Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150671.roa
File:                     AS150671.roa (raw, json)
Hash identifier:          lxLft1siHpYjNHHSDM0tTyUUUwmP8INI8DPY/4+Alc0=
Subject key identifier:   9A:11:BA:CD:F5:34:5E:3E:BB:A9:FB:D5:C0:2D:AF:84:37:BA:7F:65
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5AD5616B4B479B38475509AC66EA8F67B2DCD8E9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150671.roa
Signing time:             Mon 30 Mar 2026 05:56:42 +0000
ROA not before:           Mon 30 Mar 2026 05:51:42 +0000
ROA not after:            Mon 29 Mar 2027 05:56:42 +0000
asID:                     150671
IP address blocks:        2a13:9500:159::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:d5:61:6b:4b:47:9b:38:47:55:09:ac:66:ea:8f:67:b2:dc:d8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 30 05:51:42 2026 GMT
            Not After : Mar 29 05:56:42 2027 GMT
        Subject: CN=9A11BACDF5345E3EBBA9FBD5C02DAF8437BA7F65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1e:7c:12:b6:2c:d5:06:58:a6:49:2f:5c:65:
                    d2:59:87:b8:c2:0b:a2:57:3e:f1:bf:95:3c:d4:3e:
                    47:d5:d1:d5:93:ea:22:27:34:c4:06:50:4b:04:af:
                    18:33:28:aa:66:86:8e:b1:05:f6:f8:e4:f7:23:60:
                    9a:5a:7a:81:e8:4c:7e:b4:fe:54:03:d7:02:49:82:
                    eb:57:2c:a4:e5:81:77:64:a8:41:2d:31:d6:dd:66:
                    79:b8:fa:5e:27:77:2f:41:7a:eb:23:dc:c2:cc:28:
                    dc:16:7e:df:1f:1e:62:91:9c:72:ea:c4:f0:9e:ec:
                    d7:f0:15:2b:a5:7a:c4:a5:90:7a:82:88:f0:57:5c:
                    73:ea:ca:f3:c5:fd:25:79:e7:40:11:97:6f:1f:f1:
                    33:ab:9e:2b:cc:d7:24:73:e3:3c:a1:cd:c9:13:74:
                    5c:e9:b1:7c:47:4a:7f:89:8f:11:8f:92:14:e1:4a:
                    dc:24:8f:fc:0f:9e:80:1b:98:38:43:41:b6:1a:25:
                    f2:8a:f5:14:7f:5a:98:40:4f:79:c6:37:cc:fe:7b:
                    c0:3d:08:00:3b:1d:6a:fb:56:98:4b:ca:25:86:e9:
                    a0:3b:38:a0:5e:09:cb:cb:2f:0f:01:7f:0b:22:33:
                    f9:04:0e:f1:37:b9:a7:31:58:bd:24:79:4e:e8:b9:
                    d1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:11:BA:CD:F5:34:5E:3E:BB:A9:FB:D5:C0:2D:AF:84:37:BA:7F:65
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150671.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:159::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:bb:4b:c2:0e:90:b7:43:9a:d7:bb:6e:c5:78:93:4a:e0:78:
         1e:6e:5b:41:33:c9:fe:6f:7e:13:ba:d7:49:82:03:0e:a8:17:
         f5:c7:90:b4:78:69:03:ae:10:da:e7:2c:62:15:0e:3e:94:f1:
         59:c7:fb:0c:44:7c:f3:26:c7:74:0f:0d:11:2e:25:e0:76:36:
         30:40:7d:33:c6:6f:1b:00:ff:4e:3d:0c:ab:4f:6b:3b:0a:68:
         a1:90:ab:18:3e:25:b4:07:05:99:04:d5:e3:ea:6c:51:fb:e7:
         d6:99:d6:37:aa:1b:a8:54:bc:e8:f4:c2:64:c8:79:f0:3e:9a:
         25:b6:f1:e7:86:c7:59:aa:69:3e:45:3c:e1:9f:18:83:c9:ff:
         06:a5:c6:15:2b:10:0f:6f:49:f8:25:15:26:50:19:be:1b:ec:
         f0:ce:e1:a2:91:48:1d:a8:05:b5:42:98:5d:25:41:7a:3c:38:
         37:d3:28:05:9c:15:56:ff:cb:7b:f2:fd:bd:6c:30:e5:55:cc:
         c8:be:03:33:66:f4:c1:5e:ec:af:c8:4c:ab:4a:1b:3a:c8:da:
         78:3c:89:cf:9e:b0:87:3c:2b:66:cc:eb:9d:47:e4:b0:3d:c2:
         3f:13:cd:6e:b8:86:06:81:ed:fe:44:41:2a:c1:51:58:ec:b5:
         da:ec:41:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWtVha0tHmzhHVQmsZuqPZ7Lc2OkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMzAwNTUxNDJaFw0yNzAzMjkwNTU2NDJaMDMxMTAvBgNV
BAMTKDlBMTFCQUNERjUzNDVFM0VCQkE5RkJENUMwMkRBRjg0MzdCQTdGNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWHnwStizVBlimSS9cZdJZh7jC
C6JXPvG/lTzUPkfV0dWT6iInNMQGUEsErxgzKKpmho6xBfb45PcjYJpaeoHoTH60
/lQD1wJJgutXLKTlgXdkqEEtMdbdZnm4+l4ndy9Beusj3MLMKNwWft8fHmKRnHLq
xPCe7NfwFSulesSlkHqCiPBXXHPqyvPF/SV550ARl28f8TOrnivM1yRz4zyhzckT
dFzpsXxHSn+JjxGPkhThStwkj/wPnoAbmDhDQbYaJfKK9RR/WphAT3nGN8z+e8A9
CAA7HWr7VphLyiWG6aA7OKBeCcvLLw8BfwsiM/kEDvE3uacxWL0keU7oudGLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmhG6zfU0Xj67qfvVwC2vhDe6f2UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUwNjcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFZMA0GCSqGSIb3DQEBCwUAA4IBAQAuu0vCDpC3Q5rXu27FeJNK4HgebltBM8n+
b34TutdJggMOqBf1x5C0eGkDrhDa5yxiFQ4+lPFZx/sMRHzzJsd0Dw0RLiXgdjYw
QH0zxm8bAP9OPQyrT2s7CmihkKsYPiW0BwWZBNXj6mxR++fWmdY3qhuoVLzo9MJk
yHnwPpoltvHnhsdZqmk+RTzhnxiDyf8GpcYVKxAPb0n4JRUmUBm+G+zwzuGikUgd
qAW1QphdJUF6PDg30ygFnBVW/8t78v29bDDlVczIvgMzZvTBXuyvyEyrShs6yNp4
PInPnrCHPCtmzOudR+SwPcI/E81uuIYGge3+REEqwVFY7LXa7EG4
-----END CERTIFICATE-----