Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS154132.roa
File:                     AS154132.roa (raw, json)
Hash identifier:          RdoopeR6803m24H3FOjLWT0JiMsdlijo9GBFIeY4Xv8=
Subject key identifier:   AF:B1:37:48:3F:08:DE:18:30:6A:89:84:18:58:B7:DF:13:43:61:35
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       C679995868217CB512245312608269369F8EF5
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS154132.roa
Signing time:             Wed 03 Jun 2026 03:23:41 +0000
ROA not before:           Wed 03 Jun 2026 03:18:41 +0000
ROA not after:            Wed 02 Jun 2027 03:23:41 +0000
asID:                     154132
IP address blocks:        51.194.165.0/24 maxlen: 24
                          188.221.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c6:79:99:58:68:21:7c:b5:12:24:53:12:60:82:69:36:9f:8e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  3 03:18:41 2026 GMT
            Not After : Jun  2 03:23:41 2027 GMT
        Subject: CN=AFB137483F08DE18306A89841858B7DF13436135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b4:af:bd:e0:fa:9d:96:68:74:03:c3:a0:91:
                    3a:63:4b:b3:8d:b9:d0:99:ee:23:5f:b5:e7:38:6a:
                    a2:2d:ca:25:29:df:c3:26:33:a7:5d:98:1e:82:58:
                    06:67:7f:1a:02:7c:26:66:84:37:48:90:35:09:00:
                    d0:50:13:2b:20:02:e1:3b:a1:2b:c7:45:d7:b9:58:
                    ee:f5:bc:4f:bf:88:68:ac:c5:2e:a5:ee:87:15:5e:
                    9d:1b:4e:71:62:f4:2b:83:af:f9:3b:08:92:20:87:
                    06:ce:e7:be:a8:87:09:8f:d4:63:94:cd:36:7b:c9:
                    b6:34:69:51:45:a6:21:22:d7:0b:31:46:a1:14:42:
                    ea:e4:55:7f:37:70:44:74:29:a1:44:c9:62:15:6b:
                    6b:33:86:fa:ee:d3:4d:61:51:8f:d4:8b:49:24:1a:
                    04:a0:bb:3d:40:d4:e2:ce:a5:be:96:41:81:42:43:
                    7f:9b:20:5d:59:fb:7b:8d:4d:d3:d1:0e:f2:3c:e1:
                    35:75:51:5f:ee:30:a3:d8:f3:ed:f7:49:d9:36:cc:
                    61:84:88:25:e0:f7:61:3c:c5:6e:e1:17:8b:36:4c:
                    91:b1:6c:d7:d5:95:cd:d4:d5:44:94:3c:07:00:a1:
                    8b:11:f8:40:f6:a1:b4:d7:96:72:ba:f6:05:3a:d9:
                    30:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B1:37:48:3F:08:DE:18:30:6A:89:84:18:58:B7:DF:13:43:61:35
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS154132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.165.0/24
                  188.221.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:b8:38:2a:35:c6:82:d9:2c:2e:69:0b:d8:d2:6b:a8:0b:3e:
         ba:ee:79:f6:78:85:7b:28:65:b1:7a:b3:05:da:85:e4:19:17:
         a6:18:14:67:7d:8d:a5:34:01:ba:04:4b:2a:d2:0f:cb:91:9a:
         a8:a0:99:41:16:93:4c:fb:b0:5f:99:3a:dd:e1:58:fa:7b:e2:
         72:3b:9d:88:9a:3f:31:97:b6:8b:a8:e0:27:33:4d:5b:a9:8b:
         99:2e:61:d0:59:6f:e2:8a:a4:5b:d9:6e:cc:f6:fc:07:ec:be:
         c8:3c:e8:e0:74:0c:14:5a:f8:7f:b8:2e:f9:9b:28:5f:83:a3:
         01:61:50:92:6d:08:b2:aa:f0:1e:67:a0:1e:d0:8f:c9:dd:d9:
         e9:ed:1a:fc:0e:cd:00:a2:95:9d:65:9d:d4:4a:76:d6:70:66:
         3d:62:e8:38:42:cf:f6:38:8f:7f:30:a1:ee:2f:77:fe:dc:be:
         2b:54:bb:e9:cc:01:38:fa:7b:4d:fa:c5:d5:f9:1f:32:b6:6c:
         53:66:1d:2c:7b:9a:ab:4f:90:7e:a2:93:af:b7:d9:45:f9:fe:
         cd:b9:a6:0c:70:9b:be:1f:e1:4d:26:32:e8:a7:6c:eb:22:7c:
         e1:6d:99:95:78:88:d3:82:df:bb:f7:6c:38:4f:c3:bd:69:0d:
         3f:af:63:db
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUAMZ5mVhoIXy1EiRTEmCCaTafjvUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDMwMzE4NDFaFw0yNzA2MDIwMzIzNDFaMDMxMTAvBgNV
BAMTKEFGQjEzNzQ4M0YwOERFMTgzMDZBODk4NDE4NThCN0RGMTM0MzYxMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTtK+94Pqdlmh0A8OgkTpjS7ON
udCZ7iNftec4aqItyiUp38MmM6ddmB6CWAZnfxoCfCZmhDdIkDUJANBQEysgAuE7
oSvHRde5WO71vE+/iGisxS6l7ocVXp0bTnFi9CuDr/k7CJIghwbO576ohwmP1GOU
zTZ7ybY0aVFFpiEi1wsxRqEUQurkVX83cER0KaFEyWIVa2szhvru001hUY/Ui0kk
GgSguz1A1OLOpb6WQYFCQ3+bIF1Z+3uNTdPRDvI84TV1UV/uMKPY8+33Sdk2zGGE
iCXg92E8xW7hF4s2TJGxbNfVlc3U1USUPAcAoYsR+ED2obTXlnK69gU62TBnAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUr7E3SD8I3hgwaomEGFi33xNDYTUwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTU0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAM8Kl
AwQAvN0AMA0GCSqGSIb3DQEBCwUAA4IBAQCmuDgqNcaC2SwuaQvY0muoCz667nn2
eIV7KGWxerMF2oXkGRemGBRnfY2lNAG6BEsq0g/LkZqooJlBFpNM+7BfmTrd4Vj6
e+JyO52Imj8xl7aLqOAnM01bqYuZLmHQWW/iiqRb2W7M9vwH7L7IPOjgdAwUWvh/
uC75myhfg6MBYVCSbQiyqvAeZ6Ae0I/J3dnp7Rr8Ds0AopWdZZ3USnbWcGY9Yug4
Qs/2OI9/MKHuL3f+3L4rVLvpzAE4+ntN+sXV+R8ytmxTZh0se5qrT5B+opOvt9lF
+f7NuaYMcJu+H+FNJjLop2zrInzhbZmVeIjTgt+792w4T8O9aQ0/r2Pb
-----END CERTIFICATE-----