Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151544.roa
File:                     AS151544.roa (raw, json)
Hash identifier:          O25olgsDOWzfC9tWfUBUVThl7mXzJmv0dDtuDek7RXA=
Subject key identifier:   0C:95:39:98:C2:82:08:C5:D9:D5:EE:D9:38:A0:BE:BA:A4:38:FB:FE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       12BF126E063A1E935F3244720F6308CB88E22CE9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151544.roa
Signing time:             Mon 02 Feb 2026 14:01:52 +0000
ROA not before:           Mon 02 Feb 2026 13:56:52 +0000
ROA not after:            Mon 01 Feb 2027 14:01:52 +0000
asID:                     151544
IP address blocks:        2a13:9500:131::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:bf:12:6e:06:3a:1e:93:5f:32:44:72:0f:63:08:cb:88:e2:2c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  2 13:56:52 2026 GMT
            Not After : Feb  1 14:01:52 2027 GMT
        Subject: CN=0C953998C28208C5D9D5EED938A0BEBAA438FBFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:54:30:21:d3:98:d6:0b:c1:1b:b0:92:d7:
                    67:28:97:ff:a4:3f:ac:36:fc:4e:dd:26:76:0c:bb:
                    51:94:91:4f:ed:ed:37:d8:34:fb:d0:f4:eb:01:a8:
                    3f:05:83:0f:87:88:32:55:8f:b7:c5:0b:db:02:34:
                    52:a3:40:95:97:b9:41:9a:0d:06:98:a2:04:74:72:
                    ce:83:f6:c8:f8:ab:81:79:cb:c5:ad:78:6e:fc:e4:
                    d3:0b:f0:a8:35:a1:88:4b:d5:92:9e:21:4d:71:30:
                    b2:86:95:1a:43:db:c2:17:24:43:4f:7a:83:c4:a3:
                    93:73:4c:f6:bd:28:8c:55:8f:ea:8b:28:f1:de:d0:
                    d5:17:06:f5:b1:dc:e9:36:63:b5:bb:f0:68:3b:1a:
                    9a:7e:2f:d8:61:24:ec:22:7b:44:07:97:4d:fd:56:
                    43:34:88:8f:12:44:01:76:df:af:86:3f:9e:75:94:
                    42:62:ed:55:39:66:a8:cd:9e:eb:2d:d6:31:75:e2:
                    8b:1a:39:3b:cc:7a:ea:02:7a:68:1a:69:4f:19:7d:
                    b9:f4:00:e1:0b:cf:bc:2d:2b:bb:32:1a:2b:f1:78:
                    d7:bf:fe:ba:e1:45:6a:b6:8a:f8:90:1c:4c:68:f1:
                    3d:1f:67:11:c4:fc:12:8e:82:96:cd:e1:6c:6b:6c:
                    31:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:95:39:98:C2:82:08:C5:D9:D5:EE:D9:38:A0:BE:BA:A4:38:FB:FE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151544.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:131::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:3a:c1:cd:14:89:53:41:95:f4:e2:5e:e9:a1:c4:6e:16:03:
         b9:14:d9:0f:d0:df:08:a5:d3:5e:d0:50:69:e7:8d:fc:db:2a:
         27:3c:b3:7b:98:fb:9b:21:54:3c:ca:52:38:f1:d3:03:d3:11:
         92:a5:d8:cc:01:14:b8:ca:89:17:f3:f0:40:d8:1c:0d:12:77:
         a2:f7:e3:ec:36:54:bb:e2:88:59:cd:c8:c1:e3:85:d8:6a:db:
         a7:d7:78:1a:73:39:5e:74:cb:42:97:53:e8:e4:c2:8d:d6:4b:
         5b:d3:80:3f:99:73:5d:a7:78:b0:71:80:4e:46:3b:5f:e7:09:
         95:4f:88:3b:c9:1b:8a:17:ab:d7:99:38:3a:aa:3a:83:e1:2b:
         4f:58:23:8c:a6:3d:31:d1:df:dd:3b:19:75:fc:a3:c1:37:72:
         71:93:03:ce:ea:0b:8b:7f:4b:8e:33:93:d8:cf:16:20:71:be:
         3b:ec:b7:42:bd:3f:51:5b:42:74:84:35:45:4f:20:45:62:07:
         94:d6:72:cc:45:c2:8a:87:6d:7f:97:22:85:41:50:04:88:eb:
         3e:f0:f0:c4:c7:4f:17:af:3a:7f:97:d5:30:a9:cb:ec:8f:80:
         cf:2d:af:f0:6e:01:20:2e:05:a1:8f:b8:70:b9:16:94:45:9d:
         6a:32:39:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEr8SbgY6HpNfMkRyD2MIy4jiLOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDIxMzU2NTJaFw0yNzAyMDExNDAxNTJaMDMxMTAvBgNV
BAMTKDBDOTUzOTk4QzI4MjA4QzVEOUQ1RUVEOTM4QTBCRUJBQTQzOEZCRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxEVQwIdOY1gvBG7CS12col/+k
P6w2/E7dJnYMu1GUkU/t7TfYNPvQ9OsBqD8Fgw+HiDJVj7fFC9sCNFKjQJWXuUGa
DQaYogR0cs6D9sj4q4F5y8WteG785NML8Kg1oYhL1ZKeIU1xMLKGlRpD28IXJENP
eoPEo5NzTPa9KIxVj+qLKPHe0NUXBvWx3Ok2Y7W78Gg7Gpp+L9hhJOwie0QHl039
VkM0iI8SRAF236+GP551lEJi7VU5ZqjNnust1jF14osaOTvMeuoCemgaaU8Zfbn0
AOELz7wtK7syGivxeNe//rrhRWq2iviQHExo8T0fZxHE/BKOgpbN4WxrbDFRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDJU5mMKCCMXZ1e7ZOKC+uqQ4+/4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxNTQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAExMA0GCSqGSIb3DQEBCwUAA4IBAQBbOsHNFIlTQZX04l7pocRuFgO5FNkP0N8I
pdNe0FBp54382yonPLN7mPubIVQ8ylI48dMD0xGSpdjMARS4yokX8/BA2BwNEnei
9+PsNlS74ohZzcjB44XYatun13gaczledMtCl1Po5MKN1ktb04A/mXNdp3iwcYBO
Rjtf5wmVT4g7yRuKF6vXmTg6qjqD4StPWCOMpj0x0d/dOxl1/KPBN3JxkwPO6guL
f0uOM5PYzxYgcb477LdCvT9RW0J0hDVFTyBFYgeU1nLMRcKKh21/lyKFQVAEiOs+
8PDEx08Xrzp/l9Uwqcvsj4DPLa/wbgEgLgWhj7hwuRaURZ1qMjnH
-----END CERTIFICATE-----