Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS153622.roa
File:                     AS153622.roa (raw, json)
Hash identifier:          C3CcNUhH+sdOkz0JDhrwOGtnJ4eegk6dTJ2OQOGulac=
Subject key identifier:   15:B7:57:84:A0:B2:5A:89:F0:E6:FD:2A:E3:84:0C:ED:39:97:66:70
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       41DE15A4D9F8539E727450F4E3CC7ACDFADE10A5
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS153622.roa
Signing time:             Fri 05 Jun 2026 11:24:24 +0000
ROA not before:           Fri 05 Jun 2026 11:19:24 +0000
ROA not after:            Fri 04 Jun 2027 11:24:24 +0000
asID:                     153622
IP address blocks:        193.32.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:de:15:a4:d9:f8:53:9e:72:74:50:f4:e3:cc:7a:cd:fa:de:10:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Jun  5 11:19:24 2026 GMT
            Not After : Jun  4 11:24:24 2027 GMT
        Subject: CN=15B75784A0B25A89F0E6FD2AE3840CED39976670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:41:cd:9e:48:2a:c7:4b:92:19:bb:87:25:6c:
                    87:91:29:d6:6f:87:55:e6:e7:6c:18:c0:45:48:b4:
                    1a:c0:0c:69:58:91:9a:cd:90:43:dd:f4:9a:4b:4d:
                    9f:8e:0f:a4:98:b1:d6:71:d5:5d:98:ad:ed:a4:b9:
                    78:f8:4a:88:fd:aa:54:a7:95:39:ea:3e:27:3f:d6:
                    a7:6b:9b:87:0c:7b:83:34:65:41:52:79:ff:b4:dd:
                    bd:b3:b2:72:1a:dc:60:f3:bd:39:18:69:cb:82:b4:
                    12:7b:04:4c:8b:e2:d5:6e:30:50:7b:ae:8f:e7:d5:
                    e8:67:07:b7:82:22:80:d7:0b:2d:75:c2:fa:85:48:
                    78:41:1d:49:ba:53:5d:10:2b:8b:4f:b1:13:a3:fa:
                    40:c3:8c:8a:a4:9b:6e:46:c4:9d:de:a5:25:e1:40:
                    1d:31:52:43:7f:d5:c1:22:9b:90:76:1c:9b:c2:1e:
                    ad:24:e9:de:7c:d4:49:36:2c:f2:ff:c8:8d:b6:7a:
                    d6:21:80:a1:5c:24:d7:ce:0b:e2:74:4c:3b:d3:e8:
                    7f:1a:6d:21:e8:7b:6c:6e:6f:b8:b0:ba:03:07:fc:
                    d3:ba:dc:58:d3:17:75:79:7a:2e:dc:a8:34:8d:d6:
                    6d:a7:ed:4f:25:84:e6:96:42:57:1e:1e:62:f0:f7:
                    8a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B7:57:84:A0:B2:5A:89:F0:E6:FD:2A:E3:84:0C:ED:39:97:66:70
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS153622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:c7:8f:0c:98:17:d0:5f:ae:f6:15:4f:60:42:ab:e2:d8:b5:
         34:03:a3:2a:0f:39:56:c8:fb:a9:b4:40:00:71:e8:27:81:53:
         9d:17:2b:b5:da:9e:c6:c9:5e:65:fe:2c:27:bb:4d:9f:51:a3:
         c0:82:45:62:bc:13:1e:cc:0e:87:a0:03:2b:93:e2:f1:2e:2a:
         41:88:c3:dd:86:bf:39:3f:d3:4c:0e:fc:09:8b:c9:03:c1:74:
         90:18:c5:7b:c2:64:0f:77:9a:26:99:79:cb:33:46:9c:2d:7a:
         1d:fb:0f:af:61:a8:8f:25:ab:f6:14:a8:3b:74:21:3b:9e:28:
         51:a2:8c:4e:f0:97:a4:22:a2:06:0f:ed:79:4c:c2:69:d7:60:
         c2:f2:3a:89:e8:7f:5f:33:63:72:e9:4f:3c:58:10:6a:f4:25:
         8f:1c:00:fc:25:7b:6e:e4:41:f8:37:c8:c1:a7:25:25:6d:12:
         35:6a:5d:a9:ac:c7:82:75:d1:cf:7b:25:ad:16:db:69:27:82:
         05:5b:16:6c:e3:8a:da:26:9f:03:4a:e4:b9:8e:08:02:bb:7b:
         9a:ec:c7:e6:02:22:45:12:07:d9:67:69:ea:85:99:5a:43:17:
         97:9b:93:11:b9:1b:a2:1c:29:4f:f9:31:2f:20:08:6c:05:da:
         bb:56:e2:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQd4VpNn4U55ydFD048x6zfreEKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA2MDUxMTE5MjRaFw0yNzA2MDQxMTI0MjRaMDMxMTAvBgNV
BAMTKDE1Qjc1Nzg0QTBCMjVBODlGMEU2RkQyQUUzODQwQ0VEMzk5NzY2NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEQc2eSCrHS5IZu4clbIeRKdZv
h1Xm52wYwEVItBrADGlYkZrNkEPd9JpLTZ+OD6SYsdZx1V2Yre2kuXj4Soj9qlSn
lTnqPic/1qdrm4cMe4M0ZUFSef+03b2zsnIa3GDzvTkYacuCtBJ7BEyL4tVuMFB7
ro/n1ehnB7eCIoDXCy11wvqFSHhBHUm6U10QK4tPsROj+kDDjIqkm25GxJ3epSXh
QB0xUkN/1cEim5B2HJvCHq0k6d581Ek2LPL/yI22etYhgKFcJNfOC+J0TDvT6H8a
bSHoe2xub7iwugMH/NO63FjTF3V5ei7cqDSN1m2n7U8lhOaWQlceHmLw94qLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFbdXhKCyWonw5v0q44QM7TmXZnAwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTUzNjIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSDM
MA0GCSqGSIb3DQEBCwUAA4IBAQBRx48MmBfQX672FU9gQqvi2LU0A6MqDzlWyPup
tEAAcegngVOdFyu12p7GyV5l/iwnu02fUaPAgkVivBMezA6HoAMrk+LxLipBiMPd
hr85P9NMDvwJi8kDwXSQGMV7wmQPd5ommXnLM0acLXod+w+vYaiPJav2FKg7dCE7
nihRooxO8JekIqIGD+15TMJp12DC8jqJ6H9fM2Ny6U88WBBq9CWPHAD8JXtu5EH4
N8jBpyUlbRI1al2prMeCddHPeyWtFttpJ4IFWxZs44raJp8DSuS5jggCu3ua7Mfm
AiJFEgfZZ2nqhZlaQxeXm5MRuRuiHClP+TEvIAhsBdq7VuLG
-----END CERTIFICATE-----