Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          j4x3HoNCFOeitpIPmKBcLQ1vD+MeVz3k5mjaTroo65M=
Subject key identifier:   DD:1C:BF:27:BD:60:F9:B4:64:49:74:00:87:2B:F4:FA:C6:E9:3C:C8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       24FDA2C22F7E2CEA16D06DAA06DB09A4B769278D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
Signing time:             Mon 30 Jun 2025 06:02:45 +0000
ROA not before:           Mon 30 Jun 2025 05:57:45 +0000
ROA not after:            Mon 29 Jun 2026 06:02:45 +0000
asID:                     152672
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:fd:a2:c2:2f:7e:2c:ea:16:d0:6d:aa:06:db:09:a4:b7:69:27:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 30 05:57:45 2025 GMT
            Not After : Jun 29 06:02:45 2026 GMT
        Subject: CN=DD1CBF27BD60F9B464497400872BF4FAC6E93CC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:79:93:b0:68:aa:28:c0:28:2f:23:a8:39:
                    ff:84:c7:4d:5f:02:4d:06:21:9d:d1:70:b6:25:7c:
                    67:a9:26:d7:8e:4f:58:a4:8c:47:73:19:75:f2:3a:
                    39:e4:3c:48:76:be:3a:16:da:1a:a6:49:6c:c2:72:
                    34:17:19:4d:ad:b2:01:c3:c9:39:8b:b9:12:65:31:
                    78:0b:cb:18:ba:be:4d:db:7b:ac:9a:d3:6e:eb:ef:
                    96:87:73:7e:a6:e2:a8:1d:a2:b4:4b:8b:91:43:c5:
                    b2:93:20:bb:5c:68:61:9f:98:06:95:d0:84:27:fc:
                    7d:22:d1:13:9f:71:29:7c:88:95:f5:74:d7:7c:73:
                    b9:b1:5d:d7:4e:21:47:58:90:a4:4d:54:d3:ab:9a:
                    cb:6b:c5:11:71:9d:78:b5:91:98:7b:7d:7d:32:6f:
                    53:9d:97:29:e4:4b:69:82:8c:a3:ed:f3:4c:f6:bf:
                    07:b9:d3:16:52:87:e0:5f:24:11:19:31:86:c3:03:
                    df:48:31:5b:d8:b1:9d:80:43:13:8a:75:17:f6:66:
                    ea:ec:fb:fe:e8:fa:89:5e:dc:b0:df:61:8e:81:1c:
                    60:3b:e6:be:09:96:41:77:db:bd:ec:7a:f7:2b:84:
                    3a:48:dd:b3:90:db:86:50:61:36:64:fc:34:2b:b5:
                    ba:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1C:BF:27:BD:60:F9:B4:64:49:74:00:87:2B:F4:FA:C6:E9:3C:C8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:c5:11:2b:11:c0:f5:d2:8d:84:b7:8c:60:4e:f0:ac:47:ee:
         d0:a1:db:d1:cd:7e:a2:bc:26:c0:e5:e4:bb:66:43:b3:60:a0:
         b4:f1:25:7c:21:53:af:e8:f0:68:ef:8b:1b:0c:40:ca:a2:5a:
         e0:0d:27:e6:48:8c:b0:1b:fb:74:db:ea:c3:74:7b:ea:67:29:
         d1:8c:55:4f:0d:e0:0b:b4:5a:70:03:8f:6d:1e:00:ee:b3:17:
         18:1c:53:ca:b2:4d:c5:85:35:10:64:20:70:f3:14:f0:b4:8b:
         ba:e4:de:5a:50:8c:9a:cd:5f:3c:a0:8f:22:5d:38:05:3c:30:
         d5:88:7b:1f:fe:ee:c1:c8:a8:fd:a6:17:8f:f2:98:22:51:86:
         63:dc:25:17:08:0f:cd:6e:3a:a4:8c:eb:67:bf:c3:4c:e9:9d:
         41:07:b7:e4:c1:8c:10:67:6e:5d:e3:e3:87:2b:31:ba:c4:06:
         58:9e:13:2b:37:30:21:dc:0d:1b:9c:96:a7:55:22:ae:9e:05:
         81:fb:89:8d:59:5c:a2:95:30:40:23:da:5a:0e:b5:35:3f:df:
         a8:b7:9e:3e:34:87:2b:c6:e2:d1:cf:a2:4f:40:2e:a1:95:68:
         47:7c:f4:14:f4:3a:b7:ba:d6:72:ca:1a:b9:c7:85:70:24:6a:
         8b:aa:07:9e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJP2iwi9+LOoW0G2qBtsJpLdpJ40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MzAwNTU3NDVaFw0yNjA2MjkwNjAyNDVaMDMxMTAvBgNV
BAMTKEREMUNCRjI3QkQ2MEY5QjQ2NDQ5NzQwMDg3MkJGNEZBQzZFOTNDQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu93mTsGiqKMAoLyOoOf+Ex01f
Ak0GIZ3RcLYlfGepJteOT1ikjEdzGXXyOjnkPEh2vjoW2hqmSWzCcjQXGU2tsgHD
yTmLuRJlMXgLyxi6vk3be6ya027r75aHc36m4qgdorRLi5FDxbKTILtcaGGfmAaV
0IQn/H0i0ROfcSl8iJX1dNd8c7mxXddOIUdYkKRNVNOrmstrxRFxnXi1kZh7fX0y
b1OdlynkS2mCjKPt80z2vwe50xZSh+BfJBEZMYbDA99IMVvYsZ2AQxOKdRf2Zurs
+/7o+ole3LDfYY6BHGA75r4JlkF3273sevcrhDpI3bOQ24ZQYTZk/DQrtbqtAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3Ry/J71g+bRkSXQAhyv0+sbpPMgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQC/xRErEcD10o2Et4xgTvCsR+7QodvR
zX6ivCbA5eS7ZkOzYKC08SV8IVOv6PBo74sbDEDKolrgDSfmSIywG/t02+rDdHvq
ZynRjFVPDeALtFpwA49tHgDusxcYHFPKsk3FhTUQZCBw8xTwtIu65N5aUIyazV88
oI8iXTgFPDDViHsf/u7ByKj9pheP8pgiUYZj3CUXCA/NbjqkjOtnv8NM6Z1BB7fk
wYwQZ25d4+OHKzG6xAZYnhMrNzAh3A0bnJanVSKungWB+4mNWVyilTBAI9paDrU1
P9+ot54+NIcrxuLRz6JPQC6hlWhHfPQU9Dq3utZyyhq5x4VwJGqLqgee
-----END CERTIFICATE-----