Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS152911.roa
File:                     AS152911.roa (raw, json)
Hash identifier:          zgyJUoZppqi3w1cJ4V8uU337ZV/Dc90T4M368aKO5MQ=
Subject key identifier:   66:8D:3D:7C:E1:63:0D:17:97:99:57:3C:66:D2:56:D4:56:22:39:D8
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1BC44836C51443D1EA51738B9D030C897A2E1926
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS152911.roa
Signing time:             Fri 21 Mar 2025 05:15:11 +0000
ROA not before:           Fri 21 Mar 2025 05:10:11 +0000
ROA not after:            Fri 20 Mar 2026 05:15:11 +0000
asID:                     152911
IP address blocks:        2a0f:85c1:b4a::/48 maxlen: 48
                          2a0f:85c1:bb2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:c4:48:36:c5:14:43:d1:ea:51:73:8b:9d:03:0c:89:7a:2e:19:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 21 05:10:11 2025 GMT
            Not After : Mar 20 05:15:11 2026 GMT
        Subject: CN=668D3D7CE1630D179799573C66D256D4562239D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5c:6f:2b:32:c8:75:4b:46:d5:81:0d:6c:13:
                    3c:31:f0:5c:09:e1:e3:6d:49:d7:80:c0:61:d2:34:
                    d6:bc:1c:7f:3e:94:db:e3:39:70:5d:91:ed:65:80:
                    96:6e:e1:51:7b:f0:5f:08:b2:35:fb:1f:1a:e9:5a:
                    59:57:20:4c:68:01:d2:80:46:66:e3:c5:4d:10:8d:
                    04:9c:a4:4a:be:85:31:56:73:8d:1a:13:7d:e7:ab:
                    71:2a:10:8c:43:5d:b0:3f:e6:96:4e:fb:a3:17:74:
                    ef:dc:e4:f6:ae:96:98:82:2d:48:0e:37:d7:da:70:
                    41:f5:36:2b:6c:8b:3d:67:d1:64:bd:98:70:a2:eb:
                    bf:74:9f:c9:d3:44:af:6c:ab:93:86:f2:f5:03:89:
                    8e:4f:14:6c:48:20:c8:e6:ab:91:f4:80:c8:91:d3:
                    9d:0b:a6:2f:ae:a1:34:bd:1f:cc:92:f9:d9:79:37:
                    d8:2e:32:e6:d7:ab:4c:4e:09:c9:84:81:74:df:4d:
                    97:f2:2e:be:ce:82:d6:04:02:c5:9d:a0:7b:ff:0c:
                    cb:27:47:f1:1d:ea:54:14:b8:6b:19:db:26:a2:04:
                    ae:ab:f9:8c:18:3a:4d:10:94:cf:92:f6:95:26:7d:
                    62:d5:41:0c:22:28:79:ff:ba:28:bf:13:68:a8:6d:
                    07:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8D:3D:7C:E1:63:0D:17:97:99:57:3C:66:D2:56:D4:56:22:39:D8
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS152911.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b4a::/48
                  2a0f:85c1:bb2::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:89:5b:2e:39:87:da:eb:d9:3c:4b:76:dd:30:ec:9a:75:e2:
         0f:ef:db:b9:4a:c4:3a:4c:af:c0:6b:6f:f6:2c:c1:ee:97:4a:
         4e:7a:77:6d:29:a9:9a:64:80:00:c4:f6:cd:54:54:27:93:e8:
         7a:ac:a5:0b:bd:2e:d9:19:f2:4e:aa:a9:07:79:b0:17:69:e7:
         c5:5d:6b:cc:7e:28:70:55:99:c4:9a:d4:b6:ca:55:17:f2:5c:
         d6:88:66:10:c8:fa:11:c6:c9:d7:8d:be:b8:bc:ad:f9:7c:30:
         00:dd:45:f4:f5:fe:e1:fb:ca:46:53:63:6d:9d:ca:35:6d:ea:
         74:c9:0a:cc:f7:fb:1a:ef:fe:8d:b7:d9:4c:ac:98:a8:58:52:
         df:c0:97:7d:ab:f1:2a:20:f0:6f:13:95:97:b0:80:c8:ad:00:
         4d:44:f1:58:e3:37:64:ab:45:5b:79:a6:8c:b2:0f:42:fa:a9:
         05:a5:b9:c8:95:02:cc:a1:62:3f:66:8a:96:87:ac:41:bd:99:
         cc:ba:ca:22:74:21:17:49:f8:03:c5:19:b7:fc:39:36:4c:78:
         03:52:1a:fe:42:46:90:bc:94:a3:5b:cc:5c:ae:66:36:0d:79:
         49:49:fd:27:75:90:04:cf:07:eb:ec:2e:69:41:d0:8c:06:61:
         af:5e:5e:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUG8RINsUUQ9HqUXOLnQMMiXouGSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMjEwNTEwMTFaFw0yNjAzMjAwNTE1MTFaMDMxMTAvBgNV
BAMTKDY2OEQzRDdDRTE2MzBEMTc5Nzk5NTczQzY2RDI1NkQ0NTYyMjM5RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/XG8rMsh1S0bVgQ1sEzwx8FwJ
4eNtSdeAwGHSNNa8HH8+lNvjOXBdke1lgJZu4VF78F8IsjX7HxrpWllXIExoAdKA
RmbjxU0QjQScpEq+hTFWc40aE33nq3EqEIxDXbA/5pZO+6MXdO/c5PaulpiCLUgO
N9facEH1Nitsiz1n0WS9mHCi6790n8nTRK9sq5OG8vUDiY5PFGxIIMjmq5H0gMiR
050Lpi+uoTS9H8yS+dl5N9guMubXq0xOCcmEgXTfTZfyLr7OgtYEAsWdoHv/DMsn
R/Ed6lQUuGsZ2yaiBK6r+YwYOk0QlM+S9pUmfWLVQQwiKHn/uii/E2iobQeDAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUZo09fOFjDReXmVc8ZtJW1FYiOdgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTUyOTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQtKAwcAKg+FwQuyMA0GCSqGSIb3DQEBCwUAA4IBAQAdiVsuOYfa69k8S3bdMOya
deIP79u5SsQ6TK/Aa2/2LMHul0pOendtKamaZIAAxPbNVFQnk+h6rKULvS7ZGfJO
qqkHebAXaefFXWvMfihwVZnEmtS2ylUX8lzWiGYQyPoRxsnXjb64vK35fDAA3UX0
9f7h+8pGU2Ntnco1bep0yQrM9/sa7/6Nt9lMrJioWFLfwJd9q/EqIPBvE5WXsIDI
rQBNRPFY4zdkq0VbeaaMsg9C+qkFpbnIlQLMoWI/ZoqWh6xBvZnMusoidCEXSfgD
xRm3/Dk2THgDUhr+QkaQvJSjW8xcrmY2DXlJSf0ndZAEzwfr7C5pQdCMBmGvXl5G
-----END CERTIFICATE-----