Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154132.roa
File:                     AS154132.roa (raw, json)
Hash identifier:          S/twsDvL0IuXEq2QGnOoReVCdfDVGjG5LB77VKodFSg=
Subject key identifier:   9A:94:22:76:9C:F4:46:B2:98:54:4E:61:C5:CA:C1:14:80:B9:D6:C1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       781FA073C840856F054B9FF28F069C3262ADBDED
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154132.roa
Signing time:             Tue 02 Jun 2026 11:25:31 +0000
ROA not before:           Tue 02 Jun 2026 11:20:31 +0000
ROA not after:            Tue 01 Jun 2027 11:25:31 +0000
asID:                     154132
IP address blocks:        84.75.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:1f:a0:73:c8:40:85:6f:05:4b:9f:f2:8f:06:9c:32:62:ad:bd:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 11:20:31 2026 GMT
            Not After : Jun  1 11:25:31 2027 GMT
        Subject: CN=9A9422769CF446B298544E61C5CAC11480B9D6C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:36:99:28:23:a0:5a:7f:7d:62:8c:8f:33:6d:
                    62:17:00:89:6b:62:14:6d:0c:12:1d:5b:59:3f:ce:
                    8a:b6:91:71:bc:07:a6:15:17:f1:ed:83:72:46:06:
                    3b:a0:7c:df:18:4e:8b:0c:1d:45:5d:ce:e0:c4:2c:
                    87:f8:da:b5:11:c8:13:4b:71:1b:5b:f8:30:17:f7:
                    40:36:10:6b:6b:6e:69:60:ec:a6:fa:12:4d:41:21:
                    ca:aa:ab:38:9e:51:8e:8d:67:7c:e3:8f:97:7e:5d:
                    dc:20:6c:f9:30:5f:a6:a1:0a:1e:f4:5a:41:d4:a7:
                    fa:30:8a:27:18:dc:bc:86:93:5f:7a:00:62:91:ae:
                    b7:49:50:b6:ef:91:28:ca:7d:a7:64:8f:74:35:c6:
                    c8:fe:5e:19:6d:1c:11:f9:3e:06:9c:49:22:82:19:
                    e6:cc:51:6a:bc:a7:a1:05:c0:79:c8:00:3e:40:c8:
                    d0:1e:ad:9b:7f:e6:48:0c:85:ac:4e:e5:dd:4b:af:
                    d3:aa:7c:bb:d1:90:81:b8:ad:85:84:e1:dc:91:1b:
                    58:25:7e:1b:26:9e:66:74:e4:14:3e:7f:37:77:2b:
                    05:f8:f6:6c:bb:0c:80:8e:13:53:2b:f9:35:5a:e0:
                    17:11:29:d1:ac:e7:b3:6d:7a:1e:cd:f7:7f:67:24:
                    48:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:94:22:76:9C:F4:46:B2:98:54:4E:61:C5:CA:C1:14:80:B9:D6:C1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:7d:93:3e:f9:f9:61:75:81:46:dc:0d:d2:0e:39:e8:59:1f:
         af:da:19:c3:78:35:2f:0e:7f:83:3e:e2:70:25:96:da:34:df:
         80:a9:03:14:1c:2b:a0:2c:3b:85:da:aa:35:df:ae:13:86:e9:
         a4:ec:2a:d9:45:e2:a6:8b:c2:43:84:69:1c:c1:5b:45:1b:73:
         a3:0f:15:85:ea:c2:19:98:57:09:09:1b:c0:b0:53:88:49:9b:
         e3:48:16:d3:4e:21:c8:37:5e:60:6e:8c:75:14:1f:9f:d2:4f:
         d1:67:07:8a:85:b8:3a:18:c9:14:17:18:ca:80:eb:0e:27:80:
         49:00:3f:ba:15:1e:a6:67:9f:ce:03:99:3c:7b:85:ec:f8:8f:
         2e:c3:3a:a3:c4:4e:2c:29:c3:ac:57:0e:5e:71:40:6b:ad:8f:
         9f:97:8e:a9:3c:21:e2:1d:0c:51:a7:1c:ae:58:1d:58:3b:b1:
         59:75:7c:89:e7:39:8d:40:c8:58:b9:a7:8c:cd:1e:77:b6:1d:
         35:ae:e4:d3:e6:9d:fd:79:3a:04:38:7b:cf:27:e9:d9:fb:b2:
         b9:8c:0d:39:7f:cc:a8:c8:ec:0f:ae:38:a6:97:8b:e4:8d:5b:
         23:d8:65:ec:0e:b7:17:4d:0d:95:9a:b1:de:6c:cf:db:d0:ae:
         8a:fe:6d:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeB+gc8hAhW8FS5/yjwacMmKtve0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxMTIwMzFaFw0yNzA2MDExMTI1MzFaMDMxMTAvBgNV
BAMTKDlBOTQyMjc2OUNGNDQ2QjI5ODU0NEU2MUM1Q0FDMTE0ODBCOUQ2QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoNpkoI6Baf31ijI8zbWIXAIlr
YhRtDBIdW1k/zoq2kXG8B6YVF/Htg3JGBjugfN8YTosMHUVdzuDELIf42rURyBNL
cRtb+DAX90A2EGtrbmlg7Kb6Ek1BIcqqqzieUY6NZ3zjj5d+XdwgbPkwX6ahCh70
WkHUp/owiicY3LyGk196AGKRrrdJULbvkSjKfadkj3Q1xsj+XhltHBH5PgacSSKC
GebMUWq8p6EFwHnIAD5AyNAerZt/5kgMhaxO5d1Lr9OqfLvRkIG4rYWE4dyRG1gl
fhsmnmZ05BQ+fzd3KwX49my7DICOE1Mr+TVa4BcRKdGs57Nteh7N939nJEgzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmpQidpz0RrKYVE5hxcrBFIC51sEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTU0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVEsZ
MA0GCSqGSIb3DQEBCwUAA4IBAQA2fZM++flhdYFG3A3SDjnoWR+v2hnDeDUvDn+D
PuJwJZbaNN+AqQMUHCugLDuF2qo1364Thumk7CrZReKmi8JDhGkcwVtFG3OjDxWF
6sIZmFcJCRvAsFOISZvjSBbTTiHIN15gbox1FB+f0k/RZweKhbg6GMkUFxjKgOsO
J4BJAD+6FR6mZ5/OA5k8e4Xs+I8uwzqjxE4sKcOsVw5ecUBrrY+fl46pPCHiHQxR
pxyuWB1YO7FZdXyJ5zmNQMhYuaeMzR53th01ruTT5p39eToEOHvPJ+nZ+7K5jA05
f8yoyOwPrjiml4vkjVsj2GXsDrcXTQ2VmrHebM/b0K6K/m2Q
-----END CERTIFICATE-----