:22:7c:65:3d:94:07:
                    e5:54:e3:c8:f3:4e:98:ec:45:53:90:b2:52:d2:20:
                    54:27:d5:02:a9:22:1d:36:3b:d7:67:ce:55:4d:a2:
                    12:76:7f:2a:0b:43:7e:fa:6e:af:f0:97:08:8d:b3:
                    1b:dd:97:0f:48:eb:6d:23:72:da:5f:c0:76:ef:41:
                    1d:ba:d5:ec:00:83:a5:fe:2d:56:14:af:7e:3e:bc:
                    6a:01:ee:a8:25:8b:3d:7e:9b:ce:02:16:0a:06:5a:
                    0c:4c:d4:19:79:14:ed:30:c8:b2:1a:d9:29:cc:6a:
                    38:c4:3e:31:b6:79:fa:d7:85:d3:c4:6b:b4:fd:c6:
                    19:3d:9c:d7:de:c3:2f:bb:f5:e3:b7:6e:b9:19:9a:
                    6b:70:39:65:d1:55:41:3f:6b:f7:e2:44:2a:94:0b:
                    7a:1d:8c:ae:c4:e6:e6:b3:91:79:23:1b:bf:cc:ae:
                    40:90:85:da:ae:8f:93:c8:94:9a:64:b3:73:b5:c6:
                    c6:8a:de:c0:dc:83:24:a0:68:20:11:89:aa:e4:56:
                    8c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:95:E3:34:05:6D:3F:B8:54:13:A6:0B:37:49:89:E9:F8:22:AD:23
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS147060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:5e:8f:0e:4e:04:c4:7d:29:2e:38:d0:5b:05:4f:d0:98:fb:
         73:05:a1:74:a4:c0:c7:aa:22:bd:66:91:d2:76:78:3c:9b:30:
         bf:c6:33:0e:97:71:7c:48:19:30:00:ae:90:b9:37:75:9c:bb:
         c7:47:be:79:b4:a8:86:6f:cb:17:90:ab:f0:71:d0:e9:f9:3a:
         b0:eb:8e:92:94:63:27:49:fe:73:ec:9e:d3:b7:18:ff:54:27:
         62:2c:27:cd:1b:4d:30:29:64:a1:07:4e:b9:d6:bb:13:8c:0c:
         88:b0:03:d2:a2:a8:9a:9d:b9:ae:e6:26:bb:b3:d9:10:51:94:
         2f:35:5b:aa:78:44:59:a0:5d:71:81:34:63:bb:a5:dd:7b:8c:
         c8:2d:9e:94:dc:ba:12:1a:33:a3:ac:21:5a:97:d1:4c:97:73:
         e6:e7:6e:bc:9a:b2:91:3b:ac:20:8c:70:12:36:5a:1c:f9:79:
         02:48:e0:e8:4b:68:aa:ad:1b:40:30:f2:1b:a2:6f:d0:ac:60:
         43:e7:c7:24:db:ed:8d:f5:ba:67:ee:96:fb:83:76:9d:51:cb:
         17:a6:30:45:bf:b5:9e:f6:9d:0a:32:57:43:2e:2c:7b:b0:91:
         1b:bd:1a:1b:ec:6c:e3:1d:06:89:b9:9a:d1:07:40:6c:b7:4a:
         cc:32:76:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVFtE0p7+H/xC0lRy9nNDPCJbnbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDEwODIwMTVaFw0yNjA5MzAwODI1MTVaMDMxMTAvBgNV
BAMTKEI5OTVFMzM0MDU2RDNGQjg1NDEzQTYwQjM3NDk4OUU5RjgyMkFEMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIvyBT8q6qqSZbqIZfXFxspzlQ
ptaNafvxuYjuIUh7Uy9/wo0/e/nvQgtoUTlYpedkMcyutiJ8ZT2UB+VU48jzTpjs
RVOQslLSIFQn1QKpIh02O9dnzlVNohJ2fyoLQ376bq/wlwiNsxvdlw9I620jctpf
wHbvQR261ewAg6X+LVYUr34+vGoB7qgliz1+m84CFgoGWgxM1Bl5FO0wyLIa2SnM
ajjEPjG2efrXhdPEa7T9xhk9nNfewy+79eO3brkZmmtwOWXRVUE/a/fiRCqUC3od
jK7E5uazkXkjG7/MrkCQhdquj5PIlJpks3O1xsaK3sDcgySgaCARiarkVozBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuZXjNAVtP7hUE6YLN0mJ6fgirSMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTQ3MDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08D
MA0GCSqGSIb3DQEBCwUAA4IBAQBUXo8OTgTEfSkuONBbBU/QmPtzBaF0pMDHqiK9
ZpHSdng8mzC/xjMOl3F8SBkwAK6QuTd1nLvHR755tKiGb8sXkKvwcdDp+Tqw646S
lGMnSf5z7J7Ttxj/VCdiLCfNG00wKWShB0651rsTjAyIsAPSoqianbmu5ia7s9kQ
UZQvNVuqeERZoF1xgTRju6Xde4zILZ6U3LoSGjOjrCFal9FMl3Pm5268mrKRO6wg
jHASNloc+XkCSODoS2iqrRtAMPIbom/QrGBD58ck2+2N9bpn7pb7g3adUcsXpjBF
v7We9p0KMldDLix7sJEbvRob7GzjHQaJuZrRB0Bst0rMMnZb
-----END CERTIFICATE-----
Generated at Tue Oct 21 11:01:42 2025 by rpki-client