Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa
File:                     AS26548.roa (raw, json)
Hash identifier:          nliIozLMV5RaCl3c93aOG/taEMCIwkdvAs1LhMJUeD8=
Subject key identifier:   2A:05:70:05:72:21:48:A3:40:48:7F:D9:0F:B3:31:6E:2C:89:FB:5F
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       40EBD209B299E4380502A591E3FA13971D28E133
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa
Signing time:             Sat 08 Mar 2025 11:53:56 +0000
ROA not before:           Sat 08 Mar 2025 11:48:56 +0000
ROA not after:            Sat 07 Mar 2026 11:53:56 +0000
asID:                     26548
IP address blocks:        140.150.128.0/21 maxlen: 21
                          140.150.136.0/21 maxlen: 21
                          140.150.144.0/21 maxlen: 21
                          140.150.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:35:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:eb:d2:09:b2:99:e4:38:05:02:a5:91:e3:fa:13:97:1d:28:e1:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  8 11:48:56 2025 GMT
            Not After : Mar  7 11:53:56 2026 GMT
        Subject: CN=2A057005722148A340487FD90FB3316E2C89FB5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ec:45:00:a0:ef:1a:21:9b:d7:23:d7:94:3f:
                    52:92:be:89:59:df:2f:bf:a8:2a:90:50:9c:5c:b5:
                    20:39:e0:1c:91:22:b0:3b:8c:cc:e8:fd:d3:ef:fb:
                    5e:ee:ab:22:8f:40:89:c8:f9:db:dd:9d:86:da:6c:
                    ad:27:81:60:d2:ff:f0:b2:4a:38:f1:31:75:5e:8e:
                    ea:f2:3c:30:86:fe:5c:ee:6e:8d:f2:76:57:bb:cf:
                    61:d4:25:1e:9d:39:7a:38:1d:9b:f5:82:b5:cc:e1:
                    1a:da:41:11:b3:96:fe:0c:f8:2e:9f:61:ca:c0:a6:
                    4b:c8:67:5d:1d:26:3e:fc:6d:6f:ec:7d:ac:1a:f1:
                    3f:fe:73:30:42:6f:7d:32:52:aa:6e:fa:6e:79:dd:
                    59:75:2e:57:8d:b6:14:e8:dd:46:14:2b:95:2b:97:
                    17:a2:77:a9:d9:f0:30:81:75:97:71:3d:fa:fb:60:
                    e3:30:3b:ec:18:10:e7:1a:c7:25:49:7b:12:19:1f:
                    8e:f6:e7:4a:7a:35:93:c1:1b:60:b7:2b:1b:43:64:
                    fc:cf:b9:25:3a:6a:ed:ed:c0:47:d2:0e:7a:bd:82:
                    ca:4a:d0:7b:36:c1:39:91:f3:a6:73:d3:23:8a:87:
                    08:1d:a5:b4:ee:df:c9:2a:08:bb:91:41:1b:6f:28:
                    46:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:70:05:72:21:48:A3:40:48:7F:D9:0F:B3:31:6E:2C:89:FB:5F
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS26548.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.128.0-140.150.151.255
                  140.150.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         41:72:0e:ed:db:67:c3:b9:0c:d7:f5:fd:c5:45:76:3b:d3:3b:
         4f:7f:f5:10:67:15:54:2e:8f:93:ac:41:f1:0c:54:21:22:c5:
         28:7a:86:00:89:c2:58:3a:7a:7c:f9:3a:d9:09:5b:b0:f5:99:
         a8:30:26:f9:04:30:aa:e6:41:a4:ea:14:18:b4:48:23:d2:2f:
         8e:ba:4a:1d:f1:9a:60:94:1e:1a:b9:f8:a2:36:91:c6:5b:e3:
         16:8b:e5:c1:1b:71:00:d7:40:5b:da:0d:7e:0a:02:ee:7d:1f:
         84:2f:0e:71:0f:83:5a:2b:bd:61:36:77:e1:8b:33:2b:64:1d:
         2e:01:e6:0e:a0:30:6e:b4:4e:fc:81:84:0c:ed:82:4d:0a:5a:
         2c:5c:1b:36:0c:c5:cb:a8:02:e2:b2:a0:da:6e:3c:40:d1:78:
         a0:2b:1d:65:60:81:78:f2:30:33:e5:fd:28:eb:4e:d0:9c:08:
         e4:80:50:b6:5e:bf:b5:20:ed:f0:a0:f9:b7:f2:ae:df:7c:6c:
         39:14:d6:0e:bc:68:df:72:b6:5f:d6:b4:eb:6a:95:e0:9e:8a:
         6a:6c:6c:b5:32:cf:0a:2e:c2:78:e8:c0:9c:ba:12:b3:50:9d:
         55:7e:64:7d:c4:b7:df:71:71:91:55:04:55:80:eb:ae:69:9b:
         a5:e8:fa:40
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIUQOvSCbKZ5DgFAqWR4/oTlx0o4TMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMDgxMTQ4NTZaFw0yNjAzMDcxMTUzNTZaMDMxMTAvBgNV
BAMTKDJBMDU3MDA1NzIyMTQ4QTM0MDQ4N0ZEOTBGQjMzMTZFMkM4OUZCNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb7EUAoO8aIZvXI9eUP1KSvolZ
3y+/qCqQUJxctSA54ByRIrA7jMzo/dPv+17uqyKPQInI+dvdnYbabK0ngWDS//Cy
SjjxMXVejuryPDCG/lzubo3ydle7z2HUJR6dOXo4HZv1grXM4RraQRGzlv4M+C6f
YcrApkvIZ10dJj78bW/sfawa8T/+czBCb30yUqpu+m553Vl1LleNthTo3UYUK5Ur
lxeid6nZ8DCBdZdxPfr7YOMwO+wYEOcaxyVJexIZH47250p6NZPBG2C3KxtDZPzP
uSU6au3twEfSDnq9gspK0Hs2wTmR86Zz0yOKhwgdpbTu38kqCLuRQRtvKEZBAgMB
AAGjggIXMIICEzAdBgNVHQ4EFgQUKgVwBXIhSKNASH/ZD7MxbiyJ+18wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY1NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgABMBQwDAMEB4yW
gAMEA4yWkAMEA4yWsDANBgkqhkiG9w0BAQsFAAOCAQEAQXIO7dtnw7kM1/X9xUV2
O9M7T3/1EGcVVC6Pk6xB8QxUISLFKHqGAInCWDp6fPk62QlbsPWZqDAm+QQwquZB
pOoUGLRII9IvjrpKHfGaYJQeGrn4ojaRxlvjFovlwRtxANdAW9oNfgoC7n0fhC8O
cQ+DWiu9YTZ34YszK2QdLgHmDqAwbrRO/IGEDO2CTQpaLFwbNgzFy6gC4rKg2m48
QNF4oCsdZWCBePIwM+X9KOtO0JwI5IBQtl6/tSDt8KD5t/Ku33xsORTWDrxo33K2
X9a062qV4J6KamxstTLPCi7CeOjAnLoSs1CdVX5kfcS333FxkVUEVYDrrmmbpej6
QA==
-----END CERTIFICATE-----