Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS153169.roa
File:                     AS153169.roa (raw, json)
Hash identifier:          9Hm7/PU58WikiN0W4qGc0H4kKfnXDv8fU74U0cAMWvQ=
Subject key identifier:   22:74:94:45:C3:73:9A:A0:D6:8F:69:C7:A1:B6:6C:71:8E:03:D3:CF
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7679602E016F7EFF0900F16189703EF238D2793F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS153169.roa
Signing time:             Fri 22 May 2026 00:24:10 +0000
ROA not before:           Fri 22 May 2026 00:19:10 +0000
ROA not after:            Fri 21 May 2027 00:24:10 +0000
asID:                     153169
IP address blocks:        141.11.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 01:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:79:60:2e:01:6f:7e:ff:09:00:f1:61:89:70:3e:f2:38:d2:79:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 22 00:19:10 2026 GMT
            Not After : May 21 00:24:10 2027 GMT
        Subject: CN=22749445C3739AA0D68F69C7A1B66C718E03D3CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:69:e8:7a:4d:63:f1:f5:88:c7:d0:f4:49:a0:
                    99:1a:1a:5f:56:5d:08:1e:96:c6:da:09:3a:8a:98:
                    80:90:d3:be:fc:2d:ac:fe:f6:81:f3:5a:ad:44:a3:
                    70:6b:a0:50:8b:b7:c3:08:bd:41:56:b9:91:61:45:
                    84:53:fc:13:b6:22:80:13:77:34:03:56:5b:9c:44:
                    fa:a8:bc:65:ff:3e:9c:15:5c:c8:4f:47:d9:25:74:
                    57:73:df:32:e6:2c:f0:84:2c:3b:f7:bd:53:1f:06:
                    69:40:4a:74:1e:ce:c4:4d:4b:83:d3:38:52:c0:26:
                    53:76:16:72:56:05:66:79:02:fb:7b:bd:86:8d:13:
                    dc:23:4b:51:25:94:bd:82:80:4e:25:d5:d6:80:d3:
                    be:b8:dd:b9:1f:ea:65:c1:30:70:48:5e:6f:9c:5b:
                    6d:3e:e0:b6:5f:62:c8:69:53:f3:76:1e:a4:91:15:
                    ff:44:44:f1:21:7d:6c:97:6e:90:cc:a6:03:7a:b8:
                    52:74:6f:00:7a:43:34:9b:aa:2a:71:52:61:c2:03:
                    01:f4:04:37:c6:c6:1c:10:eb:d3:bb:1f:f9:2a:ca:
                    1d:3d:52:e5:ab:4f:c3:3d:4d:97:0f:4b:ef:bf:69:
                    dc:cb:30:69:78:27:68:a5:44:c5:db:a3:d8:98:d0:
                    f7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:74:94:45:C3:73:9A:A0:D6:8F:69:C7:A1:B6:6C:71:8E:03:D3:CF
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS153169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:65:4a:cc:30:02:41:c9:d0:f6:9f:0f:5e:f9:11:8e:f3:3c:
         80:a3:1d:2f:6d:20:26:1f:8c:32:88:b0:1b:04:6b:d7:2d:65:
         a3:9b:10:78:28:40:a3:d6:54:9d:0e:e9:4d:b1:77:87:07:8e:
         df:f4:49:c7:e8:dd:07:af:92:a9:8b:70:60:22:59:ee:b7:79:
         d3:07:2f:bb:f3:e7:00:3a:9e:d5:a2:2b:40:93:da:59:5c:d9:
         ab:69:15:ac:7b:1a:6b:d9:8d:90:ab:b3:04:42:7d:77:77:4b:
         1b:d9:bb:fa:27:14:de:d3:14:39:85:bd:15:eb:bf:2a:22:c4:
         99:2e:ba:37:90:ef:1d:58:ac:89:2c:e4:44:f5:4c:6f:d6:43:
         bf:38:51:67:62:04:00:4a:97:16:1a:70:2b:dd:86:90:31:55:
         f2:6d:db:4c:97:eb:25:77:0c:94:c4:3b:42:5f:09:ce:13:8d:
         97:04:60:ff:ee:71:37:a5:13:38:5c:ea:90:5b:2d:bb:d5:33:
         1a:51:87:63:58:21:5b:b8:85:ba:de:eb:37:35:06:57:68:91:
         4c:69:51:a3:5a:ae:e0:7e:87:c8:be:04:ba:33:6c:29:67:5d:
         58:d6:0d:25:fa:97:e4:5f:b4:15:10:36:77:83:48:70:b7:fd:
         5a:41:26:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdnlgLgFvfv8JAPFhiXA+8jjSeT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MjIwMDE5MTBaFw0yNzA1MjEwMDI0MTBaMDMxMTAvBgNV
BAMTKDIyNzQ5NDQ1QzM3MzlBQTBENjhGNjlDN0ExQjY2QzcxOEUwM0QzQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeaeh6TWPx9YjH0PRJoJkaGl9W
XQgelsbaCTqKmICQ0778Laz+9oHzWq1Eo3BroFCLt8MIvUFWuZFhRYRT/BO2IoAT
dzQDVlucRPqovGX/PpwVXMhPR9kldFdz3zLmLPCELDv3vVMfBmlASnQezsRNS4PT
OFLAJlN2FnJWBWZ5Avt7vYaNE9wjS1EllL2CgE4l1daA07643bkf6mXBMHBIXm+c
W20+4LZfYshpU/N2HqSRFf9ERPEhfWyXbpDMpgN6uFJ0bwB6QzSbqipxUmHCAwH0
BDfGxhwQ69O7H/kqyh09UuWrT8M9TZcPS++/adzLMGl4J2ilRMXbo9iY0PdHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUInSURcNzmqDWj2nHobZscY4D088wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUzMTY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvS
MA0GCSqGSIb3DQEBCwUAA4IBAQC6ZUrMMAJBydD2nw9e+RGO8zyAox0vbSAmH4wy
iLAbBGvXLWWjmxB4KECj1lSdDulNsXeHB47f9EnH6N0Hr5Kpi3BgIlnut3nTBy+7
8+cAOp7VoitAk9pZXNmraRWsexpr2Y2Qq7MEQn13d0sb2bv6JxTe0xQ5hb0V678q
IsSZLro3kO8dWKyJLORE9Uxv1kO/OFFnYgQASpcWGnAr3YaQMVXybdtMl+sldwyU
xDtCXwnOE42XBGD/7nE3pRM4XOqQWy271TMaUYdjWCFbuIW63us3NQZXaJFMaVGj
Wq7gfofIvgS6M2wpZ11Y1g0l+pfkX7QVEDZ3g0hwt/1aQSZF
-----END CERTIFICATE-----