Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS150293.roa
File:                     AS150293.roa (raw, json)
Hash identifier:          htDbdXrItb9I5/K/DPcWnLLJZjxrm1UV2YFKedsSeHw=
Subject key identifier:   1A:B2:07:1C:34:DA:91:16:A8:66:39:C0:E3:CD:91:46:13:C2:9D:47
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       32499D7584D5E9A6818D3B1E3B8DDBD6CC22A9B6
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS150293.roa
Signing time:             Fri 27 Mar 2026 08:36:51 +0000
ROA not before:           Fri 27 Mar 2026 08:31:51 +0000
ROA not after:            Fri 26 Mar 2027 08:36:51 +0000
asID:                     150293
IP address blocks:        193.32.207.0/24 maxlen: 24
                          193.187.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:49:9d:75:84:d5:e9:a6:81:8d:3b:1e:3b:8d:db:d6:cc:22:a9:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Mar 27 08:31:51 2026 GMT
            Not After : Mar 26 08:36:51 2027 GMT
        Subject: CN=1AB2071C34DA9116A86639C0E3CD914613C29D47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:65:b8:c3:83:e9:79:23:0f:d0:75:14:7e:27:
                    d3:fa:81:0d:6d:3d:54:a9:be:80:76:05:e4:9b:26:
                    8b:71:0b:06:e1:6b:7a:ba:5f:23:08:74:08:67:b4:
                    39:d4:72:9b:c9:5a:30:ab:90:84:3b:12:49:93:b6:
                    d3:5b:a1:b8:42:04:87:d5:e9:20:c2:ea:0a:1d:e9:
                    a2:1a:c1:59:bc:e6:b7:a2:11:73:9f:11:12:50:2b:
                    b8:1f:20:c6:af:18:7e:c5:d6:2b:1f:5b:24:18:b4:
                    87:30:84:2f:6b:cf:37:c6:06:ef:8e:32:83:40:52:
                    14:fc:85:ce:e1:7a:2a:81:45:33:b8:03:10:8d:27:
                    42:6a:3f:f1:f3:61:79:51:6d:1e:b4:55:e7:07:14:
                    d1:b2:66:1a:35:0e:a9:ad:f1:f4:5c:25:39:d5:ed:
                    4b:52:f6:ef:40:2b:80:4c:8a:bd:cf:80:b0:93:c7:
                    07:d0:93:da:6d:a0:4f:e2:99:77:e0:e5:b6:6c:54:
                    0c:ac:15:00:c3:ce:b4:15:f0:49:a1:4d:3d:9a:73:
                    a1:ef:e2:db:3b:98:89:f7:0f:0d:3d:f4:f0:5e:99:
                    62:6d:f4:f7:44:ca:14:5a:35:8d:27:6c:10:c4:39:
                    9b:26:c0:39:a5:bc:4c:95:fe:f6:47:42:dc:86:75:
                    74:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:B2:07:1C:34:DA:91:16:A8:66:39:C0:E3:CD:91:46:13:C2:9D:47
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS150293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.207.0/24
                  193.187.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:07:b5:83:e3:b3:84:20:41:ff:9e:e4:44:25:54:b9:7e:1d:
         f7:40:a0:54:b8:82:54:db:3a:2d:2f:fc:87:b6:54:b9:fb:8d:
         d1:73:59:26:80:61:80:85:7c:86:4f:a5:cc:a3:02:26:12:d9:
         a0:43:35:b6:6b:2e:14:cc:1c:73:a7:bc:e8:a5:68:18:29:39:
         2b:15:da:85:fc:53:92:4b:e2:72:1e:8d:99:a3:f8:2c:35:51:
         da:0b:7a:ba:17:cc:8e:1c:a1:01:9c:58:33:57:3d:b6:ac:98:
         ee:b6:6a:ea:6a:e7:e8:3c:4e:c9:61:42:1b:00:61:9b:5d:17:
         64:bb:8e:cb:f4:9e:79:35:44:64:b8:a2:d3:b1:5c:72:a9:86:
         c2:f9:19:64:ae:ed:0a:6a:cb:7b:b3:62:e4:3c:56:d9:68:fb:
         56:2f:73:87:8c:19:9a:39:9a:3b:2e:c6:c8:68:ad:db:92:65:
         fe:a4:f3:87:73:ac:2c:f8:0f:9a:d0:99:58:0e:56:06:75:3f:
         e2:92:ca:25:bb:dc:2f:7c:8c:3e:bc:c6:46:b0:a1:9d:ee:8a:
         62:3d:77:c1:00:03:e1:9a:bd:cf:25:e6:b3:a5:69:fd:c0:27:
         a7:6f:eb:a7:10:42:7f:44:1a:bf:15:5d:7c:65:c9:01:a9:02:
         3c:52:47:a5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUMkmddYTV6aaBjTseO43b1swiqbYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAzMjcwODMxNTFaFw0yNzAzMjYwODM2NTFaMDMxMTAvBgNV
BAMTKDFBQjIwNzFDMzREQTkxMTZBODY2MzlDMEUzQ0Q5MTQ2MTNDMjlENDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdZbjDg+l5Iw/QdRR+J9P6gQ1t
PVSpvoB2BeSbJotxCwbha3q6XyMIdAhntDnUcpvJWjCrkIQ7EkmTttNbobhCBIfV
6SDC6god6aIawVm85reiEXOfERJQK7gfIMavGH7F1isfWyQYtIcwhC9rzzfGBu+O
MoNAUhT8hc7heiqBRTO4AxCNJ0JqP/HzYXlRbR60VecHFNGyZho1Dqmt8fRcJTnV
7UtS9u9AK4BMir3PgLCTxwfQk9ptoE/imXfg5bZsVAysFQDDzrQV8EmhTT2ac6Hv
4ts7mIn3Dw099PBemWJt9PdEyhRaNY0nbBDEOZsmwDmlvEyV/vZHQtyGdXR/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUGrIHHDTakRaoZjnA482RRhPCnUcwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTUwMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSDP
AwQAwbtuMA0GCSqGSIb3DQEBCwUAA4IBAQBxB7WD47OEIEH/nuREJVS5fh33QKBU
uIJU2zotL/yHtlS5+43Rc1kmgGGAhXyGT6XMowImEtmgQzW2ay4UzBxzp7zopWgY
KTkrFdqF/FOSS+JyHo2Zo/gsNVHaC3q6F8yOHKEBnFgzVz22rJjutmrqaufoPE7J
YUIbAGGbXRdku47L9J55NURkuKLTsVxyqYbC+Rlkru0Kast7s2LkPFbZaPtWL3OH
jBmaOZo7LsbIaK3bkmX+pPOHc6ws+A+a0JlYDlYGdT/iksolu9wvfIw+vMZGsKGd
7opiPXfBAAPhmr3PJeazpWn9wCenb+unEEJ/RBq/FV18ZckBqQI8Ukel
-----END CERTIFICATE-----