Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          6xJFOgBGQ95WyYBfSa0jsX6PTFYTcn9xTyQ0Y/u4pHw=
Subject key identifier:   B6:4F:AC:39:57:D0:9E:24:71:77:C5:13:12:42:2C:AF:7F:56:33:F0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       54A21E86414C9860443B5B4E387B48C9059FD3E5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa
Signing time:             Sun 02 Nov 2025 00:08:54 +0000
ROA not before:           Sun 02 Nov 2025 00:03:54 +0000
ROA not after:            Sun 01 Nov 2026 00:08:54 +0000
asID:                     152868
IP address blocks:        96.62.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:a2:1e:86:41:4c:98:60:44:3b:5b:4e:38:7b:48:c9:05:9f:d3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov  2 00:03:54 2025 GMT
            Not After : Nov  1 00:08:54 2026 GMT
        Subject: CN=B64FAC3957D09E247177C51312422CAF7F5633F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:15:73:1f:bd:3f:36:c9:77:89:a9:97:0a:02:
                    00:37:ed:e8:e9:7b:e4:83:0b:76:c3:8d:35:11:3a:
                    50:fb:0d:8a:a4:f3:44:7e:bc:32:4a:31:cd:b8:78:
                    4f:57:29:d0:55:aa:05:7f:4d:99:f7:0d:e0:62:80:
                    95:85:22:86:e0:26:2a:e2:b4:19:bd:47:bd:cd:e7:
                    2f:e7:62:ee:b4:3f:0b:d9:69:de:85:f6:6d:1d:0c:
                    6c:f4:dc:9a:2d:41:ca:89:64:3a:ea:91:83:12:4d:
                    02:9e:17:0b:47:72:a6:04:76:16:37:0a:2f:44:d8:
                    2e:de:af:67:96:82:5d:ae:7c:32:88:c8:a0:e0:f3:
                    1d:52:d5:7a:1d:9f:0e:b8:51:66:c5:69:90:18:3c:
                    c5:c5:52:e2:63:ae:84:d0:ca:e3:ad:9e:12:4b:ba:
                    30:bd:ca:95:f3:cc:70:e9:02:ec:51:a3:ec:73:63:
                    1a:70:91:ac:7b:01:b4:43:3d:5c:70:fb:7f:f7:43:
                    50:02:5f:2e:d7:03:0c:0b:cb:8f:72:34:08:46:a1:
                    83:a6:69:c6:85:8a:59:79:9c:1c:25:3b:01:f2:dd:
                    7e:bb:36:4e:0e:1a:5b:8f:b4:6c:7c:50:e0:9c:ca:
                    8b:9d:88:8f:44:36:77:7a:1a:08:f9:1d:81:f8:95:
                    6b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4F:AC:39:57:D0:9E:24:71:77:C5:13:12:42:2C:AF:7F:56:33:F0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:94:4c:48:83:48:15:e3:43:d5:14:82:33:24:08:37:30:15:
         23:80:68:c7:cf:4a:52:73:f5:d3:85:a5:d3:f8:f1:b0:b7:bf:
         83:70:58:85:3f:57:d4:9d:f1:a7:2d:e5:38:db:dc:28:25:18:
         29:be:01:b9:a4:ea:19:a8:28:dc:97:6a:cd:c6:df:7e:7b:f7:
         2c:f2:13:62:26:c2:af:8a:ba:1c:2e:2b:25:39:f1:97:1a:9a:
         81:b2:bf:1b:b8:72:8c:a8:99:4a:75:7c:64:72:ae:1c:13:b4:
         6b:1d:c1:5e:d1:76:d1:e4:5c:79:2a:6f:1a:64:fa:6a:64:c1:
         f5:bc:96:69:d8:fd:91:c4:71:0e:3a:30:1d:99:c5:3e:94:d6:
         0c:eb:1d:39:cd:4b:37:2e:ed:67:49:7b:12:ae:aa:80:f9:35:
         fd:a8:d6:6f:e7:85:f8:36:ca:26:24:4f:17:41:31:c4:e1:1f:
         c2:a2:44:04:42:6d:83:6d:a1:f9:83:e5:c3:d1:9d:be:04:2e:
         95:62:00:b0:d5:fd:af:a6:e8:f7:b0:98:57:eb:cf:e7:ff:4f:
         ca:38:77:8f:2c:ed:10:04:c8:d7:23:10:16:c9:aa:03:29:5d:
         70:20:ca:71:32:e0:16:cb:4a:6e:42:1d:5f:ea:42:99:3d:60:
         b2:a3:44:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVKIehkFMmGBEO1tOOHtIyQWf0+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTExMDIwMDAzNTRaFw0yNjExMDEwMDA4NTRaMDMxMTAvBgNV
BAMTKEI2NEZBQzM5NTdEMDlFMjQ3MTc3QzUxMzEyNDIyQ0FGN0Y1NjMzRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6FXMfvT82yXeJqZcKAgA37ejp
e+SDC3bDjTUROlD7DYqk80R+vDJKMc24eE9XKdBVqgV/TZn3DeBigJWFIobgJiri
tBm9R73N5y/nYu60PwvZad6F9m0dDGz03JotQcqJZDrqkYMSTQKeFwtHcqYEdhY3
Ci9E2C7er2eWgl2ufDKIyKDg8x1S1Xodnw64UWbFaZAYPMXFUuJjroTQyuOtnhJL
ujC9ypXzzHDpAuxRo+xzYxpwkax7AbRDPVxw+3/3Q1ACXy7XAwwLy49yNAhGoYOm
acaFill5nBwlOwHy3X67Nk4OGluPtGx8UOCcyoudiI9ENnd6Ggj5HYH4lWtDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtk+sOVfQniRxd8UTEkIsr39WM/AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD7c
MA0GCSqGSIb3DQEBCwUAA4IBAQBklExIg0gV40PVFIIzJAg3MBUjgGjHz0pSc/XT
haXT+PGwt7+DcFiFP1fUnfGnLeU429woJRgpvgG5pOoZqCjcl2rNxt9+e/cs8hNi
JsKvirocLislOfGXGpqBsr8buHKMqJlKdXxkcq4cE7RrHcFe0XbR5Fx5Km8aZPpq
ZMH1vJZp2P2RxHEOOjAdmcU+lNYM6x05zUs3Lu1nSXsSrqqA+TX9qNZv54X4Nsom
JE8XQTHE4R/CokQEQm2DbaH5g+XD0Z2+BC6VYgCw1f2vpuj3sJhX68/n/0/KOHeP
LO0QBMjXIxAWyaoDKV1wIMpxMuAWy0puQh1f6kKZPWCyo0Q+
-----END CERTIFICATE-----