Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          rps8SBwvMRn/dqLD0aT21d2T0c6EdIj2av7/8QMe7fs=
Subject key identifier:   0D:05:73:FF:4E:CF:E9:3B:5C:13:0C:29:7D:12:C3:34:EB:2C:10:93
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2BE148D8E6F07CC8E813BD422AEBB7D9BB5AB133
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
Signing time:             Mon 01 Jun 2026 06:47:19 +0000
ROA not before:           Mon 01 Jun 2026 06:42:19 +0000
ROA not after:            Mon 31 May 2027 06:47:19 +0000
asID:                     152672
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:29:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:e1:48:d8:e6:f0:7c:c8:e8:13:bd:42:2a:eb:b7:d9:bb:5a:b1:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  1 06:42:19 2026 GMT
            Not After : May 31 06:47:19 2027 GMT
        Subject: CN=0D0573FF4ECFE93B5C130C297D12C334EB2C1093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:52:bd:dd:1e:76:66:f5:56:45:45:b8:6a:30:
                    fe:76:b6:3b:92:a0:23:0c:9a:0c:9b:d9:e7:5c:ca:
                    27:a9:74:7b:19:d8:f8:d4:ab:be:2e:1e:95:01:99:
                    75:39:8e:1c:bd:3b:1c:5e:13:e3:3d:f2:95:3c:8b:
                    cc:55:89:05:c9:2f:61:6c:d9:86:e5:a9:8e:af:9d:
                    27:d0:bc:de:b7:4f:a1:c4:41:b0:a9:90:3d:21:bc:
                    46:59:29:2a:6d:a4:bd:0e:23:6e:31:60:b1:b5:43:
                    f7:b1:15:07:76:42:4e:c4:c2:4f:65:32:c9:e8:2a:
                    35:5c:a2:1d:95:05:41:dc:d0:5e:28:40:b0:20:4d:
                    e4:26:a4:45:c2:9c:03:e3:db:da:a8:b0:40:67:9d:
                    1c:8c:77:c9:a0:9c:94:46:43:3d:7f:a0:bc:60:c5:
                    dd:06:e1:76:3b:22:b2:70:9e:6c:d7:27:86:1b:a3:
                    23:43:48:e8:41:36:51:0c:b0:ff:01:cc:94:b1:28:
                    2e:30:f4:ae:ff:79:a8:45:0b:0a:38:93:66:10:77:
                    45:03:bf:2f:e1:51:d1:4e:8f:db:d9:e4:9d:59:04:
                    af:f1:45:0c:bd:0c:fb:d1:b5:7e:a0:60:3d:12:02:
                    c9:f7:f1:30:7a:81:f5:83:57:6e:d1:23:63:10:c1:
                    ba:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:05:73:FF:4E:CF:E9:3B:5C:13:0C:29:7D:12:C3:34:EB:2C:10:93
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:df:b8:8f:b0:d8:2a:11:2e:bd:8d:fb:85:58:d6:38:6f:f9:
         df:b3:39:07:12:68:45:29:98:e9:6d:b1:6e:6e:de:5d:18:25:
         f3:6a:28:6f:16:5e:c1:65:c1:8e:a3:cd:66:2f:39:78:64:b8:
         0f:78:33:11:84:7e:5a:46:5a:43:35:01:17:ac:f0:43:35:c0:
         6e:12:5f:b2:21:f6:7f:28:3f:f3:24:66:df:27:a5:a5:46:c5:
         a5:82:7d:f9:3d:bf:d0:c2:97:1b:3c:05:b2:b1:00:2b:fd:9c:
         fc:1c:95:4e:b3:83:99:3b:e6:16:fa:d1:2c:57:07:b8:3f:23:
         3e:52:45:ea:43:a2:3a:06:05:7e:38:45:04:29:79:b4:bb:bc:
         d6:33:44:24:8d:7a:75:9b:8e:7d:57:b9:38:51:4f:20:c3:78:
         f1:03:5e:83:31:e3:3e:4f:7b:44:b3:01:51:cf:aa:79:0f:ac:
         89:8a:7f:81:d4:2c:0c:49:a0:f5:7b:2f:54:be:d4:0b:ca:82:
         a0:05:a5:d8:ef:bb:05:5f:c6:87:b5:84:80:95:5a:bf:be:cd:
         72:69:87:a5:00:98:0b:9b:21:51:1c:15:68:d4:13:48:54:41:
         5a:f2:e8:e0:b7:9a:46:6d:3d:97:41:62:63:f4:6c:21:9e:6e:
         26:9d:a5:72
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUK+FI2ObwfMjoE71CKuu32btasTMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MDEwNjQyMTlaFw0yNzA1MzEwNjQ3MTlaMDMxMTAvBgNV
BAMTKDBEMDU3M0ZGNEVDRkU5M0I1QzEzMEMyOTdEMTJDMzM0RUIyQzEwOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTUr3dHnZm9VZFRbhqMP52tjuS
oCMMmgyb2edcyiepdHsZ2PjUq74uHpUBmXU5jhy9OxxeE+M98pU8i8xViQXJL2Fs
2YblqY6vnSfQvN63T6HEQbCpkD0hvEZZKSptpL0OI24xYLG1Q/exFQd2Qk7Ewk9l
MsnoKjVcoh2VBUHc0F4oQLAgTeQmpEXCnAPj29qosEBnnRyMd8mgnJRGQz1/oLxg
xd0G4XY7IrJwnmzXJ4YboyNDSOhBNlEMsP8BzJSxKC4w9K7/eahFCwo4k2YQd0UD
vy/hUdFOj9vZ5J1ZBK/xRQy9DPvRtX6gYD0SAsn38TB6gfWDV27RI2MQwbqjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUDQVz/07P6TtcEwwpfRLDNOssEJMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQCV37iPsNgqES69jfuFWNY4b/nfszkH
EmhFKZjpbbFubt5dGCXzaihvFl7BZcGOo81mLzl4ZLgPeDMRhH5aRlpDNQEXrPBD
NcBuEl+yIfZ/KD/zJGbfJ6WlRsWlgn35Pb/QwpcbPAWysQAr/Zz8HJVOs4OZO+YW
+tEsVwe4PyM+UkXqQ6I6BgV+OEUEKXm0u7zWM0QkjXp1m459V7k4UU8gw3jxA16D
MeM+T3tEswFRz6p5D6yJin+B1CwMSaD1ey9UvtQLyoKgBaXY77sFX8aHtYSAlVq/
vs1yaYelAJgLmyFRHBVo1BNIVEFa8ujgt5pGbT2XQWJj9Gwhnm4mnaVy
-----END CERTIFICATE-----