Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150786.roa
File:                     AS150786.roa (raw, json)
Hash identifier:          1vuwqfDNByhDVC0ixWZLtiFM4aDHAX9M9yYb83TBIG8=
Subject key identifier:   A6:B9:49:02:F6:C7:26:04:ED:F8:13:61:1C:F3:24:32:FF:27:3F:8B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       440CE648AE3697FBBFDE7DFF3C3D284F90E3A41C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150786.roa
Signing time:             Thu 02 Apr 2026 11:19:13 +0000
ROA not before:           Thu 02 Apr 2026 11:14:13 +0000
ROA not after:            Thu 01 Apr 2027 11:19:13 +0000
asID:                     150786
IP address blocks:        2a13:9500:15b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:0c:e6:48:ae:36:97:fb:bf:de:7d:ff:3c:3d:28:4f:90:e3:a4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  2 11:14:13 2026 GMT
            Not After : Apr  1 11:19:13 2027 GMT
        Subject: CN=A6B94902F6C72604EDF813611CF32432FF273F8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:18:54:19:55:52:55:48:8d:9d:0e:95:fb:78:
                    d2:9c:58:a8:49:99:85:24:d2:58:42:57:3b:77:78:
                    9c:ca:35:00:7e:2e:3b:19:7b:62:da:5c:cd:de:ee:
                    b5:0c:77:2f:22:2e:d4:cb:be:64:ce:af:d2:cd:31:
                    80:49:2e:db:f7:67:3d:a4:dd:2b:fa:81:a9:90:7e:
                    4f:55:0c:ab:b3:33:e4:eb:5b:0b:35:b6:10:5b:07:
                    a7:61:83:3d:04:87:8b:3f:a2:9d:2c:19:32:bd:fb:
                    dd:b2:30:38:f7:d1:f1:74:c8:c4:72:12:29:7a:0a:
                    53:8d:28:9f:1c:35:55:87:ca:f3:6a:e9:b2:84:58:
                    76:73:9b:ad:26:b1:6b:84:e6:38:e6:2a:de:e3:e7:
                    19:40:e9:e2:c6:d0:f4:82:e1:41:05:e9:23:c5:15:
                    77:b6:46:ff:1b:73:fe:3f:e0:44:dc:b9:d2:1b:13:
                    3e:0e:3f:d6:e9:8b:d7:2c:78:f5:84:ec:f9:15:89:
                    06:83:a5:50:7b:33:64:15:ca:30:80:a6:78:ca:23:
                    9c:38:06:dc:63:f2:23:27:03:f5:19:f2:51:c0:2d:
                    f5:11:87:01:67:2f:7e:5c:9f:02:3b:38:db:93:f2:
                    26:ea:98:e8:4a:76:bc:6c:69:00:46:a3:34:0f:f0:
                    ce:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B9:49:02:F6:C7:26:04:ED:F8:13:61:1C:F3:24:32:FF:27:3F:8B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS150786.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:15b::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:08:e3:2f:45:b6:c2:04:a1:b5:ec:9b:16:25:94:a3:ab:db:
         90:8f:93:f6:6e:db:6b:dd:4f:f2:98:b1:aa:0b:17:b8:da:08:
         33:5b:bc:94:90:8e:58:a6:94:80:dd:f9:da:2f:ea:ab:66:65:
         d0:4d:5b:e0:8f:80:4d:b8:75:df:fd:8e:f8:2f:48:fd:cb:61:
         a7:72:60:8e:49:21:cd:13:28:26:6a:2c:ad:15:ba:6a:52:56:
         27:e6:75:86:61:9c:0e:7b:6f:59:f7:6c:de:fd:5f:c1:9c:69:
         09:57:27:c0:02:19:8c:25:54:cf:b1:91:53:a4:4e:64:47:57:
         ae:e0:3f:cb:80:d6:4a:e1:7a:99:65:82:e4:f3:56:f0:d0:fe:
         34:4c:c3:db:6c:85:f2:c2:2b:fb:be:7f:5c:df:9b:27:86:24:
         8a:41:d7:45:cc:63:8a:14:a4:ca:c9:82:bf:18:7a:26:87:3c:
         84:23:fb:91:6f:52:b5:43:e7:d3:2b:3c:ab:14:fb:e0:9a:41:
         d1:2b:e3:e1:c6:4d:3b:27:8c:49:56:1f:e6:fd:c6:39:e3:38:
         ee:55:9b:8d:71:f5:27:de:a8:bc:aa:15:2e:78:b8:01:be:cd:
         db:e3:ac:cd:86:be:d1:49:fc:49:9a:1f:ad:74:d5:3d:75:89:
         61:b5:46:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURAzmSK42l/u/3n3/PD0oT5DjpBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDIxMTE0MTNaFw0yNzA0MDExMTE5MTNaMDMxMTAvBgNV
BAMTKEE2Qjk0OTAyRjZDNzI2MDRFREY4MTM2MTFDRjMyNDMyRkYyNzNGOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVGFQZVVJVSI2dDpX7eNKcWKhJ
mYUk0lhCVzt3eJzKNQB+LjsZe2LaXM3e7rUMdy8iLtTLvmTOr9LNMYBJLtv3Zz2k
3Sv6gamQfk9VDKuzM+TrWws1thBbB6dhgz0Eh4s/op0sGTK9+92yMDj30fF0yMRy
Eil6ClONKJ8cNVWHyvNq6bKEWHZzm60msWuE5jjmKt7j5xlA6eLG0PSC4UEF6SPF
FXe2Rv8bc/4/4ETcudIbEz4OP9bpi9csePWE7PkViQaDpVB7M2QVyjCApnjKI5w4
Btxj8iMnA/UZ8lHALfURhwFnL35cnwI7ONuT8ibqmOhKdrxsaQBGozQP8M6TAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUprlJAvbHJgTt+BNhHPMkMv8nP4swHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUwNzg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFbMA0GCSqGSIb3DQEBCwUAA4IBAQBICOMvRbbCBKG17JsWJZSjq9uQj5P2bttr
3U/ymLGqCxe42ggzW7yUkI5YppSA3fnaL+qrZmXQTVvgj4BNuHXf/Y74L0j9y2Gn
cmCOSSHNEygmaiytFbpqUlYn5nWGYZwOe29Z92ze/V/BnGkJVyfAAhmMJVTPsZFT
pE5kR1eu4D/LgNZK4XqZZYLk81bw0P40TMPbbIXywiv7vn9c35snhiSKQddFzGOK
FKTKyYK/GHomhzyEI/uRb1K1Q+fTKzyrFPvgmkHRK+Phxk07J4xJVh/m/cY54zju
VZuNcfUn3qi8qhUueLgBvs3b46zNhr7RSfxJmh+tdNU9dYlhtUZ6
-----END CERTIFICATE-----