Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa
File:                     AS147176.roa (raw, json)
Hash identifier:          3humcZYRCl6AAxTvcju9j9HQCQ4Hm/I2UCgK4/msXjs=
Subject key identifier:   5E:DE:CF:6A:3E:70:3E:93:AC:42:96:FD:BE:EC:62:75:4F:13:C6:47
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       46BF26138757975875DC200B13787E4F038D9AFB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa
Signing time:             Wed 03 Sep 2025 17:52:46 +0000
ROA not before:           Wed 03 Sep 2025 17:47:46 +0000
ROA not after:            Wed 02 Sep 2026 17:52:46 +0000
asID:                     147176
IP address blocks:        2a13:9500:81::/48 maxlen: 48
                          2a13:9500:d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:bf:26:13:87:57:97:58:75:dc:20:0b:13:78:7e:4f:03:8d:9a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep  3 17:47:46 2025 GMT
            Not After : Sep  2 17:52:46 2026 GMT
        Subject: CN=5EDECF6A3E703E93AC4296FDBEEC62754F13C647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:13:10:22:82:4d:7d:ad:89:1a:b4:3f:5b:4e:
                    85:ef:ff:00:6d:3e:7c:9e:c1:63:7a:fe:05:49:94:
                    a1:b2:aa:21:78:93:59:24:26:9a:39:3c:c8:ba:4f:
                    af:28:e1:7c:42:96:53:19:12:ba:26:55:78:4e:70:
                    53:e6:7f:18:3d:14:a8:9f:59:36:61:e1:88:80:1d:
                    cf:37:77:af:38:a1:b1:ee:dc:fb:62:cf:86:4e:43:
                    fa:25:c6:d5:a0:05:7c:f8:2d:09:0e:a8:5b:fc:48:
                    f6:b0:ea:23:94:12:bd:e4:d2:c6:89:d6:cc:c0:1e:
                    61:71:c2:8c:4d:44:64:6b:64:96:5c:53:33:12:c9:
                    bd:c8:ce:37:bd:3e:c6:9a:ec:d2:9e:3d:bd:d5:af:
                    c8:9a:c9:12:8c:67:15:ab:6f:13:a4:1b:7f:19:fe:
                    09:cd:01:e3:9d:74:e5:7b:10:21:e8:49:68:fb:c7:
                    28:29:d4:a0:d1:bc:1d:4c:5c:e6:13:bd:75:77:aa:
                    08:94:74:b8:fa:6f:05:d3:1b:e4:71:8b:42:7b:bc:
                    1b:6f:0a:4a:6e:79:57:56:67:d9:9d:22:ce:e8:53:
                    0b:f7:fc:c0:48:98:b1:07:33:94:cd:59:61:d0:63:
                    18:27:27:36:f4:73:05:a4:d2:42:c9:c7:db:c7:0d:
                    8c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DE:CF:6A:3E:70:3E:93:AC:42:96:FD:BE:EC:62:75:4F:13:C6:47
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:81::/48
                  2a13:9500:d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:c9:61:4c:4d:c4:0b:92:67:e2:a2:d6:cb:cf:8b:22:c8:3c:
         9d:39:b7:be:ff:c2:53:20:38:a9:b2:65:29:4f:eb:fe:45:01:
         49:f5:27:a2:e8:c6:26:59:02:c7:29:5b:05:50:03:1e:05:e7:
         23:5e:87:56:1d:b4:03:49:79:91:e8:d2:b7:6e:59:1b:1e:25:
         fd:39:41:24:30:d7:4b:be:56:0d:83:ab:a6:7f:24:6f:a3:88:
         55:c3:4a:7d:f1:b2:93:4c:c8:dd:0c:2b:b6:53:06:90:c5:1e:
         38:13:97:24:76:37:1e:5b:7e:28:b6:6a:63:8d:06:e3:2d:8c:
         5b:3c:dd:6a:38:c9:91:46:90:0c:07:c1:2f:75:b1:28:d3:e3:
         30:89:8d:5d:17:53:4b:27:82:f4:82:69:eb:dc:86:6e:82:59:
         63:bc:22:f1:8f:dc:39:d6:ad:e2:1a:33:ec:9e:46:ca:37:10:
         cd:ff:48:4b:19:4a:3f:3d:27:85:06:e6:76:97:47:ce:94:0d:
         b1:e0:94:a3:f3:93:ab:65:20:2b:85:d4:f2:41:96:d2:07:70:
         4d:d0:72:bf:48:d5:d8:af:2d:f2:44:3c:91:8e:8d:04:01:f7:
         21:49:89:ea:58:c4:03:c8:4b:e0:24:a0:b5:c7:24:45:5c:08:
         74:92:e1:04
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIURr8mE4dXl1h13CALE3h+TwONmvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MDMxNzQ3NDZaFw0yNjA5MDIxNzUyNDZaMDMxMTAvBgNV
BAMTKDVFREVDRjZBM0U3MDNFOTNBQzQyOTZGREJFRUM2Mjc1NEYxM0M2NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMExAigk19rYkatD9bToXv/wBt
PnyewWN6/gVJlKGyqiF4k1kkJpo5PMi6T68o4XxCllMZEromVXhOcFPmfxg9FKif
WTZh4YiAHc83d684obHu3Ptiz4ZOQ/olxtWgBXz4LQkOqFv8SPaw6iOUEr3k0saJ
1szAHmFxwoxNRGRrZJZcUzMSyb3Izje9Psaa7NKePb3Vr8iayRKMZxWrbxOkG38Z
/gnNAeOddOV7ECHoSWj7xygp1KDRvB1MXOYTvXV3qgiUdLj6bwXTG+Rxi0J7vBtv
CkpueVdWZ9mdIs7oUwv3/MBImLEHM5TNWWHQYxgnJzb0cwWk0kLJx9vHDYyZAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUXt7Paj5wPpOsQpb9vuxidU8TxkcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQ3MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AACBAwcAKhOVAADUMA0GCSqGSIb3DQEBCwUAA4IBAQBByWFMTcQLkmfiotbLz4si
yDydObe+/8JTIDipsmUpT+v+RQFJ9Sei6MYmWQLHKVsFUAMeBecjXodWHbQDSXmR
6NK3blkbHiX9OUEkMNdLvlYNg6umfyRvo4hVw0p98bKTTMjdDCu2UwaQxR44E5ck
djceW34otmpjjQbjLYxbPN1qOMmRRpAMB8EvdbEo0+MwiY1dF1NLJ4L0gmnr3IZu
glljvCLxj9w51q3iGjPsnkbKNxDN/0hLGUo/PSeFBuZ2l0fOlA2x4JSj85OrZSAr
hdTyQZbSB3BN0HK/SNXYry3yRDyRjo0EAfchSYnqWMQDyEvgJKC1xyRFXAh0kuEE
-----END CERTIFICATE-----