Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS154612.roa
File:                     AS154612.roa (raw, json)
Hash identifier:          T+Tsku1dDSrIisyuhNtnCfsBKGn7rmdDQlrqkfeetpU=
Subject key identifier:   70:8F:B9:ED:B0:19:0E:E3:94:02:FC:8E:54:92:54:DE:5C:51:AB:81
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3E81B8AED015C4E55447DA55FAB80AD4941FEBB5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS154612.roa
Signing time:             Thu 21 May 2026 06:36:23 +0000
ROA not before:           Thu 21 May 2026 06:31:23 +0000
ROA not after:            Thu 20 May 2027 06:36:23 +0000
asID:                     154612
IP address blocks:        162.141.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:81:b8:ae:d0:15:c4:e5:54:47:da:55:fa:b8:0a:d4:94:1f:eb:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 21 06:31:23 2026 GMT
            Not After : May 20 06:36:23 2027 GMT
        Subject: CN=708FB9EDB0190EE39402FC8E549254DE5C51AB81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:00:b4:0b:ab:b3:7d:b4:25:55:07:1d:4d:3a:
                    4a:7d:2e:97:ea:f3:d5:85:d6:6f:88:c4:98:e1:35:
                    f8:56:11:4f:27:27:7f:ae:33:a9:66:9e:c8:c8:bf:
                    e8:20:da:72:1c:80:22:ef:c8:b7:6f:bf:91:64:e0:
                    7e:f0:ed:41:ae:48:38:9e:50:57:12:26:64:aa:28:
                    50:61:75:f3:96:ae:d6:26:0b:06:a8:b9:00:73:d9:
                    44:08:92:db:65:64:4b:a0:30:f9:36:4a:dd:48:f7:
                    56:75:6f:fd:29:9c:80:93:c8:05:1c:70:90:3b:ed:
                    b2:2c:3c:ff:a1:e1:14:a4:88:77:ca:25:4c:98:6e:
                    1b:e7:cb:d2:b7:21:69:47:2e:fa:73:bb:45:26:a5:
                    50:da:06:9b:04:47:65:d7:68:ce:42:c2:e2:9c:ff:
                    71:f2:b6:a0:fe:2d:1f:55:05:f0:ac:63:ec:6a:c9:
                    36:aa:b7:12:d1:90:cf:71:34:c9:70:15:28:7f:1e:
                    a4:56:d0:04:2b:2b:95:2b:d0:80:77:84:32:c2:9a:
                    1d:9a:e0:58:72:73:19:9e:3b:aa:73:2f:83:a8:0b:
                    d3:0f:73:57:2b:c8:a2:7f:0f:1c:02:92:78:5b:e7:
                    9f:fe:3f:e8:e1:02:d1:84:9a:12:9c:6e:f5:97:14:
                    4d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8F:B9:ED:B0:19:0E:E3:94:02:FC:8E:54:92:54:DE:5C:51:AB:81
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS154612.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:34:78:07:f7:40:6a:5f:52:e8:40:ba:12:7a:05:30:b6:ab:
         e9:0f:f0:98:ef:5f:7a:90:38:ff:49:bd:6f:5d:6e:b2:36:70:
         98:c9:7f:61:2b:1e:50:22:d3:9a:34:be:7e:47:26:03:28:ce:
         56:25:ad:6f:d5:da:24:e9:9b:b9:83:f4:bc:f8:83:32:16:67:
         ef:09:fe:a9:81:52:56:76:66:8a:69:ff:72:f1:9e:a2:a4:af:
         fc:ef:0e:af:d1:46:83:88:f4:c6:c1:0b:57:f8:26:9b:30:e0:
         d5:b6:b1:91:8e:ed:a3:b2:0b:a2:19:ab:8e:79:5d:bb:ec:14:
         89:d0:d3:3a:43:29:2c:fa:2d:93:ca:25:99:7a:5c:2a:ce:e8:
         9d:05:9c:7a:a4:81:5d:80:7f:e2:1c:cb:9f:39:ef:b9:3b:35:
         4c:e1:70:b6:bd:70:ea:1d:4c:1c:45:08:38:57:39:d9:52:8b:
         43:dc:4c:08:43:58:37:7c:87:3d:84:97:d3:69:b7:e2:6f:68:
         ee:4b:33:1a:27:6e:10:61:d9:42:30:d0:db:a9:d3:54:60:98:
         6b:1f:82:b9:bb:b9:9c:51:ab:30:c6:6d:1e:ff:e3:7b:5d:a5:
         f0:e6:9f:a0:84:d7:69:c9:67:d5:b4:06:56:74:a4:ab:b4:55:
         3e:2b:40:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPoG4rtAVxOVUR9pV+rgK1JQf67UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjEwNjMxMjNaFw0yNzA1MjAwNjM2MjNaMDMxMTAvBgNV
BAMTKDcwOEZCOUVEQjAxOTBFRTM5NDAyRkM4RTU0OTI1NERFNUM1MUFCODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsALQLq7N9tCVVBx1NOkp9Lpfq
89WF1m+IxJjhNfhWEU8nJ3+uM6lmnsjIv+gg2nIcgCLvyLdvv5Fk4H7w7UGuSDie
UFcSJmSqKFBhdfOWrtYmCwaouQBz2UQIkttlZEugMPk2St1I91Z1b/0pnICTyAUc
cJA77bIsPP+h4RSkiHfKJUyYbhvny9K3IWlHLvpzu0UmpVDaBpsER2XXaM5CwuKc
/3HytqD+LR9VBfCsY+xqyTaqtxLRkM9xNMlwFSh/HqRW0AQrK5Ur0IB3hDLCmh2a
4FhycxmeO6pzL4OoC9MPc1cryKJ/DxwCknhb55/+P+jhAtGEmhKcbvWXFE0vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcI+57bAZDuOUAvyOVJJU3lxRq4EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU0NjEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo0n
MA0GCSqGSIb3DQEBCwUAA4IBAQA6NHgH90BqX1LoQLoSegUwtqvpD/CY7196kDj/
Sb1vXW6yNnCYyX9hKx5QItOaNL5+RyYDKM5WJa1v1dok6Zu5g/S8+IMyFmfvCf6p
gVJWdmaKaf9y8Z6ipK/87w6v0UaDiPTGwQtX+CabMODVtrGRju2jsguiGauOeV27
7BSJ0NM6Qyks+i2TyiWZelwqzuidBZx6pIFdgH/iHMufOe+5OzVM4XC2vXDqHUwc
RQg4VznZUotD3EwIQ1g3fIc9hJfTabfib2juSzMaJ24QYdlCMNDbqdNUYJhrH4K5
u7mcUaswxm0e/+N7XaXw5p+ghNdpyWfVtAZWdKSrtFU+K0AU
-----END CERTIFICATE-----