Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa
File:                     AS153371.roa (raw, json)
Hash identifier:          IossavS94TfUcziAQNDPc5NBHDyyavb9ZAaeNUJvOpI=
Subject key identifier:   22:6B:1D:24:15:78:26:82:05:B2:D5:4F:81:1C:E5:8A:35:6A:11:78
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2DF1DBC9C17FC2B97F8E149EBFE8B15AFF63A889
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa
Signing time:             Thu 04 Sep 2025 17:52:20 +0000
ROA not before:           Thu 04 Sep 2025 17:47:20 +0000
ROA not after:            Thu 03 Sep 2026 17:52:20 +0000
asID:                     153371
IP address blocks:        92.113.116.0/23 maxlen: 24
                          178.92.74.0/24 maxlen: 24
                          178.92.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:f1:db:c9:c1:7f:c2:b9:7f:8e:14:9e:bf:e8:b1:5a:ff:63:a8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep  4 17:47:20 2025 GMT
            Not After : Sep  3 17:52:20 2026 GMT
        Subject: CN=226B1D241578268205B2D54F811CE58A356A1178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e7:86:39:57:b9:c4:67:b9:13:85:6c:95:56:
                    cd:a4:6e:15:6a:47:20:5d:ad:1c:55:19:07:f0:88:
                    05:fd:38:99:5b:16:e6:48:4c:37:ec:f8:ea:9b:87:
                    83:f0:4e:53:00:51:b6:92:de:39:97:0c:f1:a0:85:
                    b2:a4:af:14:83:3b:29:61:de:79:04:a7:78:01:e7:
                    c2:c6:f3:83:18:11:e7:68:27:c2:9e:06:02:04:74:
                    cf:a6:6d:ce:7e:1f:23:25:78:58:15:52:90:58:47:
                    77:eb:80:3b:88:d1:f0:3a:e3:3f:94:0b:7b:25:eb:
                    38:21:f2:57:84:d8:7c:8e:62:3c:45:14:e8:1f:08:
                    2d:68:57:a2:78:a5:7c:09:96:10:47:e4:5a:2f:e2:
                    e5:5b:23:23:7c:05:53:fb:ac:74:aa:19:ba:b1:3b:
                    01:d1:01:00:d4:d8:04:bc:89:73:cc:04:81:4d:ab:
                    53:79:02:14:0e:74:4b:d8:44:4e:5c:ae:22:4d:60:
                    3e:c4:9d:95:a8:df:12:2c:02:f3:d0:dd:e1:f5:a0:
                    64:e2:db:c3:09:9d:c6:51:c8:bf:9e:24:07:c0:d6:
                    99:fa:de:e2:7d:34:65:00:1f:35:ab:19:25:d0:1c:
                    a0:13:9a:87:4e:17:b9:19:df:c2:6b:c0:37:26:c2:
                    2e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6B:1D:24:15:78:26:82:05:B2:D5:4F:81:1C:E5:8A:35:6A:11:78
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.116.0/23
                  178.92.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:67:a0:ba:09:ca:1d:11:cc:68:70:d3:eb:50:20:92:e7:7a:
         cc:74:bc:d8:32:18:9d:9c:23:df:ad:e3:a4:e9:8e:fa:9a:3e:
         cd:82:e1:06:cd:c4:42:2a:ff:df:20:af:6a:b1:3d:c2:cb:d8:
         57:3c:0d:d3:a5:11:09:c5:f3:6a:99:06:71:15:58:f6:3c:bc:
         fe:e3:6c:74:33:b3:01:d5:3d:49:f9:39:e7:87:a7:3c:12:af:
         8c:90:7a:bd:fe:6c:4a:f2:8e:c5:fc:f7:4d:9f:70:ac:97:fa:
         89:52:69:b9:71:f6:97:c4:97:5c:90:27:3e:15:31:58:00:60:
         a5:c1:dd:08:fb:55:6d:7e:58:5d:00:ae:ca:58:87:09:01:9c:
         3f:78:bb:d3:3b:b0:f3:9f:d5:0c:0c:db:93:3d:66:b7:70:d3:
         c0:fb:64:6e:b9:61:6f:e3:1a:e3:35:93:61:fc:1e:fe:36:7e:
         fc:16:05:f2:2c:44:35:e8:00:15:9a:59:49:36:4a:d4:9d:86:
         8b:49:d4:9f:9e:51:59:13:02:c8:a3:25:99:08:ac:8e:81:bc:
         17:ea:b1:2b:1b:ce:b1:bd:bf:41:b4:7f:d3:d9:de:c1:15:0c:
         0e:88:1f:4b:02:b9:e6:9a:2f:bd:3d:46:63:52:36:0f:83:fe:
         02:74:01:ea
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIULfHbycF/wrl/jhSev+ixWv9jqIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MDQxNzQ3MjBaFw0yNjA5MDMxNzUyMjBaMDMxMTAvBgNV
BAMTKDIyNkIxRDI0MTU3ODI2ODIwNUIyRDU0RjgxMUNFNThBMzU2QTExNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI54Y5V7nEZ7kThWyVVs2kbhVq
RyBdrRxVGQfwiAX9OJlbFuZITDfs+Oqbh4PwTlMAUbaS3jmXDPGghbKkrxSDOylh
3nkEp3gB58LG84MYEedoJ8KeBgIEdM+mbc5+HyMleFgVUpBYR3frgDuI0fA64z+U
C3sl6zgh8leE2HyOYjxFFOgfCC1oV6J4pXwJlhBH5Fov4uVbIyN8BVP7rHSqGbqx
OwHRAQDU2AS8iXPMBIFNq1N5AhQOdEvYRE5criJNYD7EnZWo3xIsAvPQ3eH1oGTi
28MJncZRyL+eJAfA1pn63uJ9NGUAHzWrGSXQHKATmodOF7kZ38JrwDcmwi6lAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUImsdJBV4JoIFstVPgRzlijVqEXgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTUzMzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXHF0
AwQBslxKMA0GCSqGSIb3DQEBCwUAA4IBAQBRZ6C6CcodEcxocNPrUCCS53rMdLzY
MhidnCPfreOk6Y76mj7NguEGzcRCKv/fIK9qsT3Cy9hXPA3TpREJxfNqmQZxFVj2
PLz+42x0M7MB1T1J+Tnnh6c8Eq+MkHq9/mxK8o7F/PdNn3Csl/qJUmm5cfaXxJdc
kCc+FTFYAGClwd0I+1VtflhdAK7KWIcJAZw/eLvTO7Dzn9UMDNuTPWa3cNPA+2Ru
uWFv4xrjNZNh/B7+Nn78FgXyLEQ16AAVmllJNkrUnYaLSdSfnlFZEwLIoyWZCKyO
gbwX6rErG86xvb9BtH/T2d7BFQwOiB9LArnmmi+9PUZjUjYPg/4CdAHq
-----END CERTIFICATE-----