Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133150.roa
File:                     AS133150.roa (raw, json)
Hash identifier:          n2RSz/ICVPWEPpZRX0mn2hLVoShqzJoiZkxCqvbUiZg=
Subject key identifier:   6C:27:CE:BC:69:13:3A:22:B2:AD:7F:D4:67:F0:D2:AE:81:54:E3:FC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       374E7DC5B1B0A4B2A7D012F108CE01D60600BDC1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133150.roa
Signing time:             Thu 16 Apr 2026 06:56:26 +0000
ROA not before:           Thu 16 Apr 2026 06:51:26 +0000
ROA not after:            Thu 15 Apr 2027 06:56:26 +0000
asID:                     133150
IP address blocks:        155.117.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:4e:7d:c5:b1:b0:a4:b2:a7:d0:12:f1:08:ce:01:d6:06:00:bd:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 16 06:51:26 2026 GMT
            Not After : Apr 15 06:56:26 2027 GMT
        Subject: CN=6C27CEBC69133A22B2AD7FD467F0D2AE8154E3FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2d:d4:aa:14:e3:6f:f0:30:42:21:fc:53:e9:
                    23:af:ba:e6:84:5a:19:e5:30:68:1d:27:eb:df:17:
                    ee:8f:2a:b0:e6:0f:73:77:bd:db:cd:64:21:b4:bf:
                    81:e1:9c:c0:83:fb:dc:07:6d:c5:72:d1:89:24:fd:
                    b4:92:a2:ae:59:6c:89:4b:19:4d:13:bd:6a:d2:bb:
                    95:fa:4e:fc:b5:ec:88:99:b8:3e:40:29:cd:e4:d5:
                    70:7f:8d:fb:50:64:41:c3:4e:65:28:a9:f2:21:61:
                    90:25:1d:f9:b3:5e:ae:b1:65:c7:d1:c5:69:e3:5f:
                    50:9f:1d:11:0d:20:ee:0d:01:f3:27:3d:3c:ba:f2:
                    e3:ce:00:fa:c0:5f:8c:d5:0a:cb:26:d4:2f:d1:07:
                    45:78:03:c9:39:7e:04:c1:31:99:3f:b3:8e:20:b1:
                    d6:f6:f0:72:20:b2:a4:06:86:1a:f0:3b:4d:84:ad:
                    af:9f:03:0b:25:1c:f1:f1:23:99:73:52:cf:7f:73:
                    0a:3d:c8:f8:bf:97:23:ca:13:6b:64:96:16:25:5f:
                    b6:e0:ab:77:ba:d7:18:4f:81:5b:b4:c5:b1:99:37:
                    ba:8b:f2:d9:00:7c:76:b3:0b:5b:95:29:6f:91:6b:
                    0f:70:65:4e:7e:73:2e:0d:7f:53:67:b2:4c:83:12:
                    3c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:27:CE:BC:69:13:3A:22:B2:AD:7F:D4:67:F0:D2:AE:81:54:E3:FC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:4b:b3:51:ab:5d:50:09:67:ef:3e:fd:61:cc:67:2b:bf:c1:
         d5:5b:b7:d8:f8:f4:89:90:1f:77:c7:0c:1b:83:8b:c8:82:78:
         b9:46:ca:04:9b:b8:86:8d:db:c0:42:e8:9b:6c:da:a0:16:41:
         64:a2:ef:05:ff:a6:21:c6:c9:d3:2a:9e:a8:ad:89:8e:07:ec:
         14:b9:b4:d9:37:92:d0:88:20:50:97:72:5c:16:56:44:04:05:
         38:7e:9d:c9:04:10:1b:66:dc:58:54:c7:3c:55:45:bf:61:55:
         5e:cb:86:08:a2:12:35:6e:1a:a5:bf:2f:c1:cc:1b:3f:a9:c7:
         f5:ee:05:69:a1:a0:8c:5c:2c:33:37:79:18:c6:d9:a5:2d:d5:
         1d:ff:19:86:ad:bd:6d:c5:7d:f3:f6:2c:c9:0b:ed:31:1b:a1:
         7a:34:45:90:a6:a2:2c:8b:fb:07:2b:16:49:71:1b:95:a5:a6:
         29:70:e8:a6:1b:6c:83:37:53:df:59:6c:94:3a:7b:10:9c:6b:
         d3:1d:c2:8a:9c:a2:32:f0:cd:a0:d2:82:cc:84:5e:be:4a:58:
         6a:67:29:79:cc:9c:0a:29:aa:e3:5f:9f:4e:ad:d4:f8:1d:85:
         69:47:7b:9b:46:d6:e5:16:2c:bc:74:b2:db:3e:9c:ea:5e:34:
         be:b9:98:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUN059xbGwpLKn0BLxCM4B1gYAvcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTYwNjUxMjZaFw0yNzA0MTUwNjU2MjZaMDMxMTAvBgNV
BAMTKDZDMjdDRUJDNjkxMzNBMjJCMkFEN0ZENDY3RjBEMkFFODE1NEUzRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDLdSqFONv8DBCIfxT6SOvuuaE
WhnlMGgdJ+vfF+6PKrDmD3N3vdvNZCG0v4HhnMCD+9wHbcVy0Ykk/bSSoq5ZbIlL
GU0TvWrSu5X6Tvy17IiZuD5AKc3k1XB/jftQZEHDTmUoqfIhYZAlHfmzXq6xZcfR
xWnjX1CfHRENIO4NAfMnPTy68uPOAPrAX4zVCssm1C/RB0V4A8k5fgTBMZk/s44g
sdb28HIgsqQGhhrwO02Era+fAwslHPHxI5lzUs9/cwo9yPi/lyPKE2tklhYlX7bg
q3e61xhPgVu0xbGZN7qL8tkAfHazC1uVKW+Raw9wZU5+cy4Nf1NnskyDEjwXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbCfOvGkTOiKyrX/UZ/DSroFU4/wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMzMTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3WX
MA0GCSqGSIb3DQEBCwUAA4IBAQAvS7NRq11QCWfvPv1hzGcrv8HVW7fY+PSJkB93
xwwbg4vIgni5RsoEm7iGjdvAQuibbNqgFkFkou8F/6YhxsnTKp6orYmOB+wUubTZ
N5LQiCBQl3JcFlZEBAU4fp3JBBAbZtxYVMc8VUW/YVVey4YIohI1bhqlvy/BzBs/
qcf17gVpoaCMXCwzN3kYxtmlLdUd/xmGrb1txX3z9izJC+0xG6F6NEWQpqIsi/sH
KxZJcRuVpaYpcOimG2yDN1PfWWyUOnsQnGvTHcKKnKIy8M2g0oLMhF6+SlhqZyl5
zJwKKarjX59OrdT4HYVpR3ubRtblFiy8dLLbPpzqXjS+uZi+
-----END CERTIFICATE-----