Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63150.roa
File:                     AS63150.roa (raw, json)
Hash identifier:          KBlvKOL6nfc0nDUQBR9xeuiUEFJHMaOyEqzNW9rpT6U=
Subject key identifier:   2F:1C:55:C0:78:83:56:19:A1:3E:40:75:E3:C3:27:D9:03:BF:80:11
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7E409965E09B998B58D4F77ACC3D568CCCC122DC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63150.roa
Signing time:             Mon 02 Feb 2026 15:55:36 +0000
ROA not before:           Mon 02 Feb 2026 15:50:36 +0000
ROA not after:            Mon 01 Feb 2027 15:55:36 +0000
asID:                     63150
IP address blocks:        82.26.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:40:99:65:e0:9b:99:8b:58:d4:f7:7a:cc:3d:56:8c:cc:c1:22:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  2 15:50:36 2026 GMT
            Not After : Feb  1 15:55:36 2027 GMT
        Subject: CN=2F1C55C078835619A13E4075E3C327D903BF8011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:a4:32:71:3c:4e:f1:bc:86:93:38:55:d4:
                    51:c9:45:0c:42:4a:88:c6:80:68:be:0e:44:67:08:
                    6e:d6:b7:5e:77:e0:5e:eb:13:60:4b:8c:d6:54:11:
                    ef:c6:ab:32:cd:36:23:69:d9:e0:c8:70:9a:7a:10:
                    b4:d6:6c:7b:d9:a8:f3:e5:cc:6a:3a:3e:33:59:24:
                    bb:dd:69:88:39:b2:64:f2:da:dd:ce:a4:40:b2:84:
                    95:4c:65:43:33:57:8b:4e:7b:cd:8b:92:8f:b3:27:
                    0a:5c:00:45:7b:d3:12:e0:70:ca:dd:6f:91:e1:97:
                    f0:54:e2:12:69:b4:37:e7:b4:e5:9f:d3:2d:23:a0:
                    2f:fb:c6:38:87:14:b4:fa:73:7e:17:a9:9f:5a:7c:
                    14:54:7b:d2:0f:d7:59:9f:4a:01:cf:c0:5e:36:97:
                    37:4e:bd:20:13:b0:56:5b:e3:c0:09:1e:b5:6a:37:
                    fa:a8:61:10:a8:16:b0:14:51:4b:ec:b9:91:08:e0:
                    53:ac:af:72:b2:15:dc:08:f1:2c:d9:67:b1:c1:c1:
                    91:d8:f2:1c:05:1a:07:06:d7:1c:11:ce:20:dd:98:
                    ab:7d:00:7d:56:ad:30:fa:c7:d5:d9:a0:45:df:18:
                    e6:f2:1d:72:78:5e:da:0b:ff:18:7c:af:52:60:e9:
                    43:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:1C:55:C0:78:83:56:19:A1:3E:40:75:E3:C3:27:D9:03:BF:80:11
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS63150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:64:00:1a:22:fe:7c:8a:2c:6d:49:86:82:91:39:dc:b7:2c:
         3d:63:98:35:27:d5:4f:0e:a8:0c:c4:1e:15:f4:82:b5:72:a6:
         13:0d:0f:a8:a9:90:36:2a:67:15:9b:a2:23:dd:26:f9:a2:05:
         58:e8:4c:43:68:74:0b:68:46:8e:26:cd:05:98:3e:73:05:3a:
         75:9b:bc:93:2b:3f:2f:ea:f3:b4:b0:27:73:56:06:e2:d1:7a:
         fa:41:58:44:d7:98:a7:42:e5:72:ee:7d:38:12:65:3a:32:cd:
         7d:3a:7b:da:7a:ca:86:5c:92:db:ac:58:1d:c5:a5:e1:43:b4:
         0a:b8:be:80:ef:50:aa:60:07:86:38:75:17:30:9b:6f:ff:a8:
         2a:35:b6:28:ec:dc:45:42:f2:59:73:c8:e7:06:07:57:6a:b1:
         f5:7e:bb:5d:2e:12:c2:37:7a:90:14:81:2d:13:6d:3c:64:23:
         81:a4:64:72:d3:5c:e6:d7:cf:21:63:ba:bf:e3:f3:ac:79:cb:
         45:03:b5:34:62:e6:27:50:4a:2b:ec:cd:97:99:34:fb:a9:f0:
         91:fa:0c:00:15:c5:6f:34:da:60:5b:9a:3d:8a:f7:48:20:0d:
         ca:1d:36:c5:2d:8d:d4:47:55:b7:c1:ab:b3:66:42:6f:4a:02:
         9f:fe:52:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfkCZZeCbmYtY1Pd6zD1WjMzBItwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDIxNTUwMzZaFw0yNzAyMDExNTU1MzZaMDMxMTAvBgNV
BAMTKDJGMUM1NUMwNzg4MzU2MTlBMTNFNDA3NUUzQzMyN0Q5MDNCRjgwMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu/6QycTxO8byGkzhV1FHJRQxC
SojGgGi+DkRnCG7Wt1534F7rE2BLjNZUEe/GqzLNNiNp2eDIcJp6ELTWbHvZqPPl
zGo6PjNZJLvdaYg5smTy2t3OpECyhJVMZUMzV4tOe82Lko+zJwpcAEV70xLgcMrd
b5Hhl/BU4hJptDfntOWf0y0joC/7xjiHFLT6c34XqZ9afBRUe9IP11mfSgHPwF42
lzdOvSATsFZb48AJHrVqN/qoYRCoFrAUUUvsuZEI4FOsr3KyFdwI8SzZZ7HBwZHY
8hwFGgcG1xwRziDdmKt9AH1WrTD6x9XZoEXfGObyHXJ4XtoL/xh8r1Jg6UONAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQULxxVwHiDVhmhPkB148Mn2QO/gBEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjMxNTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGlIw
DQYJKoZIhvcNAQELBQADggEBAGtkABoi/nyKLG1JhoKROdy3LD1jmDUn1U8OqAzE
HhX0grVyphMND6ipkDYqZxWboiPdJvmiBVjoTENodAtoRo4mzQWYPnMFOnWbvJMr
Py/q87SwJ3NWBuLRevpBWETXmKdC5XLufTgSZToyzX06e9p6yoZcktusWB3FpeFD
tAq4voDvUKpgB4Y4dRcwm2//qCo1tijs3EVC8llzyOcGB1dqsfV+u10uEsI3epAU
gS0TbTxkI4GkZHLTXObXzyFjur/j86x5y0UDtTRi5idQSivszZeZNPup8JH6DAAV
xW802mBbmj2K90ggDcodNsUtjdRHVbfBq7NmQm9KAp/+Ug4=
-----END CERTIFICATE-----