Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151336.roa
File:                     AS151336.roa (raw, json)
Hash identifier:          RT3rCgwgKdTaGMK4kg7GdBq4CRCWwPunrFFjlnQy5Qc=
Subject key identifier:   40:DC:E9:E0:80:A3:69:B6:BD:87:F1:A3:02:F0:6F:8E:6B:FD:F9:00
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       030F5607FBB7A35875CA38B44115757531B82315
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151336.roa
Signing time:             Wed 10 Sep 2025 02:32:31 +0000
ROA not before:           Wed 10 Sep 2025 02:27:31 +0000
ROA not after:            Wed 09 Sep 2026 02:32:31 +0000
asID:                     151336
IP address blocks:        82.29.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:0f:56:07:fb:b7:a3:58:75:ca:38:b4:41:15:75:75:31:b8:23:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 10 02:27:31 2025 GMT
            Not After : Sep  9 02:32:31 2026 GMT
        Subject: CN=40DCE9E080A369B6BD87F1A302F06F8E6BFDF900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c9:1a:9c:00:7c:b6:16:c3:22:87:ce:20:46:
                    93:07:3f:b3:8b:ff:5b:11:df:0e:59:42:e4:33:80:
                    de:75:78:ac:ff:97:92:53:ba:66:ea:1c:6a:a8:ef:
                    c9:b9:ea:4a:57:8c:5a:52:65:df:be:dd:cb:1c:75:
                    9e:4f:0b:e5:51:0b:10:4d:70:07:3f:60:60:e2:22:
                    f6:a3:5e:74:70:cc:f5:56:4d:5b:ca:1b:25:77:f8:
                    32:84:93:42:d5:83:83:3e:61:d8:4e:6d:a9:64:fe:
                    4f:95:4a:7f:a5:e6:29:70:30:fd:b3:f8:f6:54:93:
                    51:4d:67:85:af:43:e6:e0:d1:4f:b5:06:ac:28:5e:
                    2d:c1:16:aa:5b:3e:8e:84:62:7b:3f:2a:61:82:d6:
                    39:d9:5a:6f:5b:e3:e7:28:f4:34:46:92:e2:5b:3b:
                    84:21:33:57:d2:84:20:fb:07:ab:b0:9d:13:2a:5d:
                    59:23:3a:ff:f7:ab:32:62:56:ee:41:bd:af:af:f5:
                    3e:5d:9d:c0:cc:bd:7a:08:a4:a2:6b:67:cb:9b:68:
                    d2:f8:d4:76:e1:d7:46:07:4a:5d:54:4e:c7:9a:d2:
                    64:52:1a:fa:4f:dd:a1:32:f4:2d:1e:32:dd:90:d3:
                    e2:5b:13:ed:9e:dc:8c:64:31:99:b3:26:05:cf:43:
                    7e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DC:E9:E0:80:A3:69:B6:BD:87:F1:A3:02:F0:6F:8E:6B:FD:F9:00
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:9b:6c:4e:fd:88:60:d9:f3:9b:35:5c:cb:ac:fd:95:14:d8:
         3a:3c:e3:4d:b4:91:06:65:5c:55:33:6d:fa:e5:90:3e:41:33:
         89:be:13:e1:13:10:33:81:8d:08:d6:9f:03:da:67:98:bf:aa:
         0c:48:8f:98:43:cf:5c:d8:5d:60:dc:dd:9d:2e:b9:19:61:8f:
         b9:49:a9:60:4e:84:23:49:1c:d4:93:e0:2d:ee:0f:fc:2c:fc:
         e8:20:98:0d:90:89:73:da:c1:e0:eb:e7:71:41:13:74:a7:57:
         d3:82:3e:78:a7:ba:09:6a:12:b1:fe:30:2d:ec:2e:db:39:a4:
         84:0e:ed:a7:7e:c4:6b:2e:78:03:ff:41:b8:29:19:06:22:95:
         30:11:7f:4a:70:65:b3:b0:6c:48:da:aa:9e:62:30:58:81:dd:
         6c:57:6b:04:41:19:4e:69:ca:5f:43:b1:29:2f:fa:b1:3c:2e:
         d7:b8:de:34:f6:f6:bd:4f:9b:68:f1:ec:b2:84:28:dd:07:aa:
         c4:6b:0a:0d:a9:8c:96:54:85:1e:63:b9:15:04:8a:28:0e:44:
         56:fd:02:bc:a4:6c:56:f6:9c:4e:6b:0f:45:27:b3:bf:22:12:
         4a:cd:72:3d:e9:c1:72:c9:27:37:27:1e:1b:ff:df:f6:57:68:
         0d:54:03:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAw9WB/u3o1h1yji0QRV1dTG4IxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTAwMjI3MzFaFw0yNjA5MDkwMjMyMzFaMDMxMTAvBgNV
BAMTKDQwRENFOUUwODBBMzY5QjZCRDg3RjFBMzAyRjA2RjhFNkJGREY5MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyRqcAHy2FsMih84gRpMHP7OL
/1sR3w5ZQuQzgN51eKz/l5JTumbqHGqo78m56kpXjFpSZd++3cscdZ5PC+VRCxBN
cAc/YGDiIvajXnRwzPVWTVvKGyV3+DKEk0LVg4M+YdhObalk/k+VSn+l5ilwMP2z
+PZUk1FNZ4WvQ+bg0U+1BqwoXi3BFqpbPo6EYns/KmGC1jnZWm9b4+co9DRGkuJb
O4QhM1fShCD7B6uwnRMqXVkjOv/3qzJiVu5Bva+v9T5dncDMvXoIpKJrZ8ubaNL4
1Hbh10YHSl1UTsea0mRSGvpP3aEy9C0eMt2Q0+JbE+2e3IxkMZmzJgXPQ37/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQNzp4ICjaba9h/GjAvBvjmv9+QAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxMzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh1r
MA0GCSqGSIb3DQEBCwUAA4IBAQBxm2xO/Yhg2fObNVzLrP2VFNg6PONNtJEGZVxV
M2365ZA+QTOJvhPhExAzgY0I1p8D2meYv6oMSI+YQ89c2F1g3N2dLrkZYY+5Salg
ToQjSRzUk+At7g/8LPzoIJgNkIlz2sHg6+dxQRN0p1fTgj54p7oJahKx/jAt7C7b
OaSEDu2nfsRrLngD/0G4KRkGIpUwEX9KcGWzsGxI2qqeYjBYgd1sV2sEQRlOacpf
Q7EpL/qxPC7XuN409va9T5to8eyyhCjdB6rEawoNqYyWVIUeY7kVBIooDkRW/QK8
pGxW9pxOaw9FJ7O/IhJKzXI96cFyySc3Jx4b/9/2V2gNVAOI
-----END CERTIFICATE-----