Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
File:                     AS150293.roa (raw, json)
Hash identifier:          QbHrOZo2zwZ+oLE3z31pu5sxkdmzrbc6BP45zBXt6Tg=
Subject key identifier:   AA:31:D1:B8:64:6A:B3:44:B8:C9:D4:CB:FF:B9:42:5E:C9:1C:4A:66
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       7EA40FBD1FA3371CBB4D0F3636749B873748CA29
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
Signing time:             Sun 19 Apr 2026 06:25:19 +0000
ROA not before:           Sun 19 Apr 2026 06:20:19 +0000
ROA not after:            Sun 18 Apr 2027 06:25:19 +0000
asID:                     150293
IP address blocks:        46.236.213.0/24 maxlen: 24
                          46.236.214.0/24 maxlen: 24
                          212.60.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:a4:0f:bd:1f:a3:37:1c:bb:4d:0f:36:36:74:9b:87:37:48:ca:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 19 06:20:19 2026 GMT
            Not After : Apr 18 06:25:19 2027 GMT
        Subject: CN=AA31D1B8646AB344B8C9D4CBFFB9425EC91C4A66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c9:58:26:46:b6:9a:fe:b2:5a:7f:61:8d:6a:
                    00:9c:12:77:06:30:76:de:6d:80:79:da:ab:51:95:
                    47:0c:ad:5c:ba:24:27:6d:f6:5f:a4:aa:7b:de:8a:
                    38:f6:b6:6a:40:ce:c4:b7:1c:c6:e6:2f:2e:dd:bd:
                    79:f1:0f:eb:d6:70:57:27:1d:f5:44:be:38:3a:56:
                    aa:5d:56:83:a5:7f:8d:69:db:b2:ad:9e:d9:60:9f:
                    6d:b3:fe:00:02:b7:ff:b0:f4:31:6d:87:af:8b:34:
                    fc:c1:10:70:7c:41:31:ae:b5:59:55:7a:09:4a:1b:
                    26:df:39:84:e4:a1:52:0d:25:82:7a:4f:18:58:38:
                    7f:f3:ce:a3:72:a5:79:d8:00:d5:f5:00:e8:e5:a9:
                    99:31:1a:fe:f1:28:a7:57:c5:cb:58:cb:49:df:19:
                    3c:50:e4:81:3a:e4:fc:db:90:2a:f1:c7:58:78:0b:
                    df:ac:c8:04:f8:e0:fe:cc:81:17:56:ca:2c:a3:d0:
                    11:e6:2e:21:83:39:d9:88:3d:28:92:f7:67:06:b9:
                    5d:a4:18:b9:56:d1:d2:4c:a8:2c:5f:80:c1:77:4c:
                    c0:90:db:84:73:0f:99:19:24:82:2d:f2:be:77:2c:
                    ab:96:88:b6:bd:a3:c9:81:e8:ec:23:14:3e:01:3a:
                    57:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:31:D1:B8:64:6A:B3:44:B8:C9:D4:CB:FF:B9:42:5E:C9:1C:4A:66
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.213.0-46.236.214.255
                  212.60.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:43:5a:9c:d6:1d:8d:7d:58:e3:2c:8b:e7:01:52:a3:7f:57:
         1a:76:ec:82:b1:57:e8:56:97:36:9b:88:02:e6:fc:f7:47:65:
         39:ac:0a:68:32:9a:f9:9f:03:e0:51:54:ca:3c:f6:77:f4:3d:
         df:ca:fe:86:d0:5e:0e:6a:4a:66:23:4a:10:69:ed:18:35:0b:
         b9:74:a0:43:85:b9:d1:9b:27:ad:8b:7a:67:5c:15:3b:73:9d:
         27:7a:b2:b2:1b:01:00:77:ed:22:9e:5c:fc:14:14:d7:e7:04:
         50:a2:f8:03:3f:c3:e0:8a:8e:40:a7:95:e5:d8:97:84:98:bb:
         eb:48:c2:3d:3d:4d:54:07:5c:54:ed:63:5d:90:95:62:99:c4:
         9c:55:0e:02:1d:c5:0c:64:49:94:b3:50:62:63:09:78:a5:2b:
         65:64:5a:6d:52:82:01:c5:bc:74:29:6a:08:3b:cb:a2:9e:66:
         4a:79:02:4f:83:45:04:35:5c:f7:ce:a5:46:cf:55:62:ce:21:
         68:06:c9:e0:56:09:05:9c:06:65:23:a1:c6:31:8a:b4:f6:4a:
         fc:b4:f7:99:f9:e3:91:56:d2:7a:a3:33:7c:51:82:73:1c:36:
         34:12:58:dd:af:3e:11:d0:0d:50:6e:d8:82:2a:61:eb:ab:c6:
         4b:10:e9:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUfqQPvR+jNxy7TQ82NnSbhzdIyikwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MTkwNjIwMTlaFw0yNzA0MTgwNjI1MTlaMDMxMTAvBgNV
BAMTKEFBMzFEMUI4NjQ2QUIzNDRCOEM5RDRDQkZGQjk0MjVFQzkxQzRBNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6yVgmRraa/rJaf2GNagCcEncG
MHbebYB52qtRlUcMrVy6JCdt9l+kqnveijj2tmpAzsS3HMbmLy7dvXnxD+vWcFcn
HfVEvjg6VqpdVoOlf41p27Ktntlgn22z/gACt/+w9DFth6+LNPzBEHB8QTGutVlV
eglKGybfOYTkoVINJYJ6TxhYOH/zzqNypXnYANX1AOjlqZkxGv7xKKdXxctYy0nf
GTxQ5IE65PzbkCrxx1h4C9+syAT44P7MgRdWyiyj0BHmLiGDOdmIPSiS92cGuV2k
GLlW0dJMqCxfgMF3TMCQ24RzD5kZJIIt8r53LKuWiLa9o8mB6OwjFD4BOlfJAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQUqjHRuGRqs0S4ydTL/7lCXskcSmYwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTUwMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAu
7NUDBAAu7NYDBADUPJEwDQYJKoZIhvcNAQELBQADggEBAENDWpzWHY19WOMsi+cB
UqN/Vxp27IKxV+hWlzabiALm/PdHZTmsCmgymvmfA+BRVMo89nf0Pd/K/obQXg5q
SmYjShBp7Rg1C7l0oEOFudGbJ62LemdcFTtznSd6srIbAQB37SKeXPwUFNfnBFCi
+AM/w+CKjkCnleXYl4SYu+tIwj09TVQHXFTtY12QlWKZxJxVDgIdxQxkSZSzUGJj
CXilK2VkWm1SggHFvHQpagg7y6KeZkp5Ak+DRQQ1XPfOpUbPVWLOIWgGyeBWCQWc
BmUjocYxirT2Svy095n545FW0nqjM3xRgnMcNjQSWN2vPhHQDVBu2IIqYeurxksQ
6Vw=
-----END CERTIFICATE-----