Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa
File:                     AS153622.roa (raw, json)
Hash identifier:          gd9bUI1C475T1tpMKsS+aP2zUIyti6jPFgWk8Z04oQg=
Subject key identifier:   F5:89:A4:2A:87:7D:23:B4:A8:BD:67:88:97:2D:F6:1D:D6:5C:9B:DB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5019517B2B337572627BCEC168DAAA5222ABD36F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa
Signing time:             Fri 29 May 2026 17:16:42 +0000
ROA not before:           Fri 29 May 2026 17:11:42 +0000
ROA not after:            Fri 28 May 2027 17:16:42 +0000
asID:                     153622
IP address blocks:        143.14.91.0/24 maxlen: 24
                          155.117.136.0/24 maxlen: 24
                          168.222.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:19:51:7b:2b:33:75:72:62:7b:ce:c1:68:da:aa:52:22:ab:d3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 29 17:11:42 2026 GMT
            Not After : May 28 17:16:42 2027 GMT
        Subject: CN=F589A42A877D23B4A8BD6788972DF61DD65C9BDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:29:b4:8f:90:20:3e:e4:f7:cf:27:db:3e:60:
                    bb:ec:58:32:33:d6:8d:3a:24:6b:ec:17:cc:f5:e4:
                    85:78:89:40:a1:07:24:62:9e:0d:df:fa:d0:ac:4f:
                    5b:4b:de:aa:3c:a8:ff:f6:c7:d2:93:2b:b1:20:2f:
                    a3:0b:8d:73:29:48:67:30:5b:22:f9:b5:ce:48:b3:
                    c5:27:ea:bb:0d:5c:59:41:05:40:12:6e:a7:f8:28:
                    b7:40:96:9e:d5:8d:ba:e1:67:ab:e9:bd:8c:e2:f9:
                    39:e4:a5:99:43:d2:6a:a7:a3:06:37:55:b8:7e:56:
                    1f:05:8a:4a:ca:a0:c4:e6:5c:35:ac:ce:f4:9c:81:
                    97:b1:cd:e6:5c:bc:47:11:e4:dd:2e:82:ac:49:38:
                    97:74:4f:12:19:7d:1e:3b:a4:50:b3:08:ee:61:44:
                    0c:93:60:b2:0e:ed:b7:23:97:e1:04:a0:82:14:95:
                    b6:a9:18:33:2e:f0:1e:c3:ea:bf:68:e8:bd:89:88:
                    a1:c8:9d:d7:80:f6:36:fd:4f:ef:76:fb:de:df:27:
                    bc:75:f3:07:f2:50:af:a9:92:ad:07:51:e4:4f:24:
                    ce:72:75:73:2a:fa:67:4b:0a:0e:41:b3:b7:c8:fb:
                    b8:37:c3:91:2c:57:e8:b5:68:7e:7f:22:07:c6:ed:
                    ba:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:89:A4:2A:87:7D:23:B4:A8:BD:67:88:97:2D:F6:1D:D6:5C:9B:DB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.91.0/24
                  155.117.136.0/24
                  168.222.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:cd:5e:ea:85:da:12:8d:20:a7:98:d4:9b:bf:d4:e5:84:86:
         24:9e:cd:b0:70:b9:c8:12:56:94:ae:03:b9:17:45:6c:ce:19:
         94:e2:35:7a:ea:04:d3:81:80:c3:5e:00:16:04:9e:e5:98:20:
         b6:c3:ec:86:61:75:6e:2f:c0:8f:d5:a0:61:3b:77:2a:fd:27:
         16:5e:fe:cf:a9:d4:ce:51:fc:9f:95:73:02:05:41:55:a8:3e:
         9a:fb:3b:c0:0b:35:18:8a:90:06:2b:68:9d:b9:54:a6:bc:78:
         fc:19:38:7b:52:32:38:61:1d:b2:74:7f:0a:95:f4:5b:fc:a1:
         f9:80:72:6a:80:2d:53:52:f6:08:a2:38:35:57:ea:bc:af:df:
         39:96:76:4b:4a:03:38:0e:a7:26:c0:7a:e6:e7:7f:e0:92:00:
         31:f2:ac:f3:ad:19:be:e7:c8:d8:94:aa:61:a6:ae:01:66:c5:
         52:ab:99:5f:d2:77:7d:6e:3e:7b:d4:7f:bc:ca:52:07:af:ff:
         ae:20:c1:11:06:be:f8:f9:f4:32:76:9e:be:74:c8:49:d5:38:
         74:2a:79:00:19:01:35:4d:b6:6c:25:88:ab:4a:7d:77:77:46:
         1a:84:5c:f3:4d:d8:63:11:f8:ff:90:84:6c:3e:7f:ad:a7:15:
         0c:57:69:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUUBlReyszdXJie87BaNqqUiKr028wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjkxNzExNDJaFw0yNzA1MjgxNzE2NDJaMDMxMTAvBgNV
BAMTKEY1ODlBNDJBODc3RDIzQjRBOEJENjc4ODk3MkRGNjFERDY1QzlCREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3KbSPkCA+5PfPJ9s+YLvsWDIz
1o06JGvsF8z15IV4iUChByRing3f+tCsT1tL3qo8qP/2x9KTK7EgL6MLjXMpSGcw
WyL5tc5Is8Un6rsNXFlBBUASbqf4KLdAlp7VjbrhZ6vpvYzi+TnkpZlD0mqnowY3
Vbh+Vh8FikrKoMTmXDWszvScgZexzeZcvEcR5N0ugqxJOJd0TxIZfR47pFCzCO5h
RAyTYLIO7bcjl+EEoIIUlbapGDMu8B7D6r9o6L2JiKHIndeA9jb9T+92+97fJ7x1
8wfyUK+pkq0HUeRPJM5ydXMq+mdLCg5Bs7fI+7g3w5EsV+i1aH5/IgfG7br7AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU9YmkKod9I7SovWeIly32HdZcm9swHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNjIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw5b
AwQAm3WIAwQAqN4pMA0GCSqGSIb3DQEBCwUAA4IBAQAEzV7qhdoSjSCnmNSbv9Tl
hIYkns2wcLnIElaUrgO5F0VszhmU4jV66gTTgYDDXgAWBJ7lmCC2w+yGYXVuL8CP
1aBhO3cq/ScWXv7PqdTOUfyflXMCBUFVqD6a+zvACzUYipAGK2iduVSmvHj8GTh7
UjI4YR2ydH8KlfRb/KH5gHJqgC1TUvYIojg1V+q8r985lnZLSgM4DqcmwHrm53/g
kgAx8qzzrRm+58jYlKphpq4BZsVSq5lf0nd9bj571H+8ylIHr/+uIMERBr74+fQy
dp6+dMhJ1Th0KnkAGQE1TbZsJYirSn13d0YahFzzTdhjEfj/kIRsPn+tpxUMV2li
-----END CERTIFICATE-----