Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          SNafQLLnUJ4tw5uOg2VJsiHyDU7qpMZ/9Cx9m7jT82o=
Subject key identifier:   21:3F:B8:A6:7B:6D:94:E3:AA:05:C5:13:B2:29:FE:35:A2:0B:6A:F1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       09676E2A22A0A9F042E67BE956FDDFDEE191401C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa
Signing time:             Tue 11 Feb 2025 15:09:59 +0000
ROA not before:           Tue 11 Feb 2025 15:04:59 +0000
ROA not after:            Tue 10 Feb 2026 15:09:59 +0000
asID:                     151338
IP address blocks:        150.241.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:67:6e:2a:22:a0:a9:f0:42:e6:7b:e9:56:fd:df:de:e1:91:40:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 11 15:04:59 2025 GMT
            Not After : Feb 10 15:09:59 2026 GMT
        Subject: CN=213FB8A67B6D94E3AA05C513B229FE35A20B6AF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b8:31:a7:c4:8f:07:86:d5:50:98:ae:14:35:
                    26:13:aa:82:c2:3c:a7:c3:df:4f:d2:30:57:1d:01:
                    a1:ca:fd:6d:37:35:e1:c5:82:73:cc:93:77:5c:63:
                    f9:c1:0d:8d:11:0f:16:fb:f8:eb:76:6e:6a:f1:20:
                    f6:0a:75:63:3f:d5:2b:93:9b:08:f6:52:11:cd:a0:
                    5e:10:06:87:9a:70:24:af:bf:f2:93:4b:fb:20:06:
                    ed:c9:bc:62:7d:35:48:2d:aa:7f:e9:77:b1:d8:23:
                    36:d0:45:4a:5c:dd:2b:ff:f6:46:04:11:55:ff:02:
                    2d:0e:fa:67:a6:fa:c6:23:29:d0:f8:e5:c4:42:32:
                    64:10:69:61:ad:cc:37:24:02:82:7e:4e:25:ed:70:
                    09:ea:d3:8f:eb:1b:31:65:76:12:6f:45:fe:b6:87:
                    e2:18:89:d9:ee:9b:08:c1:d3:83:79:8e:40:fd:ed:
                    82:38:f6:47:b2:4f:31:4d:bc:ff:21:19:c1:5e:e9:
                    c5:f1:d1:54:5f:f1:36:e5:b6:a9:66:b1:83:93:d9:
                    76:90:d1:99:5d:f1:7f:b1:e5:45:a6:9c:77:d4:d8:
                    e0:ce:41:e7:c3:f1:a8:68:c9:ff:cd:33:ba:f3:a5:
                    0f:72:31:6e:56:c9:20:4b:05:7b:09:1b:c6:03:41:
                    01:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3F:B8:A6:7B:6D:94:E3:AA:05:C5:13:B2:29:FE:35:A2:0B:6A:F1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:dc:1f:e8:42:cd:66:b8:71:b6:a6:e6:ab:9f:b8:d7:cd:9b:
         02:9b:19:d5:63:69:1c:4d:99:f6:d6:7a:5c:98:ee:ff:e4:9c:
         03:32:8b:f5:71:0f:9c:f4:7d:5b:68:5b:e4:40:48:4b:62:99:
         a5:69:cc:33:1c:4b:95:a7:78:03:f6:3b:54:d9:18:38:8a:42:
         82:2e:19:46:5f:c8:10:cf:f0:94:d7:98:04:63:14:ac:23:f1:
         61:16:3f:f7:9d:7c:13:eb:03:27:76:16:85:ac:eb:e7:54:1d:
         43:f8:ff:20:28:d0:40:66:6d:aa:4d:4b:97:39:5e:26:53:89:
         55:e4:25:6a:a9:08:70:4c:02:a4:84:59:60:73:b1:54:35:98:
         b8:96:69:db:3a:5c:0a:46:32:48:b9:df:20:0e:f3:2b:32:f4:
         f1:42:27:af:74:dc:c6:f6:3d:9d:57:20:ac:b8:43:74:13:30:
         05:6a:b4:d7:a8:43:6d:0d:30:f1:a1:0d:ca:ae:2a:3f:06:bf:
         58:45:36:65:e7:de:c6:11:ce:04:fe:0e:b2:ea:bb:c5:ee:57:
         a7:03:d4:2a:ec:33:a8:6a:86:a0:72:18:47:2a:e6:c1:31:33:
         85:1a:8e:aa:39:24:19:6b:7c:7d:25:d9:90:14:b3:5e:23:bf:
         4f:6a:9e:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCWduKiKgqfBC5nvpVv3f3uGRQBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAyMTExNTA0NTlaFw0yNjAyMTAxNTA5NTlaMDMxMTAvBgNV
BAMTKDIxM0ZCOEE2N0I2RDk0RTNBQTA1QzUxM0IyMjlGRTM1QTIwQjZBRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEuDGnxI8HhtVQmK4UNSYTqoLC
PKfD30/SMFcdAaHK/W03NeHFgnPMk3dcY/nBDY0RDxb7+Ot2bmrxIPYKdWM/1SuT
mwj2UhHNoF4QBoeacCSvv/KTS/sgBu3JvGJ9NUgtqn/pd7HYIzbQRUpc3Sv/9kYE
EVX/Ai0O+mem+sYjKdD45cRCMmQQaWGtzDckAoJ+TiXtcAnq04/rGzFldhJvRf62
h+IYidnumwjB04N5jkD97YI49keyTzFNvP8hGcFe6cXx0VRf8TbltqlmsYOT2XaQ
0Zld8X+x5UWmnHfU2ODOQefD8ahoyf/NM7rzpQ9yMW5WySBLBXsJG8YDQQFTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIT+4pnttlOOqBcUTsin+NaILavEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClvHM
MA0GCSqGSIb3DQEBCwUAA4IBAQAI3B/oQs1muHG2puarn7jXzZsCmxnVY2kcTZn2
1npcmO7/5JwDMov1cQ+c9H1baFvkQEhLYpmlacwzHEuVp3gD9jtU2Rg4ikKCLhlG
X8gQz/CU15gEYxSsI/FhFj/3nXwT6wMndhaFrOvnVB1D+P8gKNBAZm2qTUuXOV4m
U4lV5CVqqQhwTAKkhFlgc7FUNZi4lmnbOlwKRjJIud8gDvMrMvTxQievdNzG9j2d
VyCsuEN0EzAFarTXqENtDTDxoQ3Krio/Br9YRTZl597GEc4E/g6y6rvF7lenA9Qq
7DOoaoagchhHKubBMTOFGo6qOSQZa3x9JdmQFLNeI79Pap7L
-----END CERTIFICATE-----