Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          +BJQLRRwoI7mKYvkrnOiI851mZkxQTi1mnbnlIrD/ic=
Subject key identifier:   BA:E9:45:52:AC:66:26:15:58:28:11:45:2B:15:58:03:B8:96:6C:83
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       75714D4F171C700D0270721F857F94FFF2277500
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS151338.roa
Signing time:             Mon 18 May 2026 18:53:30 +0000
ROA not before:           Mon 18 May 2026 18:48:30 +0000
ROA not after:            Mon 17 May 2027 18:53:30 +0000
asID:                     151338
IP address blocks:        82.139.221.0/24 maxlen: 24
                          82.139.242.0/24 maxlen: 24
                          82.139.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:71:4d:4f:17:1c:70:0d:02:70:72:1f:85:7f:94:ff:f2:27:75:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 18 18:48:30 2026 GMT
            Not After : May 17 18:53:30 2027 GMT
        Subject: CN=BAE94552AC662615582811452B155803B8966C83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:94:69:47:67:8d:88:c8:e7:ce:16:d5:46:1d:
                    d6:9d:f2:07:00:32:40:bb:68:d3:01:e2:b7:3a:ee:
                    51:ce:8e:80:d7:94:ac:49:7c:02:9f:21:c9:aa:c8:
                    7e:98:6d:48:d5:33:a9:8a:92:a6:df:44:c8:c3:62:
                    3c:66:cc:2a:66:c4:03:ea:09:71:35:31:5d:1c:76:
                    9b:bc:fb:c5:2b:c3:6d:24:2e:26:ee:1b:58:84:10:
                    44:e4:2f:9b:97:fb:ab:46:5c:42:69:54:d1:de:bb:
                    ac:e9:e1:12:90:80:bc:68:b0:e9:b1:2a:1d:12:28:
                    44:e6:38:92:58:13:2f:e3:04:8e:8b:20:42:fd:19:
                    e6:19:28:94:9d:b6:de:a2:97:e5:c7:9f:d6:3a:bc:
                    32:c4:a3:ca:90:b4:cf:50:ea:a4:e1:26:17:51:b9:
                    29:5c:68:ef:a0:28:5c:25:83:4c:24:fe:fe:ca:6f:
                    42:c1:1a:3b:49:f3:19:3d:17:07:28:5e:c9:4a:b1:
                    bf:52:ea:78:48:db:4e:9c:ae:94:d1:df:b1:b2:39:
                    b8:bc:79:d9:39:08:20:96:6b:8d:67:7c:3a:4d:74:
                    d8:22:7e:98:24:45:7c:60:5a:f9:66:b7:6f:ca:0b:
                    06:d4:85:93:39:e5:ab:38:66:09:5c:7b:25:5a:47:
                    1e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E9:45:52:AC:66:26:15:58:28:11:45:2B:15:58:03:B8:96:6C:83
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.221.0/24
                  82.139.242.0/24
                  82.139.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:cd:93:ad:b3:38:75:d8:e6:a9:bd:f2:6e:10:98:85:72:2e:
         16:0e:0b:24:ae:fe:14:a3:ce:44:ce:02:15:e1:3b:74:90:9c:
         3f:e4:69:b3:17:76:6d:a1:f0:12:91:35:ac:ac:08:de:f5:d6:
         50:4d:c3:e4:bd:66:ff:06:e9:a7:2c:e6:da:c2:c4:96:3c:7b:
         68:fd:2a:14:75:7c:d3:b1:37:5d:cd:b1:49:f5:61:3a:e8:d8:
         64:22:dd:23:2c:2f:9c:a9:b5:99:af:b7:45:38:21:ba:7c:b7:
         44:8f:72:1b:9e:b9:77:7d:7b:ff:91:1e:e6:a4:e6:6f:b3:5a:
         a3:79:eb:e4:66:9b:20:33:8d:c6:f1:d9:7a:87:02:2e:56:31:
         fe:1a:6b:07:5b:2c:a1:bb:f7:1c:28:0c:c5:ee:1d:47:0d:4c:
         97:ef:52:49:ac:90:ed:3b:28:39:31:51:41:c3:a0:a6:44:4e:
         a4:16:2c:9b:e6:72:5f:4f:27:41:09:d1:9b:a6:57:f8:40:83:
         4a:dc:84:d0:fd:05:d3:b0:cd:50:f8:7c:5e:e1:2b:64:a9:15:
         f9:65:8e:cd:07:8b:8f:b8:69:f5:e0:8f:91:6e:d3:f3:15:c4:
         0c:ca:fa:04:58:cf:7e:b1:8c:6f:19:0b:92:7c:d2:7b:b4:cc:
         fb:20:ce:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdXFNTxcccA0CcHIfhX+U//IndQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTgxODQ4MzBaFw0yNzA1MTcxODUzMzBaMDMxMTAvBgNV
BAMTKEJBRTk0NTUyQUM2NjI2MTU1ODI4MTE0NTJCMTU1ODAzQjg5NjZDODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDClGlHZ42IyOfOFtVGHdad8gcA
MkC7aNMB4rc67lHOjoDXlKxJfAKfIcmqyH6YbUjVM6mKkqbfRMjDYjxmzCpmxAPq
CXE1MV0cdpu8+8Urw20kLibuG1iEEETkL5uX+6tGXEJpVNHeu6zp4RKQgLxosOmx
Kh0SKETmOJJYEy/jBI6LIEL9GeYZKJSdtt6il+XHn9Y6vDLEo8qQtM9Q6qThJhdR
uSlcaO+gKFwlg0wk/v7Kb0LBGjtJ8xk9FwcoXslKsb9S6nhI206crpTR37GyObi8
edk5CCCWa41nfDpNdNgifpgkRXxgWvlmt2/KCwbUhZM55as4ZglceyVaRx7pAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUuulFUqxmJhVYKBFFKxVYA7iWbIMwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUovd
AwQAUovyAwQAUov2MA0GCSqGSIb3DQEBCwUAA4IBAQBAzZOtszh12OapvfJuEJiF
ci4WDgskrv4Uo85EzgIV4Tt0kJw/5GmzF3ZtofASkTWsrAje9dZQTcPkvWb/Bumn
LObawsSWPHto/SoUdXzTsTddzbFJ9WE66NhkIt0jLC+cqbWZr7dFOCG6fLdEj3Ib
nrl3fXv/kR7mpOZvs1qjeevkZpsgM43G8dl6hwIuVjH+GmsHWyyhu/ccKAzF7h1H
DUyX71JJrJDtOyg5MVFBw6CmRE6kFiyb5nJfTydBCdGbplf4QINK3ITQ/QXTsM1Q
+Hxe4StkqRX5ZY7NB4uPuGn14I+RbtPzFcQMyvoEWM9+sYxvGQuSfNJ7tMz7IM4M
-----END CERTIFICATE-----