Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154123.roa
File:                     AS154123.roa (raw, json)
Hash identifier:          LVtpsFJU1S3tbUhtr6BfZpqZmE7YBzXk6cSZdgE1hQQ=
Subject key identifier:   C6:68:CA:B3:8C:5E:F6:BA:58:60:A7:BC:6A:94:A1:53:29:86:88:2A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2247F7995160007AEEDD11472597B2F4E246A536
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154123.roa
Signing time:             Tue 21 Apr 2026 17:43:26 +0000
ROA not before:           Tue 21 Apr 2026 17:38:26 +0000
ROA not after:            Tue 20 Apr 2027 17:43:26 +0000
asID:                     154123
IP address blocks:        45.157.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 21:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:47:f7:99:51:60:00:7a:ee:dd:11:47:25:97:b2:f4:e2:46:a5:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 21 17:38:26 2026 GMT
            Not After : Apr 20 17:43:26 2027 GMT
        Subject: CN=C668CAB38C5EF6BA5860A7BC6A94A1532986882A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d0:76:b4:0f:18:aa:a4:0b:c7:43:21:15:a6:
                    86:e3:29:fe:01:4b:de:c9:54:88:f0:37:d0:a8:47:
                    cf:12:f7:80:c8:30:a3:c7:b2:eb:b0:41:df:bd:96:
                    3b:b3:3e:b8:41:93:91:2e:6a:8e:95:81:ba:7a:07:
                    ed:64:36:6d:1c:d4:de:74:10:9a:e6:e0:80:79:7a:
                    67:aa:0e:49:1a:1e:f4:6c:29:e3:60:41:59:93:ce:
                    b9:cc:41:6f:ca:6f:47:73:3f:4e:7c:9a:c8:c2:07:
                    41:5b:ad:02:04:c5:1f:fb:bc:23:67:d5:38:48:04:
                    dd:65:5c:01:c4:5e:ae:9b:67:71:5c:fb:6e:c8:b8:
                    82:c1:54:9c:d1:f5:65:a6:9c:ef:c8:33:44:0e:bb:
                    ea:28:85:39:f9:5d:ab:a9:ff:99:ab:af:d6:73:fe:
                    b6:b2:5d:b4:11:a0:90:cc:f5:0f:63:16:40:cc:6b:
                    c7:82:6c:aa:50:94:5c:06:1c:e0:a3:ad:3c:c9:1f:
                    01:8a:47:1b:76:89:a0:e8:80:41:ea:6f:07:0f:c6:
                    17:a6:17:9d:83:f1:93:d8:e4:53:4e:ab:97:b1:59:
                    68:27:8f:3d:fa:33:52:71:7e:41:76:32:20:be:7b:
                    c8:33:35:2a:29:ff:88:95:6e:5a:74:61:22:43:23:
                    2e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:68:CA:B3:8C:5E:F6:BA:58:60:A7:BC:6A:94:A1:53:29:86:88:2A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154123.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:84:6b:df:33:cb:9c:4a:06:a2:cd:e3:b8:d1:7d:27:e6:71:
         0b:eb:f7:53:0c:19:08:2a:9f:70:c3:e6:57:9a:52:d1:c8:dc:
         44:9e:d8:9c:d2:56:b9:4b:6a:ee:40:a8:20:15:f2:86:5e:8e:
         63:1b:21:1a:bc:9f:de:a8:38:4f:a7:68:b9:0d:d5:89:dc:82:
         ac:ca:25:07:3b:66:c8:fb:05:0c:6c:50:8d:c7:0a:b1:e0:7a:
         83:60:be:ab:07:ad:72:37:84:a1:51:f9:bf:2d:a1:cd:64:d4:
         46:1d:5e:68:5b:cc:d7:e4:06:7d:d7:76:25:6e:30:4c:33:58:
         39:e4:58:44:57:42:29:b2:92:6e:63:5d:16:c6:97:47:fe:a0:
         97:39:2e:7b:a1:2e:1f:8b:94:b9:ef:6a:f4:3a:6f:af:41:e2:
         c1:76:c3:72:b5:36:e3:2c:f5:a1:54:d1:9b:e5:96:02:27:a7:
         bc:ef:bb:d7:3c:36:b8:09:dc:d1:d5:b5:3d:c3:30:f5:0a:4e:
         40:44:e9:b3:04:75:ff:25:64:4e:fd:90:88:73:73:f7:11:57:
         06:f6:6f:d4:66:fc:54:77:cd:85:98:ca:69:7f:1d:60:c4:e7:
         32:49:90:8e:1b:14:c8:e4:94:e4:7e:e4:fe:f0:64:21:8c:bc:
         fc:07:f7:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIkf3mVFgAHru3RFHJZey9OJGpTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MjExNzM4MjZaFw0yNzA0MjAxNzQzMjZaMDMxMTAvBgNV
BAMTKEM2NjhDQUIzOEM1RUY2QkE1ODYwQTdCQzZBOTRBMTUzMjk4Njg4MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS0Ha0DxiqpAvHQyEVpobjKf4B
S97JVIjwN9CoR88S94DIMKPHsuuwQd+9ljuzPrhBk5Euao6Vgbp6B+1kNm0c1N50
EJrm4IB5emeqDkkaHvRsKeNgQVmTzrnMQW/Kb0dzP058msjCB0FbrQIExR/7vCNn
1ThIBN1lXAHEXq6bZ3Fc+27IuILBVJzR9WWmnO/IM0QOu+oohTn5Xaup/5mrr9Zz
/rayXbQRoJDM9Q9jFkDMa8eCbKpQlFwGHOCjrTzJHwGKRxt2iaDogEHqbwcPxhem
F52D8ZPY5FNOq5exWWgnjz36M1JxfkF2MiC+e8gzNSop/4iVblp0YSJDIy6/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxmjKs4xe9rpYYKe8apShUymGiCowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTU0MTIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0S
MA0GCSqGSIb3DQEBCwUAA4IBAQCmhGvfM8ucSgaizeO40X0n5nEL6/dTDBkIKp9w
w+ZXmlLRyNxEntic0la5S2ruQKggFfKGXo5jGyEavJ/eqDhPp2i5DdWJ3IKsyiUH
O2bI+wUMbFCNxwqx4HqDYL6rB61yN4ShUfm/LaHNZNRGHV5oW8zX5AZ913YlbjBM
M1g55FhEV0IpspJuY10WxpdH/qCXOS57oS4fi5S572r0Om+vQeLBdsNytTbjLPWh
VNGb5ZYCJ6e877vXPDa4CdzR1bU9wzD1Ck5AROmzBHX/JWRO/ZCIc3P3EVcG9m/U
ZvxUd82FmMppfx1gxOcySZCOGxTI5JTkfuT+8GQhjLz8B/f2
-----END CERTIFICATE-----