Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153996.roa
File:                     AS153996.roa (raw, json)
Hash identifier:          AyaAftzs4vTXtmRGMfbcFi/JUgCXcB+8JgCB+K7c/ck=
Subject key identifier:   1E:9E:3A:48:43:0D:72:2F:6C:40:2F:BA:8C:FE:55:DF:BF:63:7B:F5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6E2393C30B835C024FB6B3C859650CDF91441079
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153996.roa
Signing time:             Mon 08 Jun 2026 09:54:42 +0000
ROA not before:           Mon 08 Jun 2026 09:49:42 +0000
ROA not after:            Mon 07 Jun 2027 09:54:42 +0000
asID:                     153996
IP address blocks:        82.47.226.0/24 maxlen: 24
                          82.47.227.0/24 maxlen: 24
                          178.83.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:23:93:c3:0b:83:5c:02:4f:b6:b3:c8:59:65:0c:df:91:44:10:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  8 09:49:42 2026 GMT
            Not After : Jun  7 09:54:42 2027 GMT
        Subject: CN=1E9E3A48430D722F6C402FBA8CFE55DFBF637BF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:11:82:71:9b:2a:ad:51:8e:31:0d:71:fa:ee:
                    8f:c0:a3:cf:e0:14:bf:41:89:5a:7f:78:83:09:38:
                    fb:6f:29:bd:37:f7:5f:58:cc:a8:ab:d6:bf:ec:14:
                    08:30:19:1a:38:2a:d1:7a:66:67:1f:cc:ea:8c:14:
                    89:2a:db:7c:a4:9c:0c:8c:fb:30:66:65:04:b0:7a:
                    2f:c6:91:15:8a:01:4a:fd:1e:ed:77:f4:a8:c0:b8:
                    86:0e:b9:79:58:ac:56:be:df:89:78:d1:35:43:d5:
                    f7:f4:c9:1c:af:4a:d7:b6:9e:6e:d8:bb:ff:01:bb:
                    8b:47:00:91:26:24:60:f7:74:21:b2:22:98:8b:24:
                    bd:7b:a7:ab:26:3f:5c:b0:fc:dc:8e:ba:d2:0b:31:
                    56:fc:86:9f:00:42:03:04:19:3f:27:d1:5a:60:e6:
                    51:74:f6:5a:f7:95:33:4d:aa:bd:e2:bd:8c:aa:18:
                    30:f3:43:6e:49:3a:03:70:b2:57:93:2a:e6:6d:f0:
                    03:05:dd:17:95:03:03:9a:03:ba:dc:9c:35:81:cf:
                    91:f0:75:5d:b9:37:4a:31:f8:a7:d9:53:c5:26:d1:
                    1d:6a:9a:99:02:52:af:ef:01:24:03:b3:25:43:24:
                    d7:b4:2a:dc:d3:89:05:e1:a2:b5:f0:d3:d3:da:2e:
                    bf:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:9E:3A:48:43:0D:72:2F:6C:40:2F:BA:8C:FE:55:DF:BF:63:7B:F5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.226.0/23
                  178.83.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:81:03:d6:0b:f1:07:68:3f:9c:50:99:bc:33:2f:90:a9:f3:
         53:d6:3d:d0:42:1d:f9:8d:82:0a:79:e9:0e:75:2f:f7:82:f0:
         64:20:0f:e7:8e:6f:b6:b8:63:87:3e:e8:65:38:ed:49:c7:21:
         5f:34:71:00:97:56:b5:e0:cb:0f:6b:87:bc:80:a6:55:e1:a9:
         23:43:4c:9c:70:25:63:2e:6f:10:91:0e:29:13:7a:75:e4:8d:
         e3:0c:e5:3f:c5:e4:21:f9:fb:b2:c1:82:cf:11:92:5c:36:8d:
         d6:08:11:70:b7:9e:bc:af:82:5e:b0:b2:7b:17:8f:83:91:98:
         68:93:d2:9d:3c:2c:06:00:f2:ef:0e:e6:6f:99:bd:7b:2e:6b:
         8b:3f:9a:95:b0:26:07:d6:f0:b1:e0:d1:4b:08:32:b0:c7:77:
         e7:ed:10:5b:18:f8:ea:3c:c7:28:3a:de:3e:8a:8a:8d:c6:5f:
         e7:35:a4:05:76:46:4b:dc:0a:77:b4:65:01:0d:45:fb:7c:45:
         88:01:1d:2b:4e:29:ba:2f:34:44:50:f5:30:c4:60:8e:33:30:
         16:56:b5:90:e2:de:15:c3:75:12:dc:72:f0:c8:8e:c6:20:78:
         2b:5c:11:21:25:24:4b:3d:ba:3e:7e:fb:5d:5f:ad:59:0f:5e:
         49:0e:b4:14
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbiOTwwuDXAJPtrPIWWUM35FEEHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDgwOTQ5NDJaFw0yNzA2MDcwOTU0NDJaMDMxMTAvBgNV
BAMTKDFFOUUzQTQ4NDMwRDcyMkY2QzQwMkZCQThDRkU1NURGQkY2MzdCRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoEYJxmyqtUY4xDXH67o/Ao8/g
FL9BiVp/eIMJOPtvKb03919YzKir1r/sFAgwGRo4KtF6ZmcfzOqMFIkq23yknAyM
+zBmZQSwei/GkRWKAUr9Hu139KjAuIYOuXlYrFa+34l40TVD1ff0yRyvSte2nm7Y
u/8Bu4tHAJEmJGD3dCGyIpiLJL17p6smP1yw/NyOutILMVb8hp8AQgMEGT8n0Vpg
5lF09lr3lTNNqr3ivYyqGDDzQ25JOgNwsleTKuZt8AMF3ReVAwOaA7rcnDWBz5Hw
dV25N0ox+KfZU8Um0R1qmpkCUq/vASQDsyVDJNe0KtzTiQXhorXw09PaLr9DAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUHp46SEMNci9sQC+6jP5V379je/UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzOTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUi/i
AwQAslOvMA0GCSqGSIb3DQEBCwUAA4IBAQAPgQPWC/EHaD+cUJm8My+QqfNT1j3Q
Qh35jYIKeekOdS/3gvBkIA/njm+2uGOHPuhlOO1JxyFfNHEAl1a14MsPa4e8gKZV
4akjQ0yccCVjLm8QkQ4pE3p15I3jDOU/xeQh+fuywYLPEZJcNo3WCBFwt568r4Je
sLJ7F4+DkZhok9KdPCwGAPLvDuZvmb17LmuLP5qVsCYH1vCx4NFLCDKwx3fn7RBb
GPjqPMcoOt4+ioqNxl/nNaQFdkZL3Ap3tGUBDUX7fEWIAR0rTim6LzREUPUwxGCO
MzAWVrWQ4t4Vw3US3HLwyI7GIHgrXBEhJSRLPbo+fvtdX61ZD15JDrQU
-----END CERTIFICATE-----