Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150654.roa
File:                     AS150654.roa (raw, json)
Hash identifier:          CAVaDSrVZ6J8m29EHLG86AwX8miSldxC4M+eCCaNfig=
Subject key identifier:   2B:1F:D6:F3:C7:7E:EA:4F:8A:B9:FF:89:70:94:F9:4B:32:25:C6:C2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       27F87AE8AADE6EDBE9F082448915388E301BA35F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150654.roa
Signing time:             Fri 05 Jun 2026 10:47:29 +0000
ROA not before:           Fri 05 Jun 2026 10:42:29 +0000
ROA not after:            Fri 04 Jun 2027 10:47:29 +0000
asID:                     150654
IP address blocks:        2a13:9500:a3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f8:7a:e8:aa:de:6e:db:e9:f0:82:44:89:15:38:8e:30:1b:a3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 10:42:29 2026 GMT
            Not After : Jun  4 10:47:29 2027 GMT
        Subject: CN=2B1FD6F3C77EEA4F8AB9FF897094F94B3225C6C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a1:c6:aa:91:95:f6:a0:33:19:bd:6c:0c:76:
                    6f:a7:f0:d5:1f:16:a3:98:b2:8e:f7:72:70:7e:87:
                    8e:6e:e8:31:3b:f8:7c:e8:eb:a1:21:01:c5:99:59:
                    38:b6:a6:ce:7f:68:ee:e8:d4:08:f9:7d:f3:7f:68:
                    3f:7b:fd:db:ba:85:1a:b2:24:fb:96:d8:e9:7f:78:
                    59:f9:6b:f9:01:62:97:4e:c8:66:79:fe:ed:a2:be:
                    1d:e4:ae:1c:25:c4:d2:12:9f:1b:6e:ae:63:6a:4f:
                    5c:74:6b:3f:af:1c:37:a7:6e:b2:07:7b:12:f2:72:
                    07:2b:58:34:f8:84:bc:11:20:d3:39:5d:88:64:21:
                    03:2e:df:28:e7:28:00:8e:7b:74:34:8f:c0:e5:33:
                    f4:51:02:29:f5:79:1a:b6:4d:85:12:c2:c0:2a:33:
                    55:38:89:c0:67:6a:22:ae:cd:3e:63:86:d4:b9:d2:
                    ab:8c:d6:18:e0:73:57:97:be:ba:78:92:c1:2f:e3:
                    68:e0:37:c2:a2:62:9d:68:20:02:1e:91:0a:07:7a:
                    56:ef:1c:8e:3f:8f:71:89:9e:74:50:61:02:2e:cd:
                    86:38:58:7f:6a:ed:2f:b0:5f:cc:be:61:1c:d1:31:
                    46:6b:06:bf:17:5b:e9:a0:e8:62:d4:40:4f:74:77:
                    dc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:1F:D6:F3:C7:7E:EA:4F:8A:B9:FF:89:70:94:F9:4B:32:25:C6:C2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a3::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:da:2b:c0:a6:02:90:e4:e2:63:7f:d6:93:0b:34:7d:24:ea:
         7b:de:79:32:26:47:ad:72:c4:1d:5b:85:a6:cf:64:8f:95:f2:
         f7:c0:a6:df:68:23:eb:58:d5:73:92:6a:d3:33:be:ee:17:b0:
         c7:22:96:29:7f:1e:2b:2e:d6:a1:83:ff:2d:2e:98:a3:2e:e7:
         40:44:f9:c4:3b:b9:44:b6:06:da:53:08:0f:f6:a4:d2:37:3a:
         c2:67:16:2c:58:3a:0a:2f:96:05:13:a8:d9:2b:7a:a4:6f:f2:
         00:9b:8b:52:b7:e1:61:42:60:45:61:7a:19:84:02:99:94:22:
         0a:64:87:77:78:f0:1b:9c:ff:14:fd:2e:2f:c4:03:aa:0e:88:
         3f:ce:97:22:1a:e8:6a:07:ce:30:16:5d:f8:79:f0:ba:4f:49:
         0a:85:ae:27:6c:13:19:62:24:3a:fb:7f:ea:bc:be:0f:b5:16:
         0b:20:ef:6c:4b:b1:31:45:2b:54:fd:a5:54:13:26:74:40:f9:
         ce:e0:fd:a7:6e:50:65:97:a9:1a:a5:c9:54:b4:ac:82:a0:ff:
         33:e1:f6:bb:7a:7d:2d:f4:b3:32:5d:08:27:fb:cb:ad:76:42:
         35:1c:1c:c6:ab:59:66:c4:fe:53:6c:7d:a5:ea:9e:33:8b:d8:
         80:f4:a8:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJ/h66Krebtvp8IJEiRU4jjAbo18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDUxMDQyMjlaFw0yNzA2MDQxMDQ3MjlaMDMxMTAvBgNV
BAMTKDJCMUZENkYzQzc3RUVBNEY4QUI5RkY4OTcwOTRGOTRCMzIyNUM2QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwocaqkZX2oDMZvWwMdm+n8NUf
FqOYso73cnB+h45u6DE7+Hzo66EhAcWZWTi2ps5/aO7o1Aj5ffN/aD97/du6hRqy
JPuW2Ol/eFn5a/kBYpdOyGZ5/u2ivh3krhwlxNISnxturmNqT1x0az+vHDenbrIH
exLycgcrWDT4hLwRINM5XYhkIQMu3yjnKACOe3Q0j8DlM/RRAin1eRq2TYUSwsAq
M1U4icBnaiKuzT5jhtS50quM1hjgc1eXvrp4ksEv42jgN8KiYp1oIAIekQoHelbv
HI4/j3GJnnRQYQIuzYY4WH9q7S+wX8y+YRzRMUZrBr8XW+mg6GLUQE90d9yxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUKx/W88d+6k+Kuf+JcJT5SzIlxsIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUwNjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACjMA0GCSqGSIb3DQEBCwUAA4IBAQCH2ivApgKQ5OJjf9aTCzR9JOp73nkyJket
csQdW4Wmz2SPlfL3wKbfaCPrWNVzkmrTM77uF7DHIpYpfx4rLtahg/8tLpijLudA
RPnEO7lEtgbaUwgP9qTSNzrCZxYsWDoKL5YFE6jZK3qkb/IAm4tSt+FhQmBFYXoZ
hAKZlCIKZId3ePAbnP8U/S4vxAOqDog/zpciGuhqB84wFl34efC6T0kKha4nbBMZ
YiQ6+3/qvL4PtRYLIO9sS7ExRStU/aVUEyZ0QPnO4P2nblBll6kapclUtKyCoP8z
4fa7en0t9LMyXQgn+8utdkI1HBzGq1lmxP5TbH2l6p4zi9iA9Kgl
-----END CERTIFICATE-----