Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa
File:                     AS153622.roa (raw, json)
Hash identifier:          8UA8u9UeRxHfR0tFgaZX/2yM+rCuLUclC8VLQa5g8es=
Subject key identifier:   59:ED:20:D8:62:FD:17:1A:E9:BA:FF:D2:F3:C9:7D:FE:00:DD:A8:9E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       26D013C45BA54CDF6B5CB4A7799A7B66713316A4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa
Signing time:             Fri 05 Jun 2026 07:52:53 +0000
ROA not before:           Fri 05 Jun 2026 07:47:53 +0000
ROA not after:            Fri 04 Jun 2027 07:52:53 +0000
asID:                     153622
IP address blocks:        155.117.136.0/24 maxlen: 24
                          168.222.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d0:13:c4:5b:a5:4c:df:6b:5c:b4:a7:79:9a:7b:66:71:33:16:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 07:47:53 2026 GMT
            Not After : Jun  4 07:52:53 2027 GMT
        Subject: CN=59ED20D862FD171AE9BAFFD2F3C97DFE00DDA89E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:17:7f:f2:19:28:60:e5:0a:60:a1:24:9c:37:
                    2e:1f:38:8d:9d:1c:fe:76:9d:d7:cc:8d:1c:c1:88:
                    57:a5:85:07:49:7b:0b:9b:fa:bd:a4:b5:64:1a:ed:
                    ab:76:8a:15:3d:ab:eb:79:93:f8:3f:e3:b8:7a:f5:
                    d2:2a:37:11:9e:a9:8a:0c:35:ac:d4:4e:dd:09:5d:
                    55:32:92:57:13:d3:ab:eb:68:84:da:8f:39:1f:16:
                    e5:a8:e1:eb:54:d9:d1:10:e7:f9:28:16:0b:d4:2b:
                    62:89:d6:1b:dd:13:10:d5:40:37:02:c7:65:90:7e:
                    35:c8:78:97:73:fb:0d:c7:80:48:45:45:41:b0:bf:
                    bc:79:79:a3:59:3c:a5:2e:79:69:d5:48:6f:f9:57:
                    0c:3f:aa:20:7a:d8:28:75:92:cc:8c:2e:e2:f8:ac:
                    f9:a3:72:06:5e:5e:a5:43:3d:39:05:d1:51:29:8c:
                    6c:3e:0a:30:ee:65:5a:9c:be:f6:09:2e:cc:d8:20:
                    ca:5c:29:ad:db:68:22:6b:21:b4:a0:4a:de:f5:65:
                    37:54:53:d3:dd:2a:ab:84:a8:a6:f1:d3:7e:07:27:
                    3f:33:82:3f:98:ff:47:f1:b4:1c:7c:b1:d8:a6:50:
                    0b:38:24:1f:ef:da:87:a4:11:3f:71:ea:89:98:3a:
                    4b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:ED:20:D8:62:FD:17:1A:E9:BA:FF:D2:F3:C9:7D:FE:00:DD:A8:9E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.136.0/24
                  168.222.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:e9:91:c6:47:94:ce:c0:c6:0b:6f:f4:f9:6e:c3:2b:3d:5e:
         79:e6:2e:e9:54:47:ca:44:e9:de:c7:b2:0b:02:11:28:67:ae:
         8c:e8:55:be:65:b2:ba:ae:93:4c:95:28:98:58:0b:56:66:e1:
         c6:c5:59:96:65:34:f4:b7:89:bc:07:d4:73:e3:59:f7:d3:b6:
         0c:b0:0f:fe:b4:63:04:25:4d:d0:71:57:1c:cf:6e:87:b2:f9:
         67:3b:05:22:9e:d0:e3:94:7a:cf:d7:6d:53:0d:ae:80:9e:f0:
         fc:f5:0f:17:60:21:3f:86:80:58:54:c2:d1:a1:41:a8:fc:64:
         04:52:8f:e6:65:81:ac:84:15:e5:b9:40:05:5f:62:3e:14:c1:
         2f:37:b8:77:fc:57:4f:a5:ab:0b:39:b5:1c:9e:5a:ea:d8:8f:
         5d:4e:59:c2:91:5e:6e:f8:c4:80:e0:b2:09:37:14:ea:a0:4c:
         8f:94:a1:58:29:6e:cf:8e:df:da:86:25:83:fe:cc:22:cb:9a:
         2d:43:b5:e1:83:dd:c6:c4:98:28:00:89:05:fd:3e:da:06:4f:
         61:21:20:8d:c7:68:64:cd:7e:fc:72:11:6c:97:5f:92:9b:60:
         cd:2f:e9:47:55:48:0a:10:cc:02:64:cf:5f:32:e8:50:14:2d:
         07:16:de:e4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJtATxFulTN9rXLSneZp7ZnEzFqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUwNzQ3NTNaFw0yNzA2MDQwNzUyNTNaMDMxMTAvBgNV
BAMTKDU5RUQyMEQ4NjJGRDE3MUFFOUJBRkZEMkYzQzk3REZFMDBEREE4OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXF3/yGShg5QpgoSScNy4fOI2d
HP52ndfMjRzBiFelhQdJewub+r2ktWQa7at2ihU9q+t5k/g/47h69dIqNxGeqYoM
NazUTt0JXVUyklcT06vraITajzkfFuWo4etU2dEQ5/koFgvUK2KJ1hvdExDVQDcC
x2WQfjXIeJdz+w3HgEhFRUGwv7x5eaNZPKUueWnVSG/5Vww/qiB62Ch1ksyMLuL4
rPmjcgZeXqVDPTkF0VEpjGw+CjDuZVqcvvYJLszYIMpcKa3baCJrIbSgSt71ZTdU
U9PdKquEqKbx034HJz8zgj+Y/0fxtBx8sdimUAs4JB/v2oekET9x6omYOkuFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUWe0g2GL9Fxrpuv/S88l9/gDdqJ4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNjIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3WI
AwQAqN4pMA0GCSqGSIb3DQEBCwUAA4IBAQCt6ZHGR5TOwMYLb/T5bsMrPV555i7p
VEfKROnex7ILAhEoZ66M6FW+ZbK6rpNMlSiYWAtWZuHGxVmWZTT0t4m8B9Rz41n3
07YMsA/+tGMEJU3QcVccz26HsvlnOwUintDjlHrP121TDa6AnvD89Q8XYCE/hoBY
VMLRoUGo/GQEUo/mZYGshBXluUAFX2I+FMEvN7h3/FdPpasLObUcnlrq2I9dTlnC
kV5u+MSA4LIJNxTqoEyPlKFYKW7Pjt/ahiWD/swiy5otQ7Xhg93GxJgoAIkF/T7a
Bk9hISCNx2hkzX78chFsl1+Sm2DNL+lHVUgKEMwCZM9fMuhQFC0HFt7k
-----END CERTIFICATE-----