Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153568.roa
File:                     AS153568.roa (raw, json)
Hash identifier:          98hR0svQOhzAW8OEylcfNVrHnqWt6JPigT1gSZncMgc=
Subject key identifier:   34:7E:A8:04:DF:7A:BE:E3:4D:40:B4:43:79:BB:A3:1C:DE:AB:AB:9C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       499E6D5B43FEE00199E71769DCCE949A103AE3E9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153568.roa
Signing time:             Wed 20 May 2026 11:18:44 +0000
ROA not before:           Wed 20 May 2026 11:13:44 +0000
ROA not after:            Wed 19 May 2027 11:18:44 +0000
asID:                     153568
IP address blocks:        150.241.209.0/24 maxlen: 24
                          155.117.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:9e:6d:5b:43:fe:e0:01:99:e7:17:69:dc:ce:94:9a:10:3a:e3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 11:13:44 2026 GMT
            Not After : May 19 11:18:44 2027 GMT
        Subject: CN=347EA804DF7ABEE34D40B44379BBA31CDEABAB9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c9:96:6e:5e:5f:89:f5:96:f3:59:7a:2a:43:
                    c8:50:58:4a:c0:53:1f:75:8e:ba:79:f1:61:df:cf:
                    4b:fe:e9:0c:34:2c:1f:17:6c:27:52:38:cf:5a:35:
                    9b:6e:da:bb:22:03:a2:5d:bc:0f:6e:fc:dd:22:98:
                    c8:de:a3:9a:83:d7:4e:5e:4c:2f:50:13:3a:7e:4a:
                    e1:36:2f:22:67:f7:e4:dc:32:23:f3:10:74:e4:de:
                    e0:0f:c1:30:a2:00:81:22:b8:1f:6a:9b:e8:71:8b:
                    4f:e3:9c:a4:41:d9:21:cf:8e:33:e4:98:30:82:a6:
                    bb:bd:d1:68:46:ca:30:6d:5c:de:7a:5f:70:26:13:
                    6c:78:1e:a8:2d:9c:a5:23:e0:a3:42:83:7a:8f:5d:
                    78:83:4f:ff:82:24:7d:07:94:1b:d1:6d:09:14:c9:
                    7a:be:cc:d6:94:e8:a4:5c:82:ad:da:8e:24:3c:fe:
                    ab:32:01:84:5e:b7:b6:7b:21:ae:83:2a:99:92:cb:
                    85:40:9c:e8:6c:92:1c:db:67:70:6d:94:88:f3:a6:
                    f5:99:24:0d:ad:a6:73:3f:1f:1c:45:8b:be:93:53:
                    69:c7:19:d6:2c:55:e7:05:fb:53:90:dd:7f:21:2a:
                    0e:f9:a5:9f:f2:a3:b5:ce:2a:2c:38:8e:43:b8:99:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:7E:A8:04:DF:7A:BE:E3:4D:40:B4:43:79:BB:A3:1C:DE:AB:AB:9C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153568.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.209.0/24
                  155.117.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:c3:7c:e9:c2:82:cf:ee:61:82:01:f1:1c:82:36:af:a6:31:
         68:34:99:10:09:8d:1e:87:ae:0f:ed:06:c4:e6:2a:44:86:5c:
         b0:f2:21:ce:07:8f:04:eb:8e:74:98:9e:c1:8e:42:2d:5a:74:
         a6:96:a5:cc:c1:25:4f:7d:40:c7:32:99:a3:ef:95:03:18:f7:
         fe:67:0d:68:42:c8:b6:27:8e:d0:ad:8c:3e:5a:3b:e4:8c:66:
         2b:4c:0c:e4:ea:f8:20:d2:eb:ae:73:7f:05:14:9b:87:d5:4d:
         e9:d5:d0:35:c1:79:5a:f9:6e:21:d6:cb:73:fc:9d:c8:cf:fd:
         d7:dd:17:b8:c5:b3:dc:55:e5:62:84:54:24:69:cb:54:6b:b2:
         06:ac:a3:96:fb:dd:b1:57:47:dc:77:04:6a:6e:07:a4:07:3d:
         6f:49:1c:2c:98:92:fc:74:a4:a8:20:da:96:2d:13:c8:b3:02:
         76:7c:1d:75:bd:db:78:c9:55:37:f8:ce:dd:b4:ee:7d:51:ff:
         c1:b4:67:d5:08:44:e6:0b:c0:0b:48:1a:a5:36:7e:51:c2:e2:
         5c:70:89:b9:05:50:80:6a:4a:33:12:ab:94:56:aa:e8:2c:52:
         fd:5f:15:06:de:bb:97:f0:43:e7:b7:c2:42:17:43:47:d8:9c:
         ca:95:57:33
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUSZ5tW0P+4AGZ5xdp3M6UmhA64+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAxMTEzNDRaFw0yNzA1MTkxMTE4NDRaMDMxMTAvBgNV
BAMTKDM0N0VBODA0REY3QUJFRTM0RDQwQjQ0Mzc5QkJBMzFDREVBQkFCOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOyZZuXl+J9ZbzWXoqQ8hQWErA
Ux91jrp58WHfz0v+6Qw0LB8XbCdSOM9aNZtu2rsiA6JdvA9u/N0imMjeo5qD105e
TC9QEzp+SuE2LyJn9+TcMiPzEHTk3uAPwTCiAIEiuB9qm+hxi0/jnKRB2SHPjjPk
mDCCpru90WhGyjBtXN56X3AmE2x4HqgtnKUj4KNCg3qPXXiDT/+CJH0HlBvRbQkU
yXq+zNaU6KRcgq3ajiQ8/qsyAYRet7Z7Ia6DKpmSy4VAnOhskhzbZ3BtlIjzpvWZ
JA2tpnM/HxxFi76TU2nHGdYsVecF+1OQ3X8hKg75pZ/yo7XOKiw4jkO4me/XAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUNH6oBN96vuNNQLRDebujHN6rq5wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAlvHR
AwQAm3UQMA0GCSqGSIb3DQEBCwUAA4IBAQCLw3zpwoLP7mGCAfEcgjavpjFoNJkQ
CY0eh64P7QbE5ipEhlyw8iHOB48E6450mJ7BjkItWnSmlqXMwSVPfUDHMpmj75UD
GPf+Zw1oQsi2J47QrYw+WjvkjGYrTAzk6vgg0uuuc38FFJuH1U3p1dA1wXla+W4h
1stz/J3Iz/3X3Re4xbPcVeVihFQkactUa7IGrKOW+92xV0fcdwRqbgekBz1vSRws
mJL8dKSoINqWLRPIswJ2fB11vdt4yVU3+M7dtO59Uf/BtGfVCETmC8ALSBqlNn5R
wuJccIm5BVCAakozEquUVqroLFL9XxUG3ruX8EPnt8JCF0NH2JzKlVcz
-----END CERTIFICATE-----