Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS150659.roa
File:                     AS150659.roa (raw, json)
Hash identifier:          e7jcJFh7TMKO63VUSgXfjr6oEV0DxkcAaUGeLRGWovA=
Subject key identifier:   37:F1:C8:88:9E:CD:6B:10:14:8A:D4:CD:09:DD:CD:58:D1:90:49:BF
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       431AEF5983F04C3AAAE2945A71048AFAC31474A8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS150659.roa
Signing time:             Wed 17 Jun 2026 11:48:26 +0000
ROA not before:           Wed 17 Jun 2026 11:43:26 +0000
ROA not after:            Wed 16 Jun 2027 11:48:26 +0000
asID:                     150659
IP address blocks:        95.134.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 11:52:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:1a:ef:59:83:f0:4c:3a:aa:e2:94:5a:71:04:8a:fa:c3:14:74:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 17 11:43:26 2026 GMT
            Not After : Jun 16 11:48:26 2027 GMT
        Subject: CN=37F1C8889ECD6B10148AD4CD09DDCD58D19049BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c5:c9:1d:1e:75:be:7e:74:6d:7e:63:df:b7:
                    21:17:2c:7a:c3:2d:b2:a2:de:3d:9e:1b:6c:2e:c8:
                    3e:e2:a9:8e:1f:a9:c7:5d:e1:7c:c9:80:e9:b5:19:
                    de:9a:22:b4:dc:29:fc:4d:86:94:c7:d1:51:89:db:
                    d8:cc:78:6b:2e:c2:71:06:8c:f3:df:f1:3d:a1:fb:
                    85:fe:dd:64:a3:c8:07:9d:26:17:61:60:fa:e4:dc:
                    02:fb:f7:dc:8e:52:95:b1:c8:f4:ef:7d:56:51:57:
                    00:62:f3:6d:ce:b8:97:6b:6e:de:96:36:63:aa:0b:
                    f1:02:4a:ee:31:ca:95:83:06:64:20:c6:7d:6e:ef:
                    cf:ea:db:cc:4e:c6:25:a0:16:4c:46:e5:9a:ed:06:
                    b5:0e:02:d1:53:3e:a9:c5:80:7c:0f:ab:80:5a:4a:
                    a8:c8:0a:69:f9:a5:55:ca:1c:4e:4e:c3:01:d4:b4:
                    8a:21:31:2b:bd:68:04:4c:61:38:f9:cc:7c:aa:b3:
                    18:ce:f5:44:aa:06:71:79:85:e8:b7:02:3b:6c:ae:
                    99:83:dd:a4:db:0c:d8:96:04:f5:4a:af:ff:9b:0a:
                    ea:ee:9d:17:56:02:19:07:d3:87:69:c0:a0:40:ff:
                    86:a2:9a:a0:90:74:5b:2e:cc:57:76:96:46:ef:ad:
                    65:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F1:C8:88:9E:CD:6B:10:14:8A:D4:CD:09:DD:CD:58:D1:90:49:BF
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS150659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e0:aa:08:3a:1f:7b:f0:25:5b:13:57:f4:bb:4a:94:35:f4:
         c3:ef:44:71:16:ce:70:54:b0:72:14:36:a8:3f:3f:0e:5d:9f:
         29:af:4c:2a:b4:91:c0:85:94:00:00:a7:62:e9:55:ed:14:7a:
         56:88:e1:ac:fb:2d:39:5a:81:b7:59:f3:f7:5b:17:24:cc:72:
         aa:58:49:70:e2:50:4d:f9:3b:f4:9a:f6:eb:5f:7f:ef:4d:5d:
         0e:e2:87:8b:be:90:a0:dd:bb:60:03:d7:a4:46:44:3b:14:2f:
         9a:66:7a:ca:fc:f9:7a:05:ec:09:ab:c0:d6:77:dc:f2:36:1a:
         77:da:12:22:11:62:03:bd:1f:0c:20:06:36:c1:ac:a6:a9:ba:
         9f:a2:fe:43:20:06:1e:94:6c:e8:3c:c9:b1:c0:22:15:9b:a8:
         07:b4:a5:4e:3d:e0:a9:75:46:29:4e:8c:27:5b:5c:d5:31:19:
         e1:49:0f:ee:af:3e:25:63:47:db:92:8f:26:06:59:ee:bf:04:
         6e:a2:31:bf:72:e7:07:9f:c2:31:d5:12:10:34:e0:52:28:62:
         1b:22:f8:9a:9f:5e:16:f1:fa:84:9c:d4:27:5a:b8:b2:2f:fc:
         bb:42:23:b5:4b:91:f8:66:15:76:f8:f5:ca:6e:10:bd:01:87:
         be:76:cb:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQxrvWYPwTDqq4pRacQSK+sMUdKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MTcxMTQzMjZaFw0yNzA2MTYxMTQ4MjZaMDMxMTAvBgNV
BAMTKDM3RjFDODg4OUVDRDZCMTAxNDhBRDRDRDA5RERDRDU4RDE5MDQ5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCixckdHnW+fnRtfmPftyEXLHrD
LbKi3j2eG2wuyD7iqY4fqcdd4XzJgOm1Gd6aIrTcKfxNhpTH0VGJ29jMeGsuwnEG
jPPf8T2h+4X+3WSjyAedJhdhYPrk3AL799yOUpWxyPTvfVZRVwBi823OuJdrbt6W
NmOqC/ECSu4xypWDBmQgxn1u78/q28xOxiWgFkxG5ZrtBrUOAtFTPqnFgHwPq4Ba
SqjICmn5pVXKHE5OwwHUtIohMSu9aARMYTj5zHyqsxjO9USqBnF5hei3AjtsrpmD
3aTbDNiWBPVKr/+bCurunRdWAhkH04dpwKBA/4aimqCQdFsuzFd2lkbvrWWrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUN/HIiJ7NaxAUitTNCd3NWNGQSb8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTUwNjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4YU
MA0GCSqGSIb3DQEBCwUAA4IBAQCo4KoIOh978CVbE1f0u0qUNfTD70RxFs5wVLBy
FDaoPz8OXZ8pr0wqtJHAhZQAAKdi6VXtFHpWiOGs+y05WoG3WfP3WxckzHKqWElw
4lBN+Tv0mvbrX3/vTV0O4oeLvpCg3btgA9ekRkQ7FC+aZnrK/Pl6BewJq8DWd9zy
Nhp32hIiEWIDvR8MIAY2waymqbqfov5DIAYelGzoPMmxwCIVm6gHtKVOPeCpdUYp
TownW1zVMRnhSQ/urz4lY0fbko8mBlnuvwRuojG/cucHn8Ix1RIQNOBSKGIbIvia
n14W8fqEnNQnWriyL/y7QiO1S5H4ZhV2+PXKbhC9AYe+dssd
-----END CERTIFICATE-----