Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa
File:                     AS153996.roa (raw, json)
Hash identifier:          Ke+P8k4CBCQGCUWXZdnVVCxqvfSJR8GZIr52KDP6pqw=
Subject key identifier:   B0:46:E6:45:3B:3D:A8:7A:87:5D:DF:AC:F9:41:07:2C:9A:6B:EE:73
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7E4DDB5E47F273B8C48D160633A9717A6424F4B9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa
Signing time:             Wed 08 Jul 2026 06:03:43 +0000
ROA not before:           Wed 08 Jul 2026 05:58:43 +0000
ROA not after:            Wed 07 Jul 2027 06:03:43 +0000
asID:                     153996
IP address blocks:        143.14.9.0/24 maxlen: 24
                          143.14.11.0/24 maxlen: 24
                          143.14.16.0/24 maxlen: 24
                          143.14.36.0/24 maxlen: 24
                          143.14.200.0/24 maxlen: 24
                          143.14.229.0/24 maxlen: 24
                          162.141.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:4d:db:5e:47:f2:73:b8:c4:8d:16:06:33:a9:71:7a:64:24:f4:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  8 05:58:43 2026 GMT
            Not After : Jul  7 06:03:43 2027 GMT
        Subject: CN=B046E6453B3DA87A875DDFACF941072C9A6BEE73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bb:2a:5e:7a:64:a4:41:e0:f9:44:20:d6:6b:
                    35:49:9b:4a:d2:8d:05:51:13:9d:1a:c8:f3:86:2f:
                    2c:f8:58:ee:45:b5:89:da:4e:fc:f1:d0:21:15:65:
                    5b:0b:07:e9:a3:fd:21:2e:30:f9:df:d4:0e:42:fa:
                    cf:1a:10:d8:27:df:d1:7d:e4:c2:0a:9b:76:7c:5e:
                    50:e8:6d:1c:90:0b:f4:3e:e1:08:1b:04:e4:ee:57:
                    30:5b:cc:4a:66:e8:15:0f:14:7c:17:7a:56:0c:be:
                    98:3e:ab:71:13:39:25:ca:35:a0:16:13:f3:b6:9d:
                    17:20:7c:10:15:a8:aa:0a:4b:3f:38:6f:af:fe:21:
                    43:35:10:23:4c:7d:99:f2:95:65:7c:ab:90:fb:44:
                    02:fc:fc:cc:58:fe:1d:6c:db:e0:9a:80:50:2f:ca:
                    fa:1c:75:fe:bd:1f:56:50:98:f4:17:c8:37:4c:29:
                    2f:d0:36:76:3f:58:8d:0d:f4:2c:bf:5d:ee:fb:d7:
                    74:4a:3b:70:5d:1c:9f:99:3d:ca:93:fa:7e:f5:58:
                    a5:7c:7c:77:98:f4:58:f9:46:0f:e2:99:42:50:68:
                    09:79:fa:99:96:4f:d9:4e:18:86:34:bc:19:fd:15:
                    a4:24:b1:25:62:18:fc:30:29:f4:9c:84:8d:ce:e2:
                    42:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:46:E6:45:3B:3D:A8:7A:87:5D:DF:AC:F9:41:07:2C:9A:6B:EE:73
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.9.0/24
                  143.14.11.0/24
                  143.14.16.0/24
                  143.14.36.0/24
                  143.14.200.0/24
                  143.14.229.0/24
                  162.141.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:b8:9e:4a:af:61:44:be:e6:fa:79:47:7b:4b:55:fd:16:7d:
         e7:e3:4f:c6:16:00:77:45:01:6d:42:09:16:48:25:97:5d:32:
         1a:98:b3:63:ea:94:b5:a3:f8:26:84:dd:4c:9c:81:a2:f2:bb:
         07:19:e1:5a:a2:45:49:b2:2f:d5:cc:15:5a:e3:ad:68:67:3f:
         a2:88:1f:f9:05:f9:77:75:6e:45:35:22:ed:72:9d:9f:9a:25:
         14:30:4d:c3:2a:3a:b9:bf:ed:a9:a7:6c:dd:7a:e3:61:2c:13:
         4d:97:87:52:57:4f:f7:17:1f:1e:1f:27:0c:fb:0f:46:46:c6:
         52:a0:73:20:df:4e:a7:cb:7e:42:47:52:3b:73:00:91:4b:0a:
         80:f6:e2:6d:aa:c9:df:ca:ec:dd:e8:33:cd:3f:14:28:20:59:
         e1:b9:02:0b:c3:0e:eb:2b:90:6d:01:cc:73:30:12:87:64:d9:
         ef:27:34:ae:68:83:8d:c5:4b:d6:4e:6d:73:09:30:be:ed:0d:
         f0:1f:61:a3:7e:28:33:48:20:05:2c:47:90:42:9e:c5:3c:60:
         ea:c8:68:85:41:34:f2:3e:8e:7b:ce:24:77:d7:60:e8:cf:0c:
         41:86:d4:81:a8:63:15:b6:b2:58:1d:5f:77:3d:55:48:bf:e8:
         d4:8f:71:82
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUfk3bXkfyc7jEjRYGM6lxemQk9LkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA3MDgwNTU4NDNaFw0yNzA3MDcwNjAzNDNaMDMxMTAvBgNV
BAMTKEIwNDZFNjQ1M0IzREE4N0E4NzVEREZBQ0Y5NDEwNzJDOUE2QkVFNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIuypeemSkQeD5RCDWazVJm0rS
jQVRE50ayPOGLyz4WO5FtYnaTvzx0CEVZVsLB+mj/SEuMPnf1A5C+s8aENgn39F9
5MIKm3Z8XlDobRyQC/Q+4QgbBOTuVzBbzEpm6BUPFHwXelYMvpg+q3ETOSXKNaAW
E/O2nRcgfBAVqKoKSz84b6/+IUM1ECNMfZnylWV8q5D7RAL8/MxY/h1s2+CagFAv
yvocdf69H1ZQmPQXyDdMKS/QNnY/WI0N9Cy/Xe7713RKO3BdHJ+ZPcqT+n71WKV8
fHeY9Fj5Rg/imUJQaAl5+pmWT9lOGIY0vBn9FaQksSViGPwwKfSchI3O4kKJAgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQUsEbmRTs9qHqHXd+s+UEHLJpr7nMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzOTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAjw4J
AwQAjw4LAwQAjw4QAwQAjw4kAwQAjw7IAwQAjw7lAwQAoo2OMA0GCSqGSIb3DQEB
CwUAA4IBAQBLuJ5Kr2FEvub6eUd7S1X9Fn3n40/GFgB3RQFtQgkWSCWXXTIamLNj
6pS1o/gmhN1MnIGi8rsHGeFaokVJsi/VzBVa461oZz+iiB/5Bfl3dW5FNSLtcp2f
miUUME3DKjq5v+2pp2zdeuNhLBNNl4dSV0/3Fx8eHycM+w9GRsZSoHMg306ny35C
R1I7cwCRSwqA9uJtqsnfyuzd6DPNPxQoIFnhuQILww7rK5BtAcxzMBKHZNnvJzSu
aIONxUvWTm1zCTC+7Q3wH2GjfigzSCAFLEeQQp7FPGDqyGiFQTTyPo57ziR312Do
zwxBhtSBqGMVtrJYHV93PVVIv+jUj3GC
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:15:24 2026 by rpki-client