Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa
File:                     AS153996.roa (raw, json)
Hash identifier:          fDHwvYy3NrQ/Pq1bPrly/ENtuiXyXtBHxeEwuQ5e9SI=
Subject key identifier:   05:A9:87:3D:3A:CB:BF:5E:B2:6E:AB:9D:25:12:6D:68:05:C3:4C:E3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       19BE763412A12B83AC354D6A9364D8E8C8AA2F23
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa
Signing time:             Sat 05 Jul 2025 08:53:03 +0000
ROA not before:           Sat 05 Jul 2025 08:48:03 +0000
ROA not after:            Sat 04 Jul 2026 08:53:03 +0000
asID:                     153996
IP address blocks:        143.14.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:be:76:34:12:a1:2b:83:ac:35:4d:6a:93:64:d8:e8:c8:aa:2f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  5 08:48:03 2025 GMT
            Not After : Jul  4 08:53:03 2026 GMT
        Subject: CN=05A9873D3ACBBF5EB26EAB9D25126D6805C34CE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d6:ff:90:b5:13:99:38:05:bc:ad:70:1c:a4:
                    25:c7:53:dd:88:db:1a:94:2e:53:7a:2b:62:ac:bf:
                    e4:db:c8:04:4a:96:a6:0c:3b:52:3c:63:68:c8:02:
                    33:20:51:01:49:5e:1f:d6:89:df:5e:78:c0:1f:9d:
                    fa:18:fd:2a:ea:be:15:f6:a6:d5:b9:c5:d4:c9:6a:
                    de:87:85:47:fb:7d:d7:40:e0:c2:dd:17:5f:e7:c8:
                    31:59:22:97:6f:15:8c:65:a0:1c:37:b3:3c:15:c3:
                    d9:a3:d3:3f:34:4d:e9:2c:16:bd:05:d7:9f:08:b7:
                    1b:ae:0b:21:80:7f:38:1a:ec:11:a8:ea:c0:d3:52:
                    b9:8a:05:45:44:3f:de:ce:75:3f:27:eb:02:d2:50:
                    cb:77:47:7a:61:f9:13:ac:8f:01:c3:28:99:c9:d3:
                    1c:25:da:21:aa:bb:2d:e0:6c:97:f9:4b:ce:2c:ff:
                    34:6f:86:41:63:ac:1b:db:7e:54:54:e0:54:11:14:
                    7a:7c:d6:fe:d7:7f:f5:98:16:77:77:a5:ec:ea:2a:
                    dc:5d:e9:f8:a5:27:99:05:d4:6c:87:4c:db:4f:f1:
                    e0:2c:6c:62:11:a2:87:7a:8c:1e:b4:ab:56:f8:34:
                    27:88:09:60:69:7e:19:2f:53:63:67:a0:7d:7b:66:
                    05:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A9:87:3D:3A:CB:BF:5E:B2:6E:AB:9D:25:12:6D:68:05:C3:4C:E3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:41:ba:b7:8a:ed:07:34:92:9d:99:f1:67:35:27:ff:67:76:
         f1:e0:05:ba:31:79:29:09:c8:cb:2c:4d:76:9c:dd:e4:06:f6:
         04:ea:97:56:18:d5:d8:24:a2:06:04:d2:52:46:b6:4c:ce:dc:
         8e:35:cc:f5:22:59:6e:a5:16:d6:76:21:dd:89:9e:34:9a:5e:
         60:36:04:0a:57:99:70:c4:5d:e4:ee:dc:2c:97:17:56:0f:85:
         cc:47:a5:89:a8:27:47:20:99:91:45:48:15:60:c8:34:b8:67:
         3b:13:71:1c:ab:3c:4c:19:fa:1d:2f:af:d1:2f:45:38:35:42:
         3f:de:c2:f4:15:86:15:6f:ee:a8:3d:1d:22:ad:b2:fc:21:5a:
         89:1b:7d:33:6a:1c:02:a0:9b:21:34:c6:12:8c:35:3f:d9:02:
         4a:88:fe:41:75:fb:e2:79:ab:63:bc:df:6c:40:6a:4a:c1:dc:
         95:99:ea:b8:a7:c3:93:20:a2:28:64:97:10:12:a3:3e:50:b7:
         f7:64:99:25:c2:f3:59:78:d9:e0:88:ba:a0:a2:8d:05:2e:24:
         96:09:9f:f6:6f:18:d9:f9:dc:dc:44:d0:72:bb:96:36:74:90:
         b8:f0:bb:66:33:21:e6:22:11:5c:3c:c2:03:82:70:ab:9d:4e:
         df:c8:da:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGb52NBKhK4OsNU1qk2TY6MiqLyMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDUwODQ4MDNaFw0yNjA3MDQwODUzMDNaMDMxMTAvBgNV
BAMTKDA1QTk4NzNEM0FDQkJGNUVCMjZFQUI5RDI1MTI2RDY4MDVDMzRDRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl1v+QtROZOAW8rXAcpCXHU92I
2xqULlN6K2Ksv+TbyARKlqYMO1I8Y2jIAjMgUQFJXh/Wid9eeMAfnfoY/SrqvhX2
ptW5xdTJat6HhUf7fddA4MLdF1/nyDFZIpdvFYxloBw3szwVw9mj0z80TeksFr0F
158ItxuuCyGAfzga7BGo6sDTUrmKBUVEP97OdT8n6wLSUMt3R3ph+ROsjwHDKJnJ
0xwl2iGquy3gbJf5S84s/zRvhkFjrBvbflRU4FQRFHp81v7Xf/WYFnd3pezqKtxd
6filJ5kF1GyHTNtP8eAsbGIRood6jB60q1b4NCeICWBpfhkvU2NnoH17ZgVjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBamHPTrLv16ybqudJRJtaAXDTOMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzOTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4J
MA0GCSqGSIb3DQEBCwUAA4IBAQASQbq3iu0HNJKdmfFnNSf/Z3bx4AW6MXkpCcjL
LE12nN3kBvYE6pdWGNXYJKIGBNJSRrZMztyONcz1IllupRbWdiHdiZ40ml5gNgQK
V5lwxF3k7twslxdWD4XMR6WJqCdHIJmRRUgVYMg0uGc7E3EcqzxMGfodL6/RL0U4
NUI/3sL0FYYVb+6oPR0irbL8IVqJG30zahwCoJshNMYSjDU/2QJKiP5Bdfvieatj
vN9sQGpKwdyVmeq4p8OTIKIoZJcQEqM+ULf3ZJklwvNZeNngiLqgoo0FLiSWCZ/2
bxjZ+dzcRNByu5Y2dJC48LtmMyHmIhFcPMIDgnCrnU7fyNrB
-----END CERTIFICATE-----