Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa
File:                     AS152179.roa (raw, json)
Hash identifier:          vwe0RFtWmIPU5bWY6ao4l5zedLByoAEqF81EBodp0bg=
Subject key identifier:   B9:D6:1F:57:86:E5:F5:19:BC:97:85:7A:68:14:77:E5:5E:B9:D6:5D
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       713B78D88E151BA3F664AF5E46667E90C5E7AEEA
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa
Signing time:             Fri 29 Aug 2025 19:56:05 +0000
ROA not before:           Fri 29 Aug 2025 19:51:05 +0000
ROA not after:            Fri 28 Aug 2026 19:56:05 +0000
asID:                     152179
IP address blocks:        212.115.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:3b:78:d8:8e:15:1b:a3:f6:64:af:5e:46:66:7e:90:c5:e7:ae:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug 29 19:51:05 2025 GMT
            Not After : Aug 28 19:56:05 2026 GMT
        Subject: CN=B9D61F5786E5F519BC97857A681477E55EB9D65D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a4:0f:6f:fb:36:85:c1:64:63:93:d1:2b:10:
                    fc:e7:1d:00:b1:8e:a7:bd:1e:3b:5b:ce:9c:02:67:
                    7c:44:ae:82:20:67:a7:5e:e8:1d:f2:1f:eb:3d:9b:
                    7d:bc:4d:ee:00:7f:6a:94:61:c7:4f:66:05:c9:4f:
                    8b:dc:c4:cd:de:3b:b1:2a:4b:de:6e:65:9b:b3:a9:
                    e4:14:4e:89:1f:97:aa:9e:10:52:ed:32:e4:50:5a:
                    08:77:b5:8a:b9:4c:d0:08:f5:02:9b:a4:06:cf:79:
                    99:30:1a:8c:15:d6:40:52:53:5c:a3:8e:fc:c3:75:
                    15:34:60:cc:92:e7:12:26:e3:16:8a:9c:fa:6c:c1:
                    21:72:e7:9e:b8:9d:d1:1f:95:57:ca:b4:a8:ce:0d:
                    96:5b:dd:cc:71:70:4f:74:c5:42:de:48:00:6e:33:
                    ef:ce:77:fa:0e:27:87:e6:b7:8a:df:20:cd:91:98:
                    da:1d:96:ee:ea:df:e2:35:0c:5d:df:6d:89:3f:99:
                    cb:91:ba:1a:d6:0f:b6:d3:5b:20:53:57:0c:a2:26:
                    24:f5:78:58:9c:66:eb:91:7b:bb:66:64:24:bb:34:
                    f5:10:ac:d6:43:8f:67:83:29:74:b0:84:c9:70:49:
                    70:b6:58:55:06:73:1c:91:9c:64:02:23:8c:f5:60:
                    19:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D6:1F:57:86:E5:F5:19:BC:97:85:7A:68:14:77:E5:5E:B9:D6:5D
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6d:68:62:e6:d9:06:03:eb:b2:16:44:e2:f0:e6:f4:97:05:
         a1:8a:56:99:18:91:16:fa:0d:c0:78:ff:c8:a1:7e:85:51:2c:
         1e:42:8d:ac:ef:3d:57:09:4f:8e:4c:28:b0:8c:04:69:e7:9d:
         54:08:1b:e1:04:72:be:9b:7e:83:e7:9c:c1:f8:f1:8b:c9:76:
         99:e3:0d:6b:ac:04:98:c1:d0:89:bc:02:2b:99:5a:bb:7f:4b:
         5b:f9:a8:97:1b:0b:83:e3:be:91:2e:76:23:41:bd:f4:02:8e:
         ef:4d:c4:19:b3:8f:30:b3:b5:d7:7e:c1:e6:06:03:19:14:3c:
         37:73:20:44:eb:b7:05:83:68:44:47:73:09:d6:a6:40:ee:63:
         ee:e2:cf:0d:cf:b8:4e:1a:d3:76:74:92:00:3a:67:ec:9d:6a:
         f3:b0:07:33:fb:03:a8:37:c7:ff:49:5f:78:b5:c3:a6:f6:28:
         d1:b8:a4:88:f5:e5:68:3d:cb:fd:f1:21:4f:5e:8b:69:76:dd:
         b0:67:b2:ee:a4:c1:d1:3b:fc:41:3e:21:c5:dd:34:af:56:2a:
         df:83:5d:93:4d:dd:1b:61:9a:79:f7:87:02:f5:30:1b:b0:ad:
         93:cf:04:95:7a:29:c1:54:e2:12:55:48:e4:ac:75:80:c2:0e:
         3f:48:0a:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcTt42I4VG6P2ZK9eRmZ+kMXnruowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MjkxOTUxMDVaFw0yNjA4MjgxOTU2MDVaMDMxMTAvBgNV
BAMTKEI5RDYxRjU3ODZFNUY1MTlCQzk3ODU3QTY4MTQ3N0U1NUVCOUQ2NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnpA9v+zaFwWRjk9ErEPznHQCx
jqe9HjtbzpwCZ3xEroIgZ6de6B3yH+s9m328Te4Af2qUYcdPZgXJT4vcxM3eO7Eq
S95uZZuzqeQUTokfl6qeEFLtMuRQWgh3tYq5TNAI9QKbpAbPeZkwGowV1kBSU1yj
jvzDdRU0YMyS5xIm4xaKnPpswSFy5564ndEflVfKtKjODZZb3cxxcE90xULeSABu
M+/Od/oOJ4fmt4rfIM2RmNodlu7q3+I1DF3fbYk/mcuRuhrWD7bTWyBTVwyiJiT1
eFicZuuRe7tmZCS7NPUQrNZDj2eDKXSwhMlwSXC2WFUGcxyRnGQCI4z1YBkfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUudYfV4bl9Rm8l4V6aBR35V651l0wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTUyMTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HNn
MA0GCSqGSIb3DQEBCwUAA4IBAQA8bWhi5tkGA+uyFkTi8Ob0lwWhilaZGJEW+g3A
eP/IoX6FUSweQo2s7z1XCU+OTCiwjARp551UCBvhBHK+m36D55zB+PGLyXaZ4w1r
rASYwdCJvAIrmVq7f0tb+aiXGwuD476RLnYjQb30Ao7vTcQZs48ws7XXfsHmBgMZ
FDw3cyBE67cFg2hER3MJ1qZA7mPu4s8Nz7hOGtN2dJIAOmfsnWrzsAcz+wOoN8f/
SV94tcOm9ijRuKSI9eVoPcv98SFPXotpdt2wZ7LupMHRO/xBPiHF3TSvVirfg12T
Td0bYZp594cC9TAbsK2TzwSVeinBVOISVUjkrHWAwg4/SAo8
-----END CERTIFICATE-----