Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          nnAD+N9CXdDhs+A3/v87AfNuGZTGikxUV2OTNuueoUE=
Subject key identifier:   58:48:7B:FD:54:1A:C4:5C:A3:4D:99:80:23:70:CF:92:8B:A3:05:C6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2CB02DA82CA9F9D7EFD03B3C2EB20E0CB6A6A223
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa
Signing time:             Fri 04 Jul 2025 04:50:44 +0000
ROA not before:           Fri 04 Jul 2025 04:45:44 +0000
ROA not after:            Fri 03 Jul 2026 04:50:44 +0000
asID:                     152868
IP address blocks:        96.62.220.0/24 maxlen: 24
                          155.117.79.0/24 maxlen: 24
                          155.117.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:b0:2d:a8:2c:a9:f9:d7:ef:d0:3b:3c:2e:b2:0e:0c:b6:a6:a2:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  4 04:45:44 2025 GMT
            Not After : Jul  3 04:50:44 2026 GMT
        Subject: CN=58487BFD541AC45CA34D99802370CF928BA305C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:4b:ef:7b:e4:46:26:59:af:97:52:2c:0d:fa:
                    64:54:1a:a1:2b:93:8b:b1:88:84:d0:eb:b8:42:29:
                    4d:e5:f9:09:4f:d1:86:e5:42:18:51:41:d3:0d:1e:
                    87:c0:2a:42:2f:3f:26:a8:12:bf:26:0c:e5:9c:00:
                    06:6f:1f:36:c8:3c:d2:52:a2:f9:39:f9:f5:a0:98:
                    41:c7:91:c8:10:24:cd:07:6d:18:1d:7a:9c:79:d7:
                    56:90:ac:d0:3e:ae:45:bf:fb:72:44:c1:3a:01:c9:
                    9f:34:45:ef:68:59:ee:1b:eb:b1:76:7e:4a:3a:16:
                    31:3b:ad:f4:30:d1:01:fd:e3:0d:77:1c:ca:79:33:
                    05:5b:ab:e9:89:25:50:02:3a:74:10:c7:72:f8:f6:
                    7c:29:4e:bc:38:64:98:a3:6c:3a:cf:84:0a:0f:24:
                    c5:ac:35:5f:b4:51:f5:d4:fd:23:d6:e2:04:81:ad:
                    3c:33:1a:2a:49:5b:3d:0b:8a:bf:cc:c9:1b:a7:d2:
                    28:b6:12:57:a1:f5:b5:73:9f:e2:a5:8b:3b:0b:3f:
                    d3:41:11:85:01:e5:ec:54:2d:e3:40:35:51:6b:1b:
                    d4:13:b4:28:e1:4e:15:cd:2e:44:da:29:be:ac:e9:
                    3d:e5:ea:90:e4:85:78:82:39:fe:df:60:c0:68:1a:
                    2e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:48:7B:FD:54:1A:C4:5C:A3:4D:99:80:23:70:CF:92:8B:A3:05:C6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.220.0/24
                  155.117.79.0/24
                  155.117.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:b9:18:ea:c8:d0:33:6a:86:5c:28:20:29:e9:5d:68:a2:73:
         df:9c:53:41:99:8e:ed:c9:a5:12:3a:c1:2c:8e:e7:15:7d:75:
         b5:a5:be:e4:c2:74:50:3a:a6:0c:9d:4d:70:40:c4:2c:66:53:
         3e:8d:1f:50:0b:04:b2:ec:e1:c2:b9:e4:d5:44:2c:0f:1d:c6:
         e5:c0:59:19:af:cc:dd:a7:45:c6:e6:25:45:16:07:83:eb:28:
         b7:0d:6c:20:0d:63:9b:c9:52:3e:ec:38:64:53:be:76:05:27:
         fa:30:06:49:50:93:c9:44:54:0a:b6:cc:6e:0b:6f:0d:3f:73:
         48:0f:c8:62:4e:bf:9a:3b:a5:cd:af:59:6a:84:75:54:da:ab:
         18:de:f4:42:06:1f:d0:5c:b8:2d:ac:37:23:ca:27:8c:29:4a:
         cb:0d:2d:a4:ee:13:fb:45:3b:00:ed:93:19:6f:7b:46:13:ef:
         d0:71:2c:75:d5:42:c2:43:5e:54:2d:ff:3f:f8:e1:38:02:86:
         a5:03:5b:e5:da:60:89:77:88:56:5d:54:30:c4:4a:f6:27:59:
         a3:b0:32:a2:0e:00:dc:f5:3f:07:9f:63:31:c7:31:88:e3:86:
         1d:b2:bd:d5:ad:34:33:93:c6:37:16:ad:02:fe:a4:65:7f:b6:
         fa:87:a6:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIULLAtqCyp+dfv0Ds8LrIODLamoiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDQwNDQ1NDRaFw0yNjA3MDMwNDUwNDRaMDMxMTAvBgNV
BAMTKDU4NDg3QkZENTQxQUM0NUNBMzREOTk4MDIzNzBDRjkyOEJBMzA1QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrS+975EYmWa+XUiwN+mRUGqEr
k4uxiITQ67hCKU3l+QlP0YblQhhRQdMNHofAKkIvPyaoEr8mDOWcAAZvHzbIPNJS
ovk5+fWgmEHHkcgQJM0HbRgdepx511aQrNA+rkW/+3JEwToByZ80Re9oWe4b67F2
fko6FjE7rfQw0QH94w13HMp5MwVbq+mJJVACOnQQx3L49nwpTrw4ZJijbDrPhAoP
JMWsNV+0UfXU/SPW4gSBrTwzGipJWz0Lir/MyRun0ii2Eleh9bVzn+KlizsLP9NB
EYUB5exULeNANVFrG9QTtCjhThXNLkTaKb6s6T3l6pDkhXiCOf7fYMBoGi57AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUWEh7/VQaxFyjTZmAI3DPkoujBcYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAYD7c
AwQAm3VPAwQAm3V3MA0GCSqGSIb3DQEBCwUAA4IBAQCzuRjqyNAzaoZcKCAp6V1o
onPfnFNBmY7tyaUSOsEsjucVfXW1pb7kwnRQOqYMnU1wQMQsZlM+jR9QCwSy7OHC
ueTVRCwPHcblwFkZr8zdp0XG5iVFFgeD6yi3DWwgDWObyVI+7DhkU752BSf6MAZJ
UJPJRFQKtsxuC28NP3NID8hiTr+aO6XNr1lqhHVU2qsY3vRCBh/QXLgtrDcjyieM
KUrLDS2k7hP7RTsA7ZMZb3tGE+/QcSx11ULCQ15ULf8/+OE4AoalA1vl2mCJd4hW
XVQwxEr2J1mjsDKiDgDc9T8Hn2MxxzGI44Ydsr3VrTQzk8Y3Fq0C/qRlf7b6h6b8
-----END CERTIFICATE-----