Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152390.roa
File:                     AS152390.roa (raw, json)
Hash identifier:          JLCJCPQ2asqQy9vHiMWmD6/9+5kuOwq4JLlpHtm/mOc=
Subject key identifier:   3C:00:61:26:8A:77:4E:FD:6E:C3:7E:4E:75:24:70:4A:6F:E8:5E:C2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1D5825D6339EFD90405E6EC843A5408512F0D894
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152390.roa
Signing time:             Fri 25 Jul 2025 11:26:05 +0000
ROA not before:           Fri 25 Jul 2025 11:21:05 +0000
ROA not after:            Fri 24 Jul 2026 11:26:05 +0000
asID:                     152390
IP address blocks:        2a13:9500:4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:58:25:d6:33:9e:fd:90:40:5e:6e:c8:43:a5:40:85:12:f0:d8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 25 11:21:05 2025 GMT
            Not After : Jul 24 11:26:05 2026 GMT
        Subject: CN=3C0061268A774EFD6EC37E4E7524704A6FE85EC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f1:36:77:9b:a1:33:9b:f0:e4:2b:a4:da:03:
                    bb:7b:7a:38:f2:fe:4c:49:8a:d5:27:f4:2b:76:96:
                    d5:98:ba:ee:56:72:ec:e7:51:cb:42:4e:f1:8b:31:
                    e1:9e:2f:61:ec:f4:5a:24:6f:73:e0:eb:e4:18:2f:
                    c2:02:71:67:56:79:0b:00:bf:ec:8a:0b:c4:f4:63:
                    71:50:45:3c:61:26:58:a3:02:32:ae:9c:db:fd:be:
                    d1:d4:67:77:6d:cc:ee:ae:04:7a:70:66:8f:57:07:
                    dd:85:55:71:59:0d:92:c2:7d:eb:24:70:ca:2b:0a:
                    a8:a2:d8:29:5d:eb:e7:cb:b1:0f:6b:03:91:f9:26:
                    b1:98:75:61:ec:bd:5a:d5:24:2f:23:da:0d:b2:1a:
                    5c:1c:cb:af:be:61:f3:74:a4:6b:d5:19:9f:36:72:
                    43:54:b9:f2:3c:47:2c:1a:bf:c9:a6:83:9e:7e:c4:
                    63:0d:2b:d1:08:9e:22:77:db:01:e8:f5:c4:e1:e5:
                    45:15:c0:6b:58:99:36:7f:32:cb:b7:7d:e8:3d:00:
                    4b:e9:af:71:5d:28:3b:43:ba:5a:28:6b:2b:a5:28:
                    58:7a:da:32:0d:71:be:96:40:51:4b:7d:ab:79:cb:
                    58:42:c3:59:bd:fd:e2:b8:5f:0a:14:20:08:19:f0:
                    90:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:00:61:26:8A:77:4E:FD:6E:C3:7E:4E:75:24:70:4A:6F:E8:5E:C2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:bd:de:e9:5b:f2:1c:e6:0c:82:af:43:8b:a3:33:de:79:52:
         01:f8:cb:bd:82:c7:30:5f:36:4c:58:ba:78:0d:62:0f:14:01:
         83:cb:90:d6:f8:f9:e2:09:10:a9:58:d4:8e:b5:f3:17:7a:a1:
         a8:ad:d5:43:cf:52:f8:72:24:9b:b8:73:a8:ee:ef:cb:fe:de:
         5e:12:26:d0:7f:64:66:02:85:e4:a7:40:73:08:9d:84:5e:82:
         e4:7b:20:c6:44:82:c2:2e:7f:e8:93:ab:62:84:55:f5:3f:48:
         ad:96:d1:12:b3:a6:93:20:0e:81:15:97:e6:b3:49:87:93:87:
         47:a7:9e:ef:bb:f0:fb:92:64:69:68:ee:d8:e7:12:1d:7d:28:
         10:cc:93:f4:92:c8:9e:c8:39:05:d1:7b:38:40:3d:47:b9:1d:
         7a:1b:bf:4d:36:63:8b:64:4a:3a:82:bf:bf:59:27:70:11:37:
         4a:3c:c8:2d:b4:43:29:67:10:05:db:0f:24:da:52:bc:0b:82:
         29:00:de:2a:2d:d1:d9:5d:99:57:18:c3:05:33:b0:41:73:85:
         df:96:37:1c:61:e7:8a:e5:67:ee:84:b2:a6:65:49:0d:b9:57:
         ad:8f:87:52:8c:e5:78:2d:72:dd:3f:13:4e:06:84:f0:27:c1:
         a5:21:8c:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHVgl1jOe/ZBAXm7IQ6VAhRLw2JQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjUxMTIxMDVaFw0yNjA3MjQxMTI2MDVaMDMxMTAvBgNV
BAMTKDNDMDA2MTI2OEE3NzRFRkQ2RUMzN0U0RTc1MjQ3MDRBNkZFODVFQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA8TZ3m6Ezm/DkK6TaA7t7ejjy
/kxJitUn9Ct2ltWYuu5WcuznUctCTvGLMeGeL2Hs9Fokb3Pg6+QYL8ICcWdWeQsA
v+yKC8T0Y3FQRTxhJlijAjKunNv9vtHUZ3dtzO6uBHpwZo9XB92FVXFZDZLCfesk
cMorCqii2Cld6+fLsQ9rA5H5JrGYdWHsvVrVJC8j2g2yGlwcy6++YfN0pGvVGZ82
ckNUufI8Rywav8mmg55+xGMNK9EIniJ32wHo9cTh5UUVwGtYmTZ/Msu3feg9AEvp
r3FdKDtDulooayulKFh62jINcb6WQFFLfat5y1hCw1m9/eK4XwoUIAgZ8JDJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPABhJop3Tv1uw35OdSRwSm/oXsIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyMzkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABMMA0GCSqGSIb3DQEBCwUAA4IBAQBevd7pW/Ic5gyCr0OLozPeeVIB+Mu9gscw
XzZMWLp4DWIPFAGDy5DW+PniCRCpWNSOtfMXeqGordVDz1L4ciSbuHOo7u/L/t5e
EibQf2RmAoXkp0BzCJ2EXoLkeyDGRILCLn/ok6tihFX1P0itltESs6aTIA6BFZfm
s0mHk4dHp57vu/D7kmRpaO7Y5xIdfSgQzJP0ksieyDkF0Xs4QD1HuR16G79NNmOL
ZEo6gr+/WSdwETdKPMgttEMpZxAF2w8k2lK8C4IpAN4qLdHZXZlXGMMFM7BBc4Xf
ljccYeeK5WfuhLKmZUkNuVetj4dSjOV4LXLdPxNOBoTwJ8GlIYxX
-----END CERTIFICATE-----