Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS152179.roa
File:                     AS152179.roa (raw, json)
Hash identifier:          3s5ZO5zsIBGOTYB/W7LkLPPbBTA+gesfrHvDmlpyA+0=
Subject key identifier:   2E:68:D6:EB:A5:46:6B:AD:9B:D7:D1:5A:8F:73:42:A6:B0:27:79:5B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       5BB162D70DA4628A96A07B51E8074162A8B85F8F
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS152179.roa
Signing time:             Wed 15 Apr 2026 00:04:18 +0000
ROA not before:           Tue 14 Apr 2026 23:59:18 +0000
ROA not after:            Wed 14 Apr 2027 00:04:18 +0000
asID:                     152179
IP address blocks:        46.236.198.0/24 maxlen: 24
                          46.236.200.0/23 maxlen: 24
                          46.236.220.0/24 maxlen: 24
                          46.236.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:b1:62:d7:0d:a4:62:8a:96:a0:7b:51:e8:07:41:62:a8:b8:5f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 14 23:59:18 2026 GMT
            Not After : Apr 14 00:04:18 2027 GMT
        Subject: CN=2E68D6EBA5466BAD9BD7D15A8F7342A6B027795B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:41:35:b3:a2:84:4a:2c:6e:45:92:ad:b9:
                    27:2b:30:a7:f6:8b:83:8e:20:a1:2c:40:37:7e:c8:
                    e9:7d:e8:1c:bf:99:6c:b5:97:a0:fd:b1:ce:13:e8:
                    8e:7a:84:d7:3f:96:69:87:f4:4f:a8:44:c1:eb:70:
                    5f:7c:87:2f:9d:19:d0:0c:23:fc:20:ae:ae:8b:63:
                    cf:f9:87:e6:22:5d:b2:1f:42:16:43:dd:6d:78:61:
                    98:b4:3c:b4:f5:72:41:28:2f:d0:21:73:4d:31:b1:
                    a3:e9:c4:56:65:60:3b:0b:36:0c:c4:87:19:ca:4e:
                    ac:e9:dd:bc:c6:0b:66:43:22:36:12:b8:47:57:0d:
                    7c:bb:0c:d6:fc:88:99:6a:11:5b:15:10:86:71:77:
                    9a:3b:e7:53:fb:8d:a8:6b:ad:53:d5:06:75:8a:1b:
                    ba:a4:32:ae:3d:9a:6c:5b:ec:1f:a2:5e:42:4b:c6:
                    5d:ca:f6:2a:b1:cf:f4:37:9c:9b:0e:46:79:0b:fa:
                    30:0f:f0:46:33:83:15:36:dd:67:7e:ec:70:02:b2:
                    7e:9c:83:9e:40:9a:26:e1:d0:16:9d:84:ec:2b:07:
                    0a:75:d8:f4:dc:e7:e4:ee:fb:1c:a0:18:87:3c:6b:
                    fb:42:51:7a:f2:4d:c4:ff:ab:5f:9c:9d:7a:30:98:
                    ec:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:68:D6:EB:A5:46:6B:AD:9B:D7:D1:5A:8F:73:42:A6:B0:27:79:5B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS152179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.198.0/24
                  46.236.200.0/23
                  46.236.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:62:3a:4e:0b:00:bd:f9:20:87:a9:69:cf:b9:88:ce:e2:e0:
         4c:7c:4c:87:4e:f5:32:1b:50:a2:54:37:f1:84:01:2a:67:16:
         2b:7e:b2:00:30:bd:be:fe:0b:11:81:d3:26:e4:5c:f4:66:cd:
         bb:ec:af:65:25:c9:63:b8:ff:0d:1c:71:2c:74:f8:c9:22:8f:
         73:c5:86:21:cc:0b:be:44:e3:11:03:af:36:d7:3b:29:e0:15:
         53:c6:bb:38:ff:23:70:07:28:81:60:c1:39:1d:fb:3c:d5:37:
         8f:fc:5a:6f:7b:a2:89:ff:c0:0b:c8:bc:c8:ca:c6:38:82:a4:
         31:10:f7:93:cd:0d:9e:46:0a:d5:d5:9e:2e:3a:9a:e7:b7:2b:
         45:52:b0:ab:33:01:c9:bc:46:7b:d6:70:80:03:21:fe:22:63:
         4a:cc:c8:c1:a0:3a:a7:f4:91:93:e1:eb:77:13:d2:1b:94:e8:
         fd:ad:d6:a4:bb:dd:8b:d3:7c:5a:41:fd:bf:f8:81:da:44:cf:
         54:d6:83:66:47:8a:56:9b:a5:0d:e6:f2:4f:32:2d:50:70:aa:
         d7:da:2f:35:bc:04:c0:9a:ca:68:bb:af:fb:2c:82:9c:80:d7:
         7f:d4:10:2b:14:68:9b:18:d9:b8:6c:57:da:aa:f6:b2:49:36:
         29:f7:63:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUW7Fi1w2kYoqWoHtR6AdBYqi4X48wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MTQyMzU5MThaFw0yNzA0MTQwMDA0MThaMDMxMTAvBgNV
BAMTKDJFNjhENkVCQTU0NjZCQUQ5QkQ3RDE1QThGNzM0MkE2QjAyNzc5NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw40E1s6KESixuRZKtuScrMKf2
i4OOIKEsQDd+yOl96By/mWy1l6D9sc4T6I56hNc/lmmH9E+oRMHrcF98hy+dGdAM
I/wgrq6LY8/5h+YiXbIfQhZD3W14YZi0PLT1ckEoL9Ahc00xsaPpxFZlYDsLNgzE
hxnKTqzp3bzGC2ZDIjYSuEdXDXy7DNb8iJlqEVsVEIZxd5o751P7jahrrVPVBnWK
G7qkMq49mmxb7B+iXkJLxl3K9iqxz/Q3nJsORnkL+jAP8EYzgxU23Wd+7HACsn6c
g55Amibh0BadhOwrBwp12PTc5+Tu+xygGIc8a/tCUXryTcT/q1+cnXowmOyjAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQULmjW66VGa62b19Faj3NCprAneVswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTUyMTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALuzG
AwQBLuzIAwQBLuzcMA0GCSqGSIb3DQEBCwUAA4IBAQAOYjpOCwC9+SCHqWnPuYjO
4uBMfEyHTvUyG1CiVDfxhAEqZxYrfrIAML2+/gsRgdMm5Fz0Zs277K9lJcljuP8N
HHEsdPjJIo9zxYYhzAu+ROMRA6821zsp4BVTxrs4/yNwByiBYME5Hfs81TeP/Fpv
e6KJ/8ALyLzIysY4gqQxEPeTzQ2eRgrV1Z4uOprntytFUrCrMwHJvEZ71nCAAyH+
ImNKzMjBoDqn9JGT4et3E9IblOj9rdaku92L03xaQf2/+IHaRM9U1oNmR4pWm6UN
5vJPMi1QcKrX2i81vATAmspou6/7LIKcgNd/1BArFGibGNm4bFfaqvaySTYp92Mk
-----END CERTIFICATE-----