Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150293.roa
File:                     AS150293.roa (raw, json)
Hash identifier:          10Xe7764iQeATPuvN2wjsB6ZKfi+Ws6xlHzP9213csg=
Subject key identifier:   EF:0E:17:E7:4E:90:04:B2:7E:37:55:F4:5A:FC:E8:27:B8:8E:B0:65
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       05835DFC2DB924669158CEDF0016F163A8CF6327
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150293.roa
Signing time:             Thu 09 Apr 2026 09:16:37 +0000
ROA not before:           Thu 09 Apr 2026 09:11:37 +0000
ROA not after:            Thu 08 Apr 2027 09:16:37 +0000
asID:                     150293
IP address blocks:        191.96.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 15:58:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:83:5d:fc:2d:b9:24:66:91:58:ce:df:00:16:f1:63:a8:cf:63:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  9 09:11:37 2026 GMT
            Not After : Apr  8 09:16:37 2027 GMT
        Subject: CN=EF0E17E74E9004B27E3755F45AFCE827B88EB065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6b:32:4f:3f:53:96:b1:dc:76:9c:6c:99:f6:
                    58:ed:af:5b:d3:26:0f:24:ed:27:56:fa:ac:f3:5c:
                    55:a3:ea:e8:7f:36:f5:24:c0:85:46:35:80:9b:79:
                    30:d7:a7:9a:97:4c:4b:0e:33:60:6b:06:e7:59:e8:
                    a9:31:12:47:43:8c:ea:2d:31:12:a8:80:dc:ae:2b:
                    1a:87:62:80:c6:c0:99:b2:a5:27:dd:5f:51:79:83:
                    0c:48:c4:c4:45:37:73:8d:14:bc:b5:0c:8e:66:cf:
                    09:ac:3e:e9:c8:cc:ca:fb:bb:3e:8b:58:a8:a1:be:
                    5c:a2:41:ee:61:55:d6:53:48:50:09:12:fe:e5:99:
                    a4:0a:c5:d9:9b:c1:47:99:6f:94:c3:57:61:f0:c3:
                    b7:ff:46:0b:db:2b:64:c4:f4:6e:09:62:9d:a7:ae:
                    4e:1c:ff:1b:69:29:e7:b5:12:4b:62:01:50:cb:bc:
                    22:9c:49:88:e6:ae:7e:01:9f:73:25:be:4b:e0:9b:
                    5d:b9:5e:1d:b8:d1:92:14:73:7a:92:89:1a:f5:98:
                    32:87:42:4b:33:2c:dd:0c:45:1b:33:a6:02:6b:1b:
                    a7:fd:3f:78:58:75:6e:fd:fd:18:69:40:70:51:71:
                    87:85:4d:1f:a4:fa:62:6e:1c:b2:26:ea:16:54:1f:
                    13:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:0E:17:E7:4E:90:04:B2:7E:37:55:F4:5A:FC:E8:27:B8:8E:B0:65
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:4e:62:26:5a:dd:07:10:cc:9c:ad:28:87:04:2b:a3:13:86:
         7e:a9:3c:d4:e8:80:09:28:eb:e2:52:8f:53:c5:1e:91:63:ae:
         a4:7e:de:d5:82:fd:ce:ac:3e:02:91:45:82:af:d5:ca:b2:cf:
         c0:9e:8c:2d:e8:41:79:7b:c8:59:e0:a6:d5:57:18:c0:81:75:
         ee:a1:d5:44:1a:2c:f7:75:e5:a4:db:9d:4d:5d:d2:ae:51:ee:
         5a:17:ee:b0:30:be:0d:78:50:22:77:6e:6c:f0:6f:68:09:12:
         0b:7c:d3:66:b8:b0:3d:6c:e4:50:36:9c:b6:89:f7:fa:fb:a6:
         62:41:c0:58:51:d1:d6:6d:7b:03:5b:81:74:e4:dd:76:f1:f4:
         2d:28:cd:88:46:3e:37:2f:7c:20:fe:bc:a8:43:c6:47:f1:96:
         21:f2:ef:41:bd:d5:0b:8b:d0:bb:8e:d6:cd:a1:d7:ba:06:9c:
         52:28:cc:dd:a3:42:dd:71:df:97:bc:61:79:ad:a2:da:3c:f0:
         c8:9e:96:2f:d4:22:82:e2:e5:8c:a1:62:06:5c:50:67:c1:8d:
         87:99:62:3d:fa:e8:ee:b5:79:e4:0f:86:51:1e:85:db:b4:16:
         4a:de:39:b3:d2:c6:7a:c1:99:32:57:91:6c:35:8c:ee:53:b5:
         d0:3f:1d:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBYNd/C25JGaRWM7fABbxY6jPYycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MDkwOTExMzdaFw0yNzA0MDgwOTE2MzdaMDMxMTAvBgNV
BAMTKEVGMEUxN0U3NEU5MDA0QjI3RTM3NTVGNDVBRkNFODI3Qjg4RUIwNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzazJPP1OWsdx2nGyZ9ljtr1vT
Jg8k7SdW+qzzXFWj6uh/NvUkwIVGNYCbeTDXp5qXTEsOM2BrBudZ6KkxEkdDjOot
MRKogNyuKxqHYoDGwJmypSfdX1F5gwxIxMRFN3ONFLy1DI5mzwmsPunIzMr7uz6L
WKihvlyiQe5hVdZTSFAJEv7lmaQKxdmbwUeZb5TDV2Hww7f/RgvbK2TE9G4JYp2n
rk4c/xtpKee1EktiAVDLvCKcSYjmrn4Bn3Mlvkvgm125Xh240ZIUc3qSiRr1mDKH
QkszLN0MRRszpgJrG6f9P3hYdW79/RhpQHBRcYeFTR+k+mJuHLIm6hZUHxN3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7w4X506QBLJ+N1X0WvzoJ7iOsGUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUwMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Al
MA0GCSqGSIb3DQEBCwUAA4IBAQA6TmImWt0HEMycrSiHBCujE4Z+qTzU6IAJKOvi
Uo9TxR6RY66kft7Vgv3OrD4CkUWCr9XKss/Anowt6EF5e8hZ4KbVVxjAgXXuodVE
Giz3deWk251NXdKuUe5aF+6wML4NeFAid25s8G9oCRILfNNmuLA9bORQNpy2iff6
+6ZiQcBYUdHWbXsDW4F05N128fQtKM2IRj43L3wg/ryoQ8ZH8ZYh8u9BvdULi9C7
jtbNode6BpxSKMzdo0Ldcd+XvGF5raLaPPDInpYv1CKC4uWMoWIGXFBnwY2HmWI9
+ujutXnkD4ZRHoXbtBZK3jmz0sZ6wZkyV5FsNYzuU7XQPx2j
-----END CERTIFICATE-----