Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152089.roa
File:                     AS152089.roa (raw, json)
Hash identifier:          tdWyElwFO805m02odbq7wxK1ydYYFd4CdulOtO3L74E=
Subject key identifier:   44:0D:A7:06:0B:DF:8C:A5:A8:6D:17:07:72:67:B6:A7:95:56:29:0A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3B78957ABBE0D095F28F530FDF4A2B59B86D79C6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152089.roa
Signing time:             Mon 20 Apr 2026 18:56:42 +0000
ROA not before:           Mon 20 Apr 2026 18:51:42 +0000
ROA not after:            Mon 19 Apr 2027 18:56:42 +0000
asID:                     152089
IP address blocks:        2a13:9500:168::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 19:47:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:78:95:7a:bb:e0:d0:95:f2:8f:53:0f:df:4a:2b:59:b8:6d:79:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 20 18:51:42 2026 GMT
            Not After : Apr 19 18:56:42 2027 GMT
        Subject: CN=440DA7060BDF8CA5A86D17077267B6A79556290A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d8:ec:b6:02:8d:eb:6f:4a:98:4c:39:5e:39:
                    86:5f:2c:e1:0b:82:f0:35:21:a1:f5:de:c5:1d:92:
                    7f:18:78:25:46:53:26:23:5f:d6:c7:53:d6:1d:9f:
                    b9:61:dc:5f:bd:b1:7e:11:54:98:72:8d:ee:77:e0:
                    1a:45:43:0c:ff:5c:f4:7d:a9:6b:75:6d:14:43:40:
                    d2:df:83:30:17:90:6c:74:41:28:78:23:4d:90:59:
                    c4:fd:ee:02:8b:55:3e:4b:34:a2:a4:14:b7:03:06:
                    3a:78:c1:3c:34:e9:ca:86:87:c1:b0:aa:2a:3b:1e:
                    b2:b1:8c:36:c2:18:f7:1e:bf:ac:48:d5:11:9e:5d:
                    08:a0:73:02:54:85:54:ca:47:61:52:d1:b3:5b:d9:
                    3e:7e:10:b7:e0:ae:7c:8d:08:60:90:d3:9a:61:9c:
                    b4:39:bd:a4:94:21:62:14:d0:0e:bf:b2:65:49:5d:
                    bb:1d:a2:fc:37:1e:7d:9c:69:fb:91:bf:ed:2f:9e:
                    09:20:7b:ab:41:fe:05:3c:f1:f3:37:41:fe:a4:3e:
                    1a:d8:c6:71:56:1c:b0:49:a2:d8:a2:ab:2b:1a:be:
                    d7:f4:09:77:03:87:86:a3:6d:33:72:f9:d8:6d:15:
                    db:ac:8e:0b:c1:f1:93:d0:3e:9b:8b:3d:e2:6f:a3:
                    9c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0D:A7:06:0B:DF:8C:A5:A8:6D:17:07:72:67:B6:A7:95:56:29:0A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152089.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:168::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:25:1a:2d:13:a2:95:02:c9:95:18:c5:90:2c:40:63:5c:03:
         8e:32:0c:7e:f8:39:a0:45:be:c2:5a:5d:f8:a3:f4:13:d0:12:
         83:6f:fa:c6:7b:7f:8d:c5:5d:35:a3:74:e5:07:be:24:8f:5a:
         a5:1b:ed:d7:8d:20:68:28:13:e7:f1:0c:d6:65:b1:85:37:39:
         36:30:07:e9:09:73:c0:e8:e3:c3:9e:7c:ce:69:4b:d2:61:3b:
         7b:0e:e2:b2:f6:c3:13:4f:c3:87:a7:07:bd:ff:f4:f4:00:ca:
         88:99:03:ed:82:04:37:9b:18:6e:60:91:92:a7:25:f1:44:6c:
         50:3d:da:18:94:14:58:ef:13:80:63:d9:4c:51:c7:c5:01:7b:
         8e:8a:5c:33:49:df:5b:f9:03:9d:51:2f:72:8b:d3:24:f3:6c:
         f8:51:26:99:8f:bf:5c:06:73:8c:0a:91:5c:49:7b:99:5b:3f:
         9c:db:ed:59:2d:ef:d5:f3:6c:0d:35:a4:18:f9:6e:63:7e:7d:
         7d:95:9b:29:5f:46:d0:fc:a8:ea:fb:10:e1:89:d9:5d:e9:9b:
         26:73:9b:d7:7a:89:64:20:0e:63:74:11:57:1d:81:74:3b:71:
         3f:99:c8:bf:4e:55:96:cd:61:b7:2b:70:44:5c:7a:8a:42:c6:
         db:07:22:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUO3iVervg0JXyj1MP30orWbhtecYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjAxODUxNDJaFw0yNzA0MTkxODU2NDJaMDMxMTAvBgNV
BAMTKDQ0MERBNzA2MEJERjhDQTVBODZEMTcwNzcyNjdCNkE3OTU1NjI5MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt2Oy2Ao3rb0qYTDleOYZfLOEL
gvA1IaH13sUdkn8YeCVGUyYjX9bHU9Ydn7lh3F+9sX4RVJhyje534BpFQwz/XPR9
qWt1bRRDQNLfgzAXkGx0QSh4I02QWcT97gKLVT5LNKKkFLcDBjp4wTw06cqGh8Gw
qio7HrKxjDbCGPcev6xI1RGeXQigcwJUhVTKR2FS0bNb2T5+ELfgrnyNCGCQ05ph
nLQ5vaSUIWIU0A6/smVJXbsdovw3Hn2cafuRv+0vngkge6tB/gU88fM3Qf6kPhrY
xnFWHLBJotiiqysavtf0CXcDh4ajbTNy+dhtFdusjgvB8ZPQPpuLPeJvo5yNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURA2nBgvfjKWobRcHcme2p5VWKQowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyMDg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFoMA0GCSqGSIb3DQEBCwUAA4IBAQBiJRotE6KVAsmVGMWQLEBjXAOOMgx++Dmg
Rb7CWl34o/QT0BKDb/rGe3+NxV01o3TlB74kj1qlG+3XjSBoKBPn8QzWZbGFNzk2
MAfpCXPA6OPDnnzOaUvSYTt7DuKy9sMTT8OHpwe9//T0AMqImQPtggQ3mxhuYJGS
pyXxRGxQPdoYlBRY7xOAY9lMUcfFAXuOilwzSd9b+QOdUS9yi9Mk82z4USaZj79c
BnOMCpFcSXuZWz+c2+1ZLe/V82wNNaQY+W5jfn19lZspX0bQ/Kjq+xDhidld6Zsm
c5vXeolkIA5jdBFXHYF0O3E/mci/TlWWzWG3K3BEXHqKQsbbByKy
-----END CERTIFICATE-----