Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153656.roa
File:                     AS153656.roa (raw, json)
Hash identifier:          PmQ6HDUI4Veyq4RLCzdiWXkLqJ+UOZp4bzRc9F7dc50=
Subject key identifier:   68:0C:C3:97:78:8F:14:96:A0:CF:7B:CE:AF:A9:FA:D0:57:66:CD:1C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       53B6A2DC7A77FD594258FF78D0D3F6792FD8CA8A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153656.roa
Signing time:             Wed 30 Jul 2025 02:50:20 +0000
ROA not before:           Wed 30 Jul 2025 02:45:20 +0000
ROA not after:            Wed 29 Jul 2026 02:50:20 +0000
asID:                     153656
IP address blocks:        155.117.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:b6:a2:dc:7a:77:fd:59:42:58:ff:78:d0:d3:f6:79:2f:d8:ca:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 30 02:45:20 2025 GMT
            Not After : Jul 29 02:50:20 2026 GMT
        Subject: CN=680CC397788F1496A0CF7BCEAFA9FAD05766CD1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8e:df:81:a0:04:02:d8:16:d4:92:57:b2:af:
                    ee:c7:a4:81:12:95:52:da:92:cf:ea:12:2d:82:c0:
                    ce:45:ce:f8:10:b4:a7:80:cc:f9:ac:f9:35:be:c2:
                    b1:da:5a:90:3b:12:a2:90:0f:b0:5c:bd:e1:c0:b6:
                    3b:24:85:19:3f:83:e9:34:a4:dc:e3:86:3a:c4:d8:
                    65:15:f8:77:6d:1e:9d:49:79:36:43:1f:0b:2c:da:
                    10:89:f7:03:8e:f7:eb:71:48:41:ef:78:e7:01:bd:
                    40:22:35:69:d2:89:cd:5b:52:30:11:22:55:e7:c2:
                    1f:73:c5:32:40:25:b4:e7:cc:1c:f6:8c:72:eb:7b:
                    fa:2f:b1:e9:58:68:ab:a1:be:d6:d8:d8:26:dd:5e:
                    9a:93:74:95:62:9b:45:ba:f0:1c:ce:18:95:73:cd:
                    d2:f0:0f:80:24:b1:f1:97:2a:41:3f:dc:74:e2:82:
                    b1:ee:1e:bb:72:84:d0:c9:c1:94:10:08:45:f2:07:
                    e7:de:94:67:17:00:80:6a:50:3d:f3:12:40:d9:5f:
                    84:62:2b:9c:72:e9:d9:e7:91:f3:44:6a:38:58:83:
                    e9:2c:03:54:dd:e0:97:a9:00:e4:09:4a:46:7b:37:
                    e2:ee:9c:49:4c:9f:cf:88:21:f6:a6:a1:1c:85:0b:
                    38:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0C:C3:97:78:8F:14:96:A0:CF:7B:CE:AF:A9:FA:D0:57:66:CD:1C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:4d:24:26:c9:9e:87:fe:ae:24:1a:b4:3d:d4:32:38:37:37:
         24:8b:13:a2:9c:f9:0b:4d:05:81:85:87:12:dd:3f:a0:b4:1b:
         66:5d:45:f9:6e:df:1d:17:b2:44:a0:fa:0b:f0:6c:5a:ec:0e:
         5e:00:e4:d4:eb:b0:92:23:13:a3:ad:9d:90:3f:5f:39:b8:6e:
         1a:94:b5:b9:0a:3c:d0:92:31:ec:63:7c:1d:35:94:8d:8e:a2:
         b7:c4:71:41:65:d3:21:02:fc:ab:06:f0:00:f1:4e:b8:21:01:
         99:e9:86:93:c7:cc:93:06:02:b5:ca:8c:7a:ca:c1:be:cf:9f:
         4f:64:fa:28:21:ff:43:be:f4:24:d1:0b:55:af:2a:61:5e:a0:
         c6:52:ca:68:5e:c4:9d:1a:97:cb:b7:65:43:3c:f7:b0:88:cd:
         cb:34:86:9f:53:fc:2f:66:77:6f:48:97:ed:80:dc:9f:4d:4e:
         4f:96:a5:38:02:9e:fb:37:64:84:55:fa:0b:dd:c1:3e:7d:d5:
         14:ec:31:30:1f:f6:5d:c9:1c:21:d8:4e:a0:35:46:1b:0d:d7:
         b7:5b:9e:ec:5a:03:22:21:9e:98:3a:76:bd:da:b7:4e:3a:ae:
         95:57:ae:6c:98:96:09:b7:57:d2:4d:44:28:06:4f:f1:43:3a:
         9a:6d:a5:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU7ai3Hp3/VlCWP940NP2eS/YyoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MzAwMjQ1MjBaFw0yNjA3MjkwMjUwMjBaMDMxMTAvBgNV
BAMTKDY4MENDMzk3Nzg4RjE0OTZBMENGN0JDRUFGQTlGQUQwNTc2NkNEMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdjt+BoAQC2BbUkleyr+7HpIES
lVLaks/qEi2CwM5FzvgQtKeAzPms+TW+wrHaWpA7EqKQD7BcveHAtjskhRk/g+k0
pNzjhjrE2GUV+HdtHp1JeTZDHwss2hCJ9wOO9+txSEHveOcBvUAiNWnSic1bUjAR
IlXnwh9zxTJAJbTnzBz2jHLre/ovselYaKuhvtbY2CbdXpqTdJVim0W68BzOGJVz
zdLwD4AksfGXKkE/3HTigrHuHrtyhNDJwZQQCEXyB+felGcXAIBqUD3zEkDZX4Ri
K5xy6dnnkfNEajhYg+ksA1Td4JepAOQJSkZ7N+LunElMn8+IIfamoRyFCzgjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaAzDl3iPFJagz3vOr6n60FdmzRwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Vi
MA0GCSqGSIb3DQEBCwUAA4IBAQB/TSQmyZ6H/q4kGrQ91DI4NzckixOinPkLTQWB
hYcS3T+gtBtmXUX5bt8dF7JEoPoL8Gxa7A5eAOTU67CSIxOjrZ2QP185uG4alLW5
CjzQkjHsY3wdNZSNjqK3xHFBZdMhAvyrBvAA8U64IQGZ6YaTx8yTBgK1yox6ysG+
z59PZPooIf9DvvQk0QtVryphXqDGUspoXsSdGpfLt2VDPPewiM3LNIafU/wvZndv
SJftgNyfTU5PlqU4Ap77N2SEVfoL3cE+fdUU7DEwH/ZdyRwh2E6gNUYbDde3W57s
WgMiIZ6YOna92rdOOq6VV65smJYJt1fSTUQoBk/xQzqabaVf
-----END CERTIFICATE-----