Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153671.roa
File:                     AS153671.roa (raw, json)
Hash identifier:          XMmUqPcWT0ITMm1GZhgmJ9OpZMidF3eM20GwgpRs5c8=
Subject key identifier:   77:23:B8:B4:E7:4D:53:0C:90:81:C9:18:CC:E0:7B:BA:2B:26:B7:62
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2B9BA6223E00F6003235AB96D233762A4DB884A7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153671.roa
Signing time:             Thu 21 May 2026 06:28:59 +0000
ROA not before:           Thu 21 May 2026 06:23:59 +0000
ROA not after:            Thu 20 May 2027 06:28:59 +0000
asID:                     153671
IP address blocks:        162.141.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:9b:a6:22:3e:00:f6:00:32:35:ab:96:d2:33:76:2a:4d:b8:84:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 21 06:23:59 2026 GMT
            Not After : May 20 06:28:59 2027 GMT
        Subject: CN=7723B8B4E74D530C9081C918CCE07BBA2B26B762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:9f:58:7e:cf:18:76:4f:75:0f:49:e1:bb:
                    60:7e:f2:b8:fe:71:c1:e4:23:bb:c0:6d:05:fd:10:
                    14:ce:e2:f8:85:06:38:87:e9:5d:58:24:51:df:3f:
                    76:9f:62:26:a6:fa:58:52:9b:7a:b4:57:7b:57:98:
                    08:77:67:24:28:b8:d9:c0:de:47:82:1f:81:f3:cd:
                    2f:91:fb:28:d8:8c:6a:eb:5c:65:1a:c3:61:c9:00:
                    22:1b:58:91:af:73:49:fa:ba:38:e1:72:22:23:dd:
                    f8:84:55:63:a6:ea:ad:31:b8:4b:56:64:0a:96:52:
                    63:a0:84:91:53:6d:3e:d4:7a:d9:e6:9b:95:89:60:
                    75:df:ec:6f:18:a5:bd:ac:81:25:32:65:db:ea:ff:
                    79:8b:7c:ef:af:06:94:37:28:ab:57:26:4a:0d:5c:
                    c8:9f:8a:57:42:0e:9c:f3:2a:06:f7:a0:3f:40:af:
                    f5:c1:3b:19:de:5b:c5:cd:f4:ac:18:40:55:dd:32:
                    ad:9b:9b:f1:79:3a:3f:71:bd:20:74:bf:70:3f:18:
                    a6:19:81:69:5a:21:61:bc:93:be:16:00:32:1e:d0:
                    79:10:4e:56:23:d0:89:7c:7d:7e:08:ce:43:1e:cf:
                    68:64:43:77:dc:65:cd:79:a7:e7:22:d9:33:24:72:
                    a5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:23:B8:B4:E7:4D:53:0C:90:81:C9:18:CC:E0:7B:BA:2B:26:B7:62
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153671.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:fc:5f:98:5e:85:67:42:dc:c4:ff:03:16:a6:96:1c:fa:ba:
         ad:56:fb:9a:71:53:3f:46:19:02:5d:24:87:67:53:63:ff:4d:
         ff:8c:61:dd:4f:d9:87:82:99:0a:39:53:d8:49:b7:2a:6e:4a:
         d2:a3:2b:70:a8:62:27:b3:ea:d8:fd:32:0a:42:f8:50:9d:53:
         41:cb:6b:17:ac:a7:8d:5c:ca:28:3a:47:d6:50:e4:08:6e:22:
         ba:3d:c9:99:12:f0:6c:66:a8:39:af:18:c4:ef:52:76:72:10:
         63:e0:96:7d:ec:b0:0c:56:45:e1:3d:54:77:46:3d:a5:8a:ae:
         88:78:b3:33:68:a0:49:9d:63:37:0e:04:81:da:6f:95:0f:5a:
         8d:e5:81:be:2c:2f:2b:30:c4:88:c7:02:19:2b:f2:24:28:38:
         e7:51:36:cf:b1:65:f2:d2:47:53:92:59:42:63:a5:e2:b2:fd:
         ee:ad:bf:f6:4b:0e:d6:aa:55:35:76:03:ac:de:1a:a5:f3:30:
         e4:d8:6d:b7:f8:16:db:66:0b:ef:5c:df:7a:8b:87:b9:8f:8e:
         dd:cd:aa:e9:60:48:de:4d:21:f3:e5:48:fb:56:b4:5a:7c:44:
         88:4f:9a:3d:62:72:0d:03:a4:fa:d5:ae:dd:5d:40:3e:09:06:
         7f:1e:5d:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK5umIj4A9gAyNauW0jN2Kk24hKcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjEwNjIzNTlaFw0yNzA1MjAwNjI4NTlaMDMxMTAvBgNV
BAMTKDc3MjNCOEI0RTc0RDUzMEM5MDgxQzkxOENDRTA3QkJBMkIyNkI3NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCep9Yfs8Ydk91D0nhu2B+8rj+
ccHkI7vAbQX9EBTO4viFBjiH6V1YJFHfP3afYiam+lhSm3q0V3tXmAh3ZyQouNnA
3keCH4HzzS+R+yjYjGrrXGUaw2HJACIbWJGvc0n6ujjhciIj3fiEVWOm6q0xuEtW
ZAqWUmOghJFTbT7Uetnmm5WJYHXf7G8Ypb2sgSUyZdvq/3mLfO+vBpQ3KKtXJkoN
XMifildCDpzzKgb3oD9Ar/XBOxneW8XN9KwYQFXdMq2bm/F5Oj9xvSB0v3A/GKYZ
gWlaIWG8k74WADIe0HkQTlYj0Il8fX4IzkMez2hkQ3fcZc15p+ci2TMkcqXzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdyO4tOdNUwyQgckYzOB7uismt2IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNjcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo0B
MA0GCSqGSIb3DQEBCwUAA4IBAQBr/F+YXoVnQtzE/wMWppYc+rqtVvuacVM/RhkC
XSSHZ1Nj/03/jGHdT9mHgpkKOVPYSbcqbkrSoytwqGIns+rY/TIKQvhQnVNBy2sX
rKeNXMooOkfWUOQIbiK6PcmZEvBsZqg5rxjE71J2chBj4JZ97LAMVkXhPVR3Rj2l
iq6IeLMzaKBJnWM3DgSB2m+VD1qN5YG+LC8rMMSIxwIZK/IkKDjnUTbPsWXy0kdT
kllCY6Xisv3urb/2Sw7WqlU1dgOs3hql8zDk2G23+BbbZgvvXN96i4e5j47dzarp
YEjeTSHz5Uj7VrRafESIT5o9YnINA6T61a7dXUA+CQZ/Hl3o
-----END CERTIFICATE-----