Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          cPxPK5bpAISksWKPWU2AHFdWDzaYn1DYh6xxgHSh/Fs=
Subject key identifier:   AA:3D:60:84:1B:90:9C:6E:F5:56:D2:1D:E1:52:2D:F0:B0:8E:61:85
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       17A425BD36614D648E3991739FB955546449688B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151338.roa
Signing time:             Wed 27 May 2026 05:32:40 +0000
ROA not before:           Wed 27 May 2026 05:27:40 +0000
ROA not after:            Wed 26 May 2027 05:32:40 +0000
asID:                     151338
IP address blocks:        2a13:9500:180::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:a4:25:bd:36:61:4d:64:8e:39:91:73:9f:b9:55:54:64:49:68:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 27 05:27:40 2026 GMT
            Not After : May 26 05:32:40 2027 GMT
        Subject: CN=AA3D60841B909C6EF556D21DE1522DF0B08E6185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:78:8b:bd:1e:32:a1:cc:9a:d0:b2:fd:d4:
                    b2:67:01:71:69:ca:ef:eb:ba:48:0e:ca:9a:1b:f5:
                    16:10:27:be:c6:7e:77:06:6a:ee:d9:96:0f:57:92:
                    55:50:2a:fb:ca:4e:14:7f:8f:9b:7b:d6:25:8b:eb:
                    b2:94:b8:37:e4:99:2c:b9:56:7e:0b:1e:31:29:b6:
                    a9:a0:2b:8d:6c:fa:f1:35:86:1c:0e:82:0b:8d:6a:
                    08:94:57:33:35:70:7b:ce:ca:b8:f4:13:4f:0d:48:
                    2b:a4:97:0a:ab:3c:b1:a0:dd:b6:2c:c3:39:c6:82:
                    b7:8c:10:d3:da:74:39:50:16:f3:19:8f:a0:4c:f2:
                    72:14:d6:21:99:b4:d4:f7:73:ff:0b:a7:8a:ec:d9:
                    18:f2:f0:66:06:b7:1a:3a:8e:65:94:9e:75:94:8c:
                    14:89:5e:d0:87:ae:79:fc:89:1f:2f:47:f4:ca:f2:
                    53:bb:5c:02:d1:13:be:cf:66:a2:f0:07:45:b8:4c:
                    a8:c5:42:96:f6:98:90:5f:9f:84:91:cd:35:05:39:
                    26:de:35:99:75:8e:31:40:45:fa:ad:36:eb:3a:5a:
                    f8:c2:ca:3c:4f:bb:a1:ac:92:78:88:46:e8:c7:71:
                    76:11:6b:30:11:8d:53:0b:24:41:2a:e9:1b:68:90:
                    d7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3D:60:84:1B:90:9C:6E:F5:56:D2:1D:E1:52:2D:F0:B0:8E:61:85
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:180::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:d4:83:41:4d:06:db:90:41:4f:d9:9d:5c:e5:d8:fd:66:0e:
         bf:57:80:3b:ab:7a:0c:b4:7d:79:df:67:4f:d4:11:08:1e:7f:
         e5:13:1a:b0:8b:35:03:bc:b2:51:74:5a:2c:d7:7e:cb:a0:fd:
         47:7f:8a:b2:de:c3:54:a9:28:f0:b7:2a:bf:6e:8c:b7:e4:05:
         5b:9c:09:cc:fb:0a:f8:8b:69:86:81:d4:eb:c7:48:c9:6f:1d:
         79:07:86:1f:51:cf:d0:e0:cd:0f:5f:66:ec:20:7e:e2:1f:16:
         ee:cc:11:20:6f:68:ae:65:ed:b4:a3:84:6d:3b:4b:86:17:c1:
         dd:f4:47:88:32:1d:bc:d3:0c:fe:ea:9a:7c:d5:a6:e9:0f:e8:
         ba:f9:e9:85:59:bb:b7:d8:0a:45:14:eb:e3:e4:ec:64:60:4d:
         71:c5:f5:e3:2e:ff:b9:22:e3:ef:8e:cf:08:e8:66:59:d7:30:
         b6:aa:ab:90:fb:57:ae:4a:5d:70:1e:d4:1f:74:18:b4:9d:e2:
         0f:49:e1:4e:f3:b8:93:df:46:db:b3:2c:66:6a:ef:49:9f:37:
         c2:64:7d:aa:58:da:73:cd:5a:d0:d7:70:56:a0:62:5f:2e:de:
         46:bb:68:b7:40:55:c8:90:3c:68:66:f5:a9:e4:47:32:ed:43:
         e8:f5:88:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUF6QlvTZhTWSOOZFzn7lVVGRJaIswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjcwNTI3NDBaFw0yNzA1MjYwNTMyNDBaMDMxMTAvBgNV
BAMTKEFBM0Q2MDg0MUI5MDlDNkVGNTU2RDIxREUxNTIyREYwQjA4RTYxODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2bniLvR4yocya0LL91LJnAXFp
yu/rukgOypob9RYQJ77GfncGau7Zlg9XklVQKvvKThR/j5t71iWL67KUuDfkmSy5
Vn4LHjEptqmgK41s+vE1hhwOgguNagiUVzM1cHvOyrj0E08NSCuklwqrPLGg3bYs
wznGgreMENPadDlQFvMZj6BM8nIU1iGZtNT3c/8Lp4rs2Rjy8GYGtxo6jmWUnnWU
jBSJXtCHrnn8iR8vR/TK8lO7XALRE77PZqLwB0W4TKjFQpb2mJBfn4SRzTUFOSbe
NZl1jjFARfqtNus6WvjCyjxPu6GskniIRujHcXYRazARjVMLJEEq6RtokNedAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUqj1ghBuQnG71VtId4VIt8LCOYYUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAGAMA0GCSqGSIb3DQEBCwUAA4IBAQBd1INBTQbbkEFP2Z1c5dj9Zg6/V4A7q3oM
tH1532dP1BEIHn/lExqwizUDvLJRdFos137LoP1Hf4qy3sNUqSjwtyq/boy35AVb
nAnM+wr4i2mGgdTrx0jJbx15B4YfUc/Q4M0PX2bsIH7iHxbuzBEgb2iuZe20o4Rt
O0uGF8Hd9EeIMh280wz+6pp81abpD+i6+emFWbu32ApFFOvj5OxkYE1xxfXjLv+5
IuPvjs8I6GZZ1zC2qquQ+1euSl1wHtQfdBi0neIPSeFO87iT30bbsyxmau9JnzfC
ZH2qWNpzzVrQ13BWoGJfLt5Gu2i3QFXIkDxoZvWp5Ecy7UPo9YhF
-----END CERTIFICATE-----