Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153169.roa
File:                     AS153169.roa (raw, json)
Hash identifier:          yY0sgvZk8S6KnuZEiNcgKJgIqnKTP4EktVtvSiBH1qU=
Subject key identifier:   4E:92:0A:12:42:33:3B:A8:C4:1E:CD:EA:07:F9:2A:85:BB:46:19:CB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       44D612C429436F6B47A4C2222F217096209DCE69
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153169.roa
Signing time:             Mon 22 Jun 2026 08:15:09 +0000
ROA not before:           Mon 22 Jun 2026 08:10:09 +0000
ROA not after:            Mon 21 Jun 2027 08:15:09 +0000
asID:                     153169
IP address blocks:        167.148.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Jul 2026 13:46:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d6:12:c4:29:43:6f:6b:47:a4:c2:22:2f:21:70:96:20:9d:ce:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 22 08:10:09 2026 GMT
            Not After : Jun 21 08:15:09 2027 GMT
        Subject: CN=4E920A1242333BA8C41ECDEA07F92A85BB4619CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e3:4a:00:0f:68:ef:3e:82:dd:35:5f:0c:47:
                    15:5c:e5:16:37:5e:40:a6:5c:6d:98:7c:dd:6e:9d:
                    25:aa:c5:9e:9e:9a:6c:be:55:60:8f:54:4c:46:3e:
                    f3:df:d0:31:f3:39:7c:c9:30:46:58:3c:86:ac:4a:
                    e7:e5:5f:14:d6:36:1a:ae:5c:b3:bc:4a:df:22:16:
                    f9:e1:67:2e:92:a9:1b:20:28:d0:41:80:97:3b:71:
                    a9:b1:36:66:7d:c2:9e:76:2d:bb:2c:43:06:88:fa:
                    85:2d:1e:5d:34:9e:2c:da:27:19:8a:39:0f:c2:ed:
                    01:02:98:55:f3:f5:f2:39:be:50:b3:1e:4c:35:f6:
                    5f:8c:21:96:d5:8e:90:7c:a8:8a:a0:51:d6:e1:2b:
                    09:c6:ba:b2:9b:c6:2d:a0:98:56:12:ce:a9:5a:30:
                    19:e0:c5:78:56:e0:dd:bb:0c:8a:1c:f7:d8:71:9f:
                    66:5f:07:4b:73:64:b3:e0:d2:6b:9f:11:68:bb:43:
                    1c:46:80:a5:1c:67:16:bb:74:13:d0:7f:9d:ee:2c:
                    ec:e4:7a:41:c3:37:1c:d8:d4:b2:b8:d3:95:cd:3e:
                    c4:db:fa:cd:06:b0:ad:e2:9f:7b:50:47:28:f5:2d:
                    98:09:b8:72:97:bc:ad:bd:48:b1:25:d1:c2:b1:31:
                    c2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:92:0A:12:42:33:3B:A8:C4:1E:CD:EA:07:F9:2A:85:BB:46:19:CB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8c:cb:07:25:f4:fe:b0:ed:4f:e1:8b:46:26:22:e3:25:48:
         e2:6e:07:14:c6:f7:e8:0c:af:ca:10:bf:27:09:17:6c:09:d4:
         fc:8e:4a:06:e8:51:79:7b:07:94:7a:6f:49:25:e0:1e:8c:be:
         bb:a3:93:93:58:29:87:67:25:ce:d6:ba:43:ba:82:fb:db:a9:
         dd:70:d5:7d:91:bb:42:12:46:58:07:35:75:8b:a2:bf:47:21:
         3d:19:dd:dc:48:95:66:75:a2:3a:1d:a1:3c:1a:da:a7:83:32:
         b4:e6:32:63:94:04:d5:e6:47:79:36:f6:32:e1:4d:70:d1:04:
         ea:98:e1:0c:ef:7c:cc:7e:f8:e3:14:db:0d:62:4f:65:f5:6a:
         94:2b:b1:3d:2b:c3:0c:6b:4c:f0:7c:0e:32:34:0e:c3:51:a2:
         8d:78:1f:f5:3b:c7:80:d9:62:37:fb:f6:74:32:cf:0c:6d:00:
         4b:ec:4b:73:8e:2a:fb:a7:45:60:ce:73:43:63:a9:7b:a0:eb:
         a3:cc:67:7b:e9:9b:44:ab:4c:44:85:f1:fb:09:3e:5e:c4:ac:
         d9:ca:db:83:2c:e0:73:68:ad:1b:1a:ec:58:d3:e6:39:1d:0c:
         c4:ab:2f:f6:69:a1:fc:ec:e7:56:a4:94:0c:50:47:73:b7:25:
         d3:34:9c:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURNYSxClDb2tHpMIiLyFwliCdzmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MjIwODEwMDlaFw0yNzA2MjEwODE1MDlaMDMxMTAvBgNV
BAMTKDRFOTIwQTEyNDIzMzNCQThDNDFFQ0RFQTA3RjkyQTg1QkI0NjE5Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe40oAD2jvPoLdNV8MRxVc5RY3
XkCmXG2YfN1unSWqxZ6emmy+VWCPVExGPvPf0DHzOXzJMEZYPIasSuflXxTWNhqu
XLO8St8iFvnhZy6SqRsgKNBBgJc7camxNmZ9wp52LbssQwaI+oUtHl00nizaJxmK
OQ/C7QECmFXz9fI5vlCzHkw19l+MIZbVjpB8qIqgUdbhKwnGurKbxi2gmFYSzqla
MBngxXhW4N27DIoc99hxn2ZfB0tzZLPg0mufEWi7QxxGgKUcZxa7dBPQf53uLOzk
ekHDNxzY1LK405XNPsTb+s0GsK3in3tQRyj1LZgJuHKXvK29SLEl0cKxMcJrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTpIKEkIzO6jEHs3qB/kqhbtGGcswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzMTY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5RV
MA0GCSqGSIb3DQEBCwUAA4IBAQB3jMsHJfT+sO1P4YtGJiLjJUjibgcUxvfoDK/K
EL8nCRdsCdT8jkoG6FF5eweUem9JJeAejL67o5OTWCmHZyXO1rpDuoL726ndcNV9
kbtCEkZYBzV1i6K/RyE9Gd3cSJVmdaI6HaE8GtqngzK05jJjlATV5kd5NvYy4U1w
0QTqmOEM73zMfvjjFNsNYk9l9WqUK7E9K8MMa0zwfA4yNA7DUaKNeB/1O8eA2WI3
+/Z0Ms8MbQBL7Etzjir7p0VgznNDY6l7oOujzGd76ZtEq0xEhfH7CT5exKzZytuD
LOBzaK0bGuxY0+Y5HQzEqy/2aaH87OdWpJQMUEdztyXTNJwI
-----END CERTIFICATE-----
Generated at Fri Jul 10 23:52:50 2026 by rpki-client