Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS154132.roa
File:                     AS154132.roa (raw, json)
Hash identifier:          qMV+7GtW/jS9E4t8zXNXGyl2EOApvEz8FcFlVZbMuIE=
Subject key identifier:   9C:78:DF:80:57:C9:A8:A8:0F:85:39:DA:D5:89:91:3A:AA:E4:50:8D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       627A097E9F7D8E9771368B8F538409FD43FE8D94
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS154132.roa
Signing time:             Tue 02 Jun 2026 11:25:37 +0000
ROA not before:           Tue 02 Jun 2026 11:20:37 +0000
ROA not after:            Tue 01 Jun 2027 11:25:37 +0000
asID:                     154132
IP address blocks:        46.203.3.0/24 maxlen: 24
                          92.113.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:7a:09:7e:9f:7d:8e:97:71:36:8b:8f:53:84:09:fd:43:fe:8d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  2 11:20:37 2026 GMT
            Not After : Jun  1 11:25:37 2027 GMT
        Subject: CN=9C78DF8057C9A8A80F8539DAD589913AAAE4508D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:30:b6:38:5e:c9:a8:88:bd:0d:5f:df:de:05:
                    98:6c:1d:c0:b1:c1:0a:ed:05:f8:c6:9a:cd:bc:03:
                    02:d9:81:78:c5:1b:d7:a6:d8:f2:30:3e:95:f5:b7:
                    9e:13:69:13:5f:b6:d2:18:33:c5:6b:17:83:2c:aa:
                    10:9f:62:1a:27:98:e4:4b:3d:3f:c3:91:c3:62:30:
                    7f:08:96:ee:8d:c1:d1:b7:00:e9:f7:6c:1e:0b:7e:
                    32:d4:3c:57:48:79:f6:03:ed:03:24:2c:42:f2:02:
                    0b:f7:ef:fb:b4:85:1e:41:ea:c9:2a:de:21:a0:34:
                    4c:67:c2:2a:80:2a:2f:b1:29:5a:37:a2:2e:a9:82:
                    46:75:c7:91:e8:d6:5d:65:4f:c2:c9:f5:bf:dc:59:
                    8c:58:85:e9:c3:d6:83:db:c6:88:20:c5:50:5d:5d:
                    47:54:85:76:d2:0b:82:da:39:6c:28:df:bc:7f:2f:
                    4f:6d:ee:a3:6d:21:d0:94:43:5f:11:20:2b:62:cd:
                    f4:63:64:09:45:3d:74:ef:4f:4f:ac:87:cf:72:67:
                    c1:30:b1:77:a6:8b:8d:b8:ba:d0:0b:93:4b:26:6a:
                    db:aa:be:02:0b:dd:08:a7:43:83:25:0d:33:13:1f:
                    e6:94:b9:db:08:1b:dd:9a:60:7f:03:7a:fe:02:b6:
                    dc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:78:DF:80:57:C9:A8:A8:0F:85:39:DA:D5:89:91:3A:AA:E4:50:8D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS154132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.3.0/24
                  92.113.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f2:82:92:83:77:9d:e7:38:6d:20:cb:dc:ac:66:ca:5d:bb:
         13:d8:29:c1:1a:86:ff:c6:77:38:cc:66:7e:bc:55:01:06:f1:
         2e:9f:95:82:f1:21:44:b1:e8:b8:0f:79:fa:69:e6:48:ea:74:
         a2:c2:5f:62:57:db:31:db:36:73:97:62:14:6c:39:f2:ec:5b:
         f1:96:b2:2f:05:87:03:a3:29:0a:f0:76:3a:4d:26:1f:0b:5b:
         41:7d:d4:1a:62:bc:6f:7b:20:58:2e:a7:24:48:b9:a0:a2:94:
         a7:00:42:4a:90:8a:b9:6c:3f:d7:0b:21:5b:27:07:bf:d2:75:
         22:c8:13:2c:fe:cf:16:b0:e2:11:a1:96:59:70:ef:82:b5:50:
         bc:91:86:1b:75:c1:e3:d4:3d:26:af:e5:91:8b:eb:c5:0f:a6:
         59:74:42:45:75:ee:c5:07:96:63:a8:36:5a:da:0d:b8:21:ff:
         2b:b7:3d:10:aa:cf:67:41:a8:55:0e:1d:c6:b3:58:0a:59:45:
         d2:21:e4:7a:a7:e6:e0:32:12:f7:8e:dc:b8:3e:bf:62:9a:f3:
         d2:0a:66:4f:db:a9:19:94:0b:7b:b9:f1:c4:01:d3:4b:a1:6b:
         d1:97:76:a6:e6:7c:28:84:75:37:bc:b1:ec:2a:31:4c:5f:2f:
         f7:a1:36:6e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYnoJfp99jpdxNouPU4QJ/UP+jZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDIxMTIwMzdaFw0yNzA2MDExMTI1MzdaMDMxMTAvBgNV
BAMTKDlDNzhERjgwNTdDOUE4QTgwRjg1MzlEQUQ1ODk5MTNBQUFFNDUwOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxMLY4XsmoiL0NX9/eBZhsHcCx
wQrtBfjGms28AwLZgXjFG9em2PIwPpX1t54TaRNfttIYM8VrF4MsqhCfYhonmORL
PT/DkcNiMH8Ilu6NwdG3AOn3bB4LfjLUPFdIefYD7QMkLELyAgv37/u0hR5B6skq
3iGgNExnwiqAKi+xKVo3oi6pgkZ1x5Ho1l1lT8LJ9b/cWYxYhenD1oPbxoggxVBd
XUdUhXbSC4LaOWwo37x/L09t7qNtIdCUQ18RICtizfRjZAlFPXTvT0+sh89yZ8Ew
sXemi424utALk0smatuqvgIL3QinQ4MlDTMTH+aUudsIG92aYH8Dev4Ctty5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUnHjfgFfJqKgPhTna1YmROqrkUI0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTU0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALssD
AwQAXHEsMA0GCSqGSIb3DQEBCwUAA4IBAQBw8oKSg3ed5zhtIMvcrGbKXbsT2CnB
Gob/xnc4zGZ+vFUBBvEun5WC8SFEsei4D3n6aeZI6nSiwl9iV9sx2zZzl2IUbDny
7FvxlrIvBYcDoykK8HY6TSYfC1tBfdQaYrxveyBYLqckSLmgopSnAEJKkIq5bD/X
CyFbJwe/0nUiyBMs/s8WsOIRoZZZcO+CtVC8kYYbdcHj1D0mr+WRi+vFD6ZZdEJF
de7FB5ZjqDZa2g24If8rtz0Qqs9nQahVDh3Gs1gKWUXSIeR6p+bgMhL3jty4Pr9i
mvPSCmZP26kZlAt7ufHEAdNLoWvRl3am5nwohHU3vLHsKjFMXy/3oTZu
-----END CERTIFICATE-----