Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53850.roa
File:                     AS53850.roa (raw, json)
Hash identifier:          j3vdv9on7AwkcmVy7wGmbhDoFLIMipl9H8nzlsUZaRU=
Subject key identifier:   5F:6B:FE:51:C4:B5:CE:2D:14:BB:B6:D0:D4:EB:18:DF:F4:7E:44:99
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4CB0ED6485F9114CD61C89473B6A6DF2BEEDA6AA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53850.roa
Signing time:             Sun 29 Mar 2026 00:01:25 +0000
ROA not before:           Sat 28 Mar 2026 23:56:25 +0000
ROA not after:            Sun 28 Mar 2027 00:01:25 +0000
asID:                     53850
IP address blocks:        155.117.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:b0:ed:64:85:f9:11:4c:d6:1c:89:47:3b:6a:6d:f2:be:ed:a6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 28 23:56:25 2026 GMT
            Not After : Mar 28 00:01:25 2027 GMT
        Subject: CN=5F6BFE51C4B5CE2D14BBB6D0D4EB18DFF47E4499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:44:e1:ac:30:11:bb:d4:2e:00:82:2c:69:02:
                    fb:4c:0f:1a:d1:4a:58:7b:9e:ed:e2:1c:f6:6c:be:
                    23:9a:56:08:4e:3f:4a:38:9d:1d:32:61:78:80:f4:
                    5a:83:65:55:16:52:a8:06:a8:8b:5e:6d:22:98:fd:
                    c1:db:84:df:ac:84:25:59:61:76:6a:8a:3e:07:88:
                    b9:4a:da:56:b0:0e:96:d3:f2:02:69:79:8f:aa:54:
                    cc:fd:64:47:35:62:3c:94:f3:a8:a4:05:c4:ed:71:
                    2f:59:d6:e6:ce:df:db:e5:70:a7:ad:c3:5d:9d:f9:
                    f5:b1:d7:e0:d8:47:d0:a1:8a:e6:ec:38:a0:3b:79:
                    69:81:56:ef:b3:63:ea:e4:72:b2:fc:77:d3:6e:5c:
                    ed:a0:aa:00:4a:53:a7:75:99:4e:af:a4:53:28:c8:
                    5f:a3:6c:88:26:ef:95:73:cb:d1:7d:41:62:73:74:
                    0e:e3:71:c7:a6:61:ee:0d:b3:b6:55:6b:9c:73:93:
                    43:25:eb:d6:17:a0:a0:0f:02:1e:ab:d4:08:2a:a2:
                    ea:11:75:9d:5d:50:78:b6:d5:31:51:03:d1:03:28:
                    05:b5:5d:d2:f3:2d:38:68:6f:ab:89:bf:7a:44:16:
                    75:b0:5e:77:d3:1c:c2:91:7d:ba:1e:e4:30:76:3e:
                    a2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6B:FE:51:C4:B5:CE:2D:14:BB:B6:D0:D4:EB:18:DF:F4:7E:44:99
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53850.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f3:d6:cd:bb:bf:b8:61:82:a8:a1:7e:bc:00:60:56:4c:6a:
         fd:f5:6d:70:58:52:31:f6:d8:64:6f:87:13:93:3a:0a:ba:2c:
         27:44:02:f1:55:66:ff:7f:f7:77:0a:34:3d:1c:c0:39:3a:5e:
         48:86:c0:9a:41:ae:01:92:15:a1:8c:18:4c:5d:22:c1:3e:d8:
         3f:f2:1b:cc:f8:5b:28:c3:b9:dc:af:79:9e:1d:e8:b3:9e:1e:
         e1:02:66:3f:f3:3c:c7:4d:24:0f:93:26:21:c1:48:ad:36:07:
         2e:cf:d4:6d:fe:aa:05:94:bc:dd:98:b2:5c:0e:dc:64:dd:f0:
         9c:59:17:68:2d:e3:17:8b:3c:4c:47:68:0d:8e:24:0d:db:9f:
         db:8e:a6:9c:45:d7:ed:8d:eb:60:b0:1b:4d:2e:f4:24:43:33:
         0d:8b:7f:22:0b:f7:29:3e:f9:09:e5:f5:4d:6e:00:2e:0d:aa:
         04:18:62:f5:0d:84:79:97:40:0e:cf:e5:6d:dc:84:88:f1:34:
         ce:e1:9b:2b:3e:80:07:b6:70:63:61:fa:81:2e:08:f2:69:d5:
         4b:17:0a:87:c3:e3:55:f0:ae:04:d1:cd:dc:ea:ef:a4:31:ca:
         c9:f4:f5:03:21:c8:96:2d:a7:f5:11:be:c4:33:25:6b:c2:61:
         a9:a5:f1:e8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTLDtZIX5EUzWHIlHO2pt8r7tpqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjgyMzU2MjVaFw0yNzAzMjgwMDAxMjVaMDMxMTAvBgNV
BAMTKDVGNkJGRTUxQzRCNUNFMkQxNEJCQjZEMEQ0RUIxOERGRjQ3RTQ0OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDROGsMBG71C4AgixpAvtMDxrR
Slh7nu3iHPZsviOaVghOP0o4nR0yYXiA9FqDZVUWUqgGqItebSKY/cHbhN+shCVZ
YXZqij4HiLlK2lawDpbT8gJpeY+qVMz9ZEc1YjyU86ikBcTtcS9Z1ubO39vlcKet
w12d+fWx1+DYR9ChiubsOKA7eWmBVu+zY+rkcrL8d9NuXO2gqgBKU6d1mU6vpFMo
yF+jbIgm75Vzy9F9QWJzdA7jccemYe4Ns7ZVa5xzk0Ml69YXoKAPAh6r1AgqouoR
dZ1dUHi21TFRA9EDKAW1XdLzLThob6uJv3pEFnWwXnfTHMKRfboe5DB2PqKdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUX2v+UcS1zi0Uu7bQ1OsY3/R+RJkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTM4NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACbdaEw
DQYJKoZIhvcNAQELBQADggEBAE7z1s27v7hhgqihfrwAYFZMav31bXBYUjH22GRv
hxOTOgq6LCdEAvFVZv9/93cKND0cwDk6XkiGwJpBrgGSFaGMGExdIsE+2D/yG8z4
WyjDudyveZ4d6LOeHuECZj/zPMdNJA+TJiHBSK02By7P1G3+qgWUvN2YslwO3GTd
8JxZF2gt4xeLPExHaA2OJA3bn9uOppxF1+2N62CwG00u9CRDMw2LfyIL9yk++Qnl
9U1uAC4NqgQYYvUNhHmXQA7P5W3chIjxNM7hmys+gAe2cGNh+oEuCPJp1UsXCofD
41XwrgTRzdzq76Qxysn09QMhyJYtp/URvsQzJWvCYaml8eg=
-----END CERTIFICATE-----