Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274052.roa
File:                     AS274052.roa (raw, json)
Hash identifier:          7u6ANULF2dU+203sCu87DLGbKugDhR3ySEqg/qe2I6Y=
Subject key identifier:   6B:F1:2E:65:75:C7:3E:14:41:2D:8B:CA:DC:BC:97:1D:B4:2A:07:94
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       048501836FF07B9FEF6030339DB01BC3A84333E2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274052.roa
Signing time:             Wed 01 Apr 2026 01:08:16 +0000
ROA not before:           Wed 01 Apr 2026 01:03:16 +0000
ROA not after:            Wed 31 Mar 2027 01:08:16 +0000
asID:                     274052
IP address blocks:        167.148.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:85:01:83:6f:f0:7b:9f:ef:60:30:33:9d:b0:1b:c3:a8:43:33:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 01:03:16 2026 GMT
            Not After : Mar 31 01:08:16 2027 GMT
        Subject: CN=6BF12E6575C73E14412D8BCADCBC971DB42A0794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a4:e0:d3:3e:58:aa:35:e1:32:33:db:5e:5d:
                    12:91:70:01:e6:a1:cf:d9:99:bf:03:50:b6:81:d7:
                    23:65:e4:70:4b:4a:bd:9a:cb:6d:3d:d5:c6:c9:6d:
                    52:49:3b:e9:d0:07:30:da:9f:ad:05:5a:c1:9e:7e:
                    54:3f:4b:03:16:3e:13:83:7a:e4:44:dd:1f:7b:29:
                    df:8c:88:3e:c1:98:26:bc:20:67:c9:36:40:be:fc:
                    09:c4:ec:27:46:01:a7:30:fa:62:2f:ef:9d:d6:bd:
                    b5:80:11:3b:c5:20:63:9e:da:e4:36:ef:48:5c:09:
                    5b:6a:21:73:59:3b:e3:33:1e:03:95:82:a8:16:85:
                    50:54:27:30:81:db:29:5e:1f:0d:3c:58:85:8c:3f:
                    4a:65:42:96:c4:61:d3:54:50:1c:5a:ad:e5:23:cc:
                    c1:24:c4:92:14:c6:ee:2e:83:dd:9e:b5:95:16:65:
                    10:dc:64:bf:31:df:ba:e2:3b:85:61:d5:5c:c8:4d:
                    64:8d:c8:03:5f:89:e7:58:8a:f4:a8:b7:1d:cb:e0:
                    e1:83:cf:a1:06:92:68:32:2c:84:62:55:cb:f4:0b:
                    9d:a5:33:35:f9:ee:40:f8:51:1e:4c:f9:24:c2:07:
                    7c:99:e4:6f:63:c8:9e:9d:7a:bf:33:56:79:52:ff:
                    11:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F1:2E:65:75:C7:3E:14:41:2D:8B:CA:DC:BC:97:1D:B4:2A:07:94
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274052.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c3:1e:a2:be:15:6f:c8:87:08:7a:09:4e:22:1c:47:ef:b4:
         bb:80:ba:e1:14:d6:f0:04:a5:a8:f3:2e:15:93:02:51:82:97:
         e5:67:f5:70:ae:13:b2:e1:6a:9a:80:dd:cb:f7:7d:c9:08:05:
         bc:76:da:90:11:22:ad:ba:4e:11:8f:58:4e:cb:cb:05:dc:fd:
         d0:2b:43:5b:48:66:59:3e:d7:0b:a6:b9:30:46:91:2d:2f:26:
         f2:8f:eb:e8:cd:50:e3:c2:5a:80:f9:d8:87:28:d3:55:01:16:
         d9:60:f7:d3:48:35:3d:27:32:ab:19:f6:ed:43:45:21:32:41:
         a8:ec:dc:14:36:22:5d:6e:48:fa:8f:08:93:24:47:2a:0e:b4:
         2a:2e:37:f9:58:68:ac:81:98:ee:9a:66:a3:10:3a:6b:cc:ae:
         c5:f5:af:6b:92:ef:68:40:89:a8:9f:90:2e:52:9b:3a:bb:1e:
         0b:39:af:f9:bd:18:e4:49:fa:75:66:65:0c:71:2e:7c:56:ff:
         99:c2:1a:93:a6:c7:a5:78:c6:44:7a:7d:ac:75:10:fc:30:86:
         98:d7:33:8c:4d:e8:c5:55:ec:44:19:3a:e8:37:ad:95:f2:9f:
         4c:4d:f4:ef:b6:17:eb:b3:c8:dc:91:70:dd:87:31:40:01:dd:
         fd:5b:6f:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBIUBg2/we5/vYDAznbAbw6hDM+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDEwMTAzMTZaFw0yNzAzMzEwMTA4MTZaMDMxMTAvBgNV
BAMTKDZCRjEyRTY1NzVDNzNFMTQ0MTJEOEJDQURDQkM5NzFEQjQyQTA3OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqpODTPliqNeEyM9teXRKRcAHm
oc/Zmb8DULaB1yNl5HBLSr2ay2091cbJbVJJO+nQBzDan60FWsGeflQ/SwMWPhOD
euRE3R97Kd+MiD7BmCa8IGfJNkC+/AnE7CdGAacw+mIv753WvbWAETvFIGOe2uQ2
70hcCVtqIXNZO+MzHgOVgqgWhVBUJzCB2yleHw08WIWMP0plQpbEYdNUUBxareUj
zMEkxJIUxu4ug92etZUWZRDcZL8x37riO4Vh1VzITWSNyANfiedYivSotx3L4OGD
z6EGkmgyLIRiVcv0C52lMzX57kD4UR5M+STCB3yZ5G9jyJ6der8zVnlS/xGNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUa/EuZXXHPhRBLYvK3LyXHbQqB5QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjc0MDUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5Ta
MA0GCSqGSIb3DQEBCwUAA4IBAQBiwx6ivhVvyIcIeglOIhxH77S7gLrhFNbwBKWo
8y4VkwJRgpflZ/VwrhOy4WqagN3L933JCAW8dtqQESKtuk4Rj1hOy8sF3P3QK0Nb
SGZZPtcLprkwRpEtLybyj+vozVDjwlqA+diHKNNVARbZYPfTSDU9JzKrGfbtQ0Uh
MkGo7NwUNiJdbkj6jwiTJEcqDrQqLjf5WGisgZjummajEDprzK7F9a9rku9oQImo
n5AuUps6ux4LOa/5vRjkSfp1ZmUMcS58Vv+ZwhqTpseleMZEen2sdRD8MIaY1zOM
TejFVexEGTroN62V8p9MTfTvthfrs8jckXDdhzFAAd39W295
-----END CERTIFICATE-----