Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa
File:                     AS26548.roa (raw, json)
Hash identifier:          EFVIcEMUmnkwRwnSEBYGRTk8n/AlIOOSspV1DyFD7Vw=
Subject key identifier:   D7:FB:EA:11:53:0C:0E:47:AF:D2:F7:38:FA:F9:85:18:CF:8B:EA:DF
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7885A3588D6867CA2286E6C5C146F81BA086F31D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     26548
IP address blocks:        140.150.128.0/21 maxlen: 21
                          140.150.136.0/21 maxlen: 21
                          140.150.144.0/21 maxlen: 21
                          140.150.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:85:a3:58:8d:68:67:ca:22:86:e6:c5:c1:46:f8:1b:a0:86:f3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=D7FBEA11530C0E47AFD2F738FAF98518CF8BEADF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:aa:c3:2a:78:99:2f:86:b5:7d:09:42:b9:72:
                    1b:25:e8:d2:10:c1:63:24:30:63:be:76:f4:da:48:
                    da:c6:cf:cc:c0:22:29:60:5a:4f:3b:67:50:02:2d:
                    71:89:6b:03:61:ba:5e:68:f6:c9:92:03:7a:ca:90:
                    18:ff:a5:75:65:3f:cf:67:0b:b4:94:03:3f:3c:91:
                    96:0b:e5:70:97:b1:1f:b2:02:6c:8d:85:1c:bc:73:
                    45:f9:77:2d:ad:c1:df:c4:8b:52:40:bb:6c:f0:ca:
                    9f:12:23:82:6d:fa:8c:29:6b:63:95:ec:8d:7f:d0:
                    47:24:85:ad:92:12:45:4e:88:40:d1:33:b6:e8:aa:
                    82:96:8d:1f:b7:82:3d:ae:76:08:c1:0b:75:73:d4:
                    6d:04:63:77:ac:2f:42:fc:ed:74:66:24:47:09:d1:
                    a3:f4:c0:30:6c:03:28:f9:ca:8d:2d:85:b3:89:d4:
                    72:8f:7f:3c:ce:e4:1b:33:54:02:43:1d:0d:2d:52:
                    e9:8e:bb:89:53:99:98:f4:31:2b:c9:62:7f:9e:88:
                    af:b2:37:fd:52:51:21:17:a8:09:66:23:a1:0f:ff:
                    1e:49:7d:8a:f7:a1:d3:e9:f7:c0:8b:70:9e:e1:fb:
                    27:ac:f3:8b:aa:63:5c:55:9f:75:09:98:12:95:66:
                    fe:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:FB:EA:11:53:0C:0E:47:AF:D2:F7:38:FA:F9:85:18:CF:8B:EA:DF
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.128.0-140.150.151.255
                  140.150.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         14:05:79:dd:ae:0e:45:b3:94:33:58:94:70:f5:ca:ab:0c:c3:
         fa:58:82:47:d8:c2:94:0b:b6:28:9d:08:86:e1:e7:71:86:b6:
         70:13:85:8a:2e:ae:78:10:28:b6:0e:13:ad:d7:e2:d3:89:64:
         2e:88:a5:cd:42:5f:ce:a2:fa:fc:a6:99:8f:e4:dd:8f:7e:81:
         51:e9:df:e1:7a:87:ca:3a:5c:37:c3:73:69:5a:13:ba:7d:b0:
         86:cd:55:87:f8:e7:68:c4:e3:8b:b6:a1:b0:de:77:ce:db:e8:
         cc:00:4d:e8:c1:76:bf:21:82:98:25:43:2c:e9:bb:8a:40:5c:
         bb:1c:ec:70:76:cd:83:40:02:f9:ae:2b:b8:cb:7f:6c:87:f4:
         94:6d:d4:7b:81:b6:32:bf:9d:cf:58:54:cb:8c:02:f8:cd:d1:
         fd:3f:01:56:b0:75:44:af:15:69:b1:5f:48:2f:87:0c:ff:4b:
         98:71:ec:4f:e8:8d:cc:e6:49:e3:f6:f7:61:b2:3c:86:6c:e6:
         01:ce:32:29:03:d0:49:3a:76:82:43:f0:4b:22:57:d2:28:8d:
         65:61:79:0e:26:56:c3:be:c6:82:2c:79:77:f9:70:61:c5:b4:
         b1:7d:44:b5:2d:35:aa:0c:32:fa:84:15:2c:d8:2c:dd:f1:42:
         c9:e0:3c:9f
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIUeIWjWI1oZ8oihubFwUb4G6CG8x0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKEQ3RkJFQTExNTMwQzBFNDdBRkQyRjczOEZBRjk4NTE4Q0Y4QkVBREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNqsMqeJkvhrV9CUK5chsl6NIQ
wWMkMGO+dvTaSNrGz8zAIilgWk87Z1ACLXGJawNhul5o9smSA3rKkBj/pXVlP89n
C7SUAz88kZYL5XCXsR+yAmyNhRy8c0X5dy2twd/Ei1JAu2zwyp8SI4Jt+owpa2OV
7I1/0Eckha2SEkVOiEDRM7boqoKWjR+3gj2udgjBC3Vz1G0EY3esL0L87XRmJEcJ
0aP0wDBsAyj5yo0thbOJ1HKPfzzO5BszVAJDHQ0tUumOu4lTmZj0MSvJYn+eiK+y
N/1SUSEXqAlmI6EP/x5JfYr3odPp98CLcJ7h+yes84uqY1xVn3UJmBKVZv5PAgMB
AAGjggIXMIICEzAdBgNVHQ4EFgQU1/vqEVMMDkev0vc4+vmFGM+L6t8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY1NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgABMBQwDAMEB4yW
gAMEA4yWkAMEA4yWsDANBgkqhkiG9w0BAQsFAAOCAQEAFAV53a4ORbOUM1iUcPXK
qwzD+liCR9jClAu2KJ0IhuHncYa2cBOFii6ueBAotg4Trdfi04lkLoilzUJfzqL6
/KaZj+Tdj36BUenf4XqHyjpcN8NzaVoTun2whs1Vh/jnaMTji7ahsN53ztvozABN
6MF2vyGCmCVDLOm7ikBcuxzscHbNg0AC+a4ruMt/bIf0lG3Ue4G2Mr+dz1hUy4wC
+M3R/T8BVrB1RK8VabFfSC+HDP9LmHHsT+iNzOZJ4/b3YbI8hmzmAc4yKQPQSTp2
gkPwSyJX0iiNZWF5DiZWw77Ggix5d/lwYcW0sX1EtS01qgwy+oQVLNgs3fFCyeA8
nw==
-----END CERTIFICATE-----