Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS149573.roa
File:                     AS149573.roa (raw, json)
Hash identifier:          CPtgG/+8xWD9gpviHaxKOtihwwAKtWAJy2gSsBqUWYA=
Subject key identifier:   B3:BD:11:B8:2F:DC:11:57:F2:6E:CF:88:22:4D:9A:44:97:F6:3C:5D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       28396C79E32E16C1B4440442834FDB39F4B6489F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS149573.roa
Signing time:             Tue 19 May 2026 09:36:31 +0000
ROA not before:           Tue 19 May 2026 09:31:31 +0000
ROA not after:            Tue 18 May 2027 09:36:31 +0000
asID:                     149573
IP address blocks:        141.11.94.0/24 maxlen: 24
                          141.11.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:25:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:39:6c:79:e3:2e:16:c1:b4:44:04:42:83:4f:db:39:f4:b6:48:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 19 09:31:31 2026 GMT
            Not After : May 18 09:36:31 2027 GMT
        Subject: CN=B3BD11B82FDC1157F26ECF88224D9A4497F63C5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c9:c7:fb:bf:4c:5b:22:44:33:ac:1a:30:74:
                    10:3a:29:4a:e7:44:23:42:08:5b:4f:38:9f:fa:3e:
                    23:62:f2:44:89:16:2e:4f:c7:3c:75:fe:fd:f4:cb:
                    74:f1:e1:0c:aa:93:03:3c:bf:83:cd:8f:2f:48:6b:
                    a7:47:7d:b8:57:c6:55:0c:e3:84:ec:bb:a2:7a:30:
                    b1:cc:e1:a4:60:01:62:51:75:52:4e:2e:42:c7:1e:
                    13:1b:f7:4f:dc:7c:54:cb:0b:03:a7:e4:a3:3f:87:
                    4e:bc:75:a2:e9:5f:70:6d:07:d0:ce:31:a7:51:5f:
                    10:fc:66:bc:d2:c7:dd:48:1f:23:b8:6f:03:61:91:
                    9e:54:8f:95:14:67:77:10:bb:5d:6f:39:da:66:a7:
                    66:fb:90:18:f2:f5:a4:c5:15:22:15:11:d3:72:93:
                    33:3e:ed:96:99:3c:50:1e:92:9d:48:5f:ee:5e:4a:
                    8b:a1:c0:a0:c7:b2:1f:3d:6f:68:e4:d7:7a:95:be:
                    e8:53:69:50:85:58:16:bc:3e:0e:43:58:f4:af:48:
                    6b:23:ae:ca:2a:99:34:57:dc:c2:36:93:ca:e4:ea:
                    04:f1:cb:18:25:d0:66:82:55:d0:37:33:8c:05:11:
                    d4:4b:2a:01:9c:24:6a:95:5d:4c:b1:45:5c:f6:fb:
                    fd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:BD:11:B8:2F:DC:11:57:F2:6E:CF:88:22:4D:9A:44:97:F6:3C:5D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS149573.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.94.0/24
                  141.11.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9a:69:c6:dd:03:d7:46:86:b0:2d:f7:88:d6:39:2d:35:69:
         db:9b:26:1c:ab:4a:6b:83:a8:e0:0e:e3:7c:26:03:a2:54:f2:
         65:d8:e3:9d:00:b4:b9:12:be:d8:5e:d8:45:11:91:bb:fe:b1:
         9c:76:10:3c:f1:5a:19:f0:d3:8d:e0:bf:ca:a6:e7:dd:76:80:
         b6:84:f4:ec:a4:1a:54:2a:7b:1c:9b:5d:7d:a7:ce:96:d8:8b:
         cc:c7:1f:60:4b:09:fe:2a:60:f2:67:f2:1d:df:99:40:fc:0b:
         0d:a3:0c:55:ee:9c:e0:b4:f7:5f:d3:9a:ae:c1:23:63:44:8a:
         56:d1:68:6e:3a:05:6c:e8:d2:e2:a9:72:bc:23:a6:fa:e0:55:
         0f:29:08:a0:fd:c3:54:23:f7:5f:6b:06:3a:89:ac:22:34:76:
         d6:41:d9:2b:c4:e4:c9:4d:68:b5:26:b7:07:79:75:cf:14:d2:
         fb:78:9b:f9:8f:6e:5f:d1:5a:63:d9:6b:42:01:62:32:cf:90:
         86:01:75:8d:a4:25:8f:54:25:94:7a:41:61:3e:42:8f:e2:19:
         7c:4f:d7:6c:ab:85:be:6b:9c:57:04:74:07:a5:e5:6e:c3:c8:
         5c:d2:9a:5d:00:d4:60:78:a5:a4:af:61:a6:a7:c0:71:9e:88:
         e4:34:92:68
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKDlseeMuFsG0RARCg0/bOfS2SJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTkwOTMxMzFaFw0yNzA1MTgwOTM2MzFaMDMxMTAvBgNV
BAMTKEIzQkQxMUI4MkZEQzExNTdGMjZFQ0Y4ODIyNEQ5QTQ0OTdGNjNDNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOycf7v0xbIkQzrBowdBA6KUrn
RCNCCFtPOJ/6PiNi8kSJFi5Pxzx1/v30y3Tx4QyqkwM8v4PNjy9Ia6dHfbhXxlUM
44Tsu6J6MLHM4aRgAWJRdVJOLkLHHhMb90/cfFTLCwOn5KM/h068daLpX3BtB9DO
MadRXxD8ZrzSx91IHyO4bwNhkZ5Uj5UUZ3cQu11vOdpmp2b7kBjy9aTFFSIVEdNy
kzM+7ZaZPFAekp1IX+5eSouhwKDHsh89b2jk13qVvuhTaVCFWBa8Pg5DWPSvSGsj
rsoqmTRX3MI2k8rk6gTxyxgl0GaCVdA3M4wFEdRLKgGcJGqVXUyxRVz2+/3HAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUs70RuC/cEVfybs+IIk2aRJf2PF0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ5NTczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQte
AwQAjQuIMA0GCSqGSIb3DQEBCwUAA4IBAQBlmmnG3QPXRoawLfeI1jktNWnbmyYc
q0prg6jgDuN8JgOiVPJl2OOdALS5Er7YXthFEZG7/rGcdhA88VoZ8NON4L/Kpufd
doC2hPTspBpUKnscm119p86W2IvMxx9gSwn+KmDyZ/Id35lA/AsNowxV7pzgtPdf
05quwSNjRIpW0WhuOgVs6NLiqXK8I6b64FUPKQig/cNUI/dfawY6iawiNHbWQdkr
xOTJTWi1JrcHeXXPFNL7eJv5j25f0Vpj2WtCAWIyz5CGAXWNpCWPVCWUekFhPkKP
4hl8T9dsq4W+a5xXBHQHpeVuw8hc0ppdANRgeKWkr2Gmp8BxnojkNJJo
-----END CERTIFICATE-----