Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154383.roa
File:                     AS154383.roa (raw, json)
Hash identifier:          FUxvSY4+mE/IvYl68GC2dt4ZbDII7uDlOLkY/TYDZQM=
Subject key identifier:   04:9B:FC:90:13:68:1E:68:2C:32:EF:1E:CA:C7:EC:0B:57:5B:A5:C0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       616AA093E4BBC6AEB90A8482EB3F9176B0691FA5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154383.roa
Signing time:             Fri 29 May 2026 16:58:28 +0000
ROA not before:           Fri 29 May 2026 16:53:28 +0000
ROA not after:            Fri 28 May 2027 16:58:28 +0000
asID:                     154383
IP address blocks:        178.83.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:6a:a0:93:e4:bb:c6:ae:b9:0a:84:82:eb:3f:91:76:b0:69:1f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 16:53:28 2026 GMT
            Not After : May 28 16:58:28 2027 GMT
        Subject: CN=049BFC9013681E682C32EF1ECAC7EC0B575BA5C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:aa:ef:eb:23:a5:f3:92:f5:3e:fa:d6:08:32:
                    95:97:01:21:1d:32:1b:b6:f1:50:4e:2a:75:e1:c7:
                    77:a4:2b:1e:05:19:94:34:73:b5:5f:99:98:04:b4:
                    7a:c5:6d:ef:6f:c7:72:d8:cd:58:34:5f:49:07:2c:
                    46:72:ee:69:be:37:de:c7:24:eb:ba:6c:10:38:bb:
                    01:c1:d5:1e:c1:96:7e:cf:f7:0d:c4:61:28:41:91:
                    a0:31:3b:16:64:42:ef:54:24:ed:e4:9a:2e:da:98:
                    29:87:5c:f5:07:7a:30:0d:50:29:51:8b:ce:a9:69:
                    42:76:17:59:f3:36:8e:44:ad:1e:f7:38:f0:c4:5c:
                    f6:0d:b8:37:28:94:eb:b6:ee:c2:ef:a4:c9:80:8b:
                    4d:90:ca:cc:47:4a:0b:f2:70:ba:75:fb:b7:86:05:
                    f9:2e:90:88:96:cd:4b:89:e0:07:d7:4d:68:01:dd:
                    7b:22:2f:74:e3:8f:02:e2:d4:6e:0d:d3:37:b2:be:
                    b8:35:02:b8:a4:23:ab:dd:85:4c:13:80:d2:15:17:
                    67:7b:7d:bc:48:b2:42:c7:bb:1f:06:48:84:9c:ca:
                    f5:2d:bc:5f:27:64:31:82:45:9f:b3:6d:a5:50:ef:
                    82:0e:44:b7:46:fb:3b:f9:8d:aa:fe:1c:b5:d3:02:
                    d0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9B:FC:90:13:68:1E:68:2C:32:EF:1E:CA:C7:EC:0B:57:5B:A5:C0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154383.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:79:e1:6b:0f:31:d0:05:16:c9:d3:49:86:a3:59:f9:18:3e:
         41:db:76:87:af:a0:d3:a5:48:a9:79:54:97:27:2e:19:51:3a:
         2d:2e:53:72:48:be:c9:39:cd:a9:e2:5b:d7:5e:76:47:ec:0d:
         ea:3c:c5:dc:d2:8e:5d:e3:8f:38:59:4f:a1:40:52:2e:1e:6b:
         4d:4a:27:cf:b5:a2:a4:9b:e0:74:5b:91:ef:3e:ac:67:8a:73:
         18:83:60:fa:37:0d:8e:4d:82:3c:ac:7c:0d:aa:85:c9:7d:7a:
         44:f6:49:97:ed:9f:a8:0b:81:3a:f6:c9:f3:94:57:06:7a:e9:
         b0:cb:75:5b:4f:7e:8c:4d:c3:3f:b0:92:1f:9f:f3:86:40:d4:
         7e:2c:4a:9e:3a:6f:38:55:72:75:fb:fc:1a:42:c8:18:59:4e:
         ee:0d:a5:2e:04:59:c9:f5:05:15:96:3e:e7:eb:c1:7f:8e:ae:
         1f:5e:56:0b:13:05:71:39:40:87:12:f1:08:bb:68:e3:2c:a4:
         00:b7:a6:57:68:d1:9f:cb:63:b6:18:c6:bd:f2:f1:35:7c:cd:
         8f:72:a8:7e:da:ec:61:73:0d:b9:ef:9f:b2:10:2f:93:c2:63:
         bc:16:1c:3e:d3:13:e5:a0:55:cc:e3:3d:85:c9:2f:9d:4d:29:
         9a:6d:14:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYWqgk+S7xq65CoSC6z+RdrBpH6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjkxNjUzMjhaFw0yNzA1MjgxNjU4MjhaMDMxMTAvBgNV
BAMTKDA0OUJGQzkwMTM2ODFFNjgyQzMyRUYxRUNBQzdFQzBCNTc1QkE1QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaqu/rI6XzkvU++tYIMpWXASEd
Mhu28VBOKnXhx3ekKx4FGZQ0c7VfmZgEtHrFbe9vx3LYzVg0X0kHLEZy7mm+N97H
JOu6bBA4uwHB1R7Bln7P9w3EYShBkaAxOxZkQu9UJO3kmi7amCmHXPUHejANUClR
i86paUJ2F1nzNo5ErR73OPDEXPYNuDcolOu27sLvpMmAi02QysxHSgvycLp1+7eG
BfkukIiWzUuJ4AfXTWgB3XsiL3TjjwLi1G4N0zeyvrg1ArikI6vdhUwTgNIVF2d7
fbxIskLHux8GSIScyvUtvF8nZDGCRZ+zbaVQ74IORLdG+zv5jar+HLXTAtBDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBJv8kBNoHmgsMu8eysfsC1dbpcAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTU0MzgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslMv
MA0GCSqGSIb3DQEBCwUAA4IBAQB4eeFrDzHQBRbJ00mGo1n5GD5B23aHr6DTpUip
eVSXJy4ZUTotLlNySL7JOc2p4lvXXnZH7A3qPMXc0o5d4484WU+hQFIuHmtNSifP
taKkm+B0W5HvPqxninMYg2D6Nw2OTYI8rHwNqoXJfXpE9kmX7Z+oC4E69snzlFcG
eumwy3VbT36MTcM/sJIfn/OGQNR+LEqeOm84VXJ1+/waQsgYWU7uDaUuBFnJ9QUV
lj7n68F/jq4fXlYLEwVxOUCHEvEIu2jjLKQAt6ZXaNGfy2O2GMa98vE1fM2Pcqh+
2uxhcw2575+yEC+TwmO8Fhw+0xPloFXM4z2FyS+dTSmabRRN
-----END CERTIFICATE-----