Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154132.roa
File:                     AS154132.roa (raw, json)
Hash identifier:          9sYXlz2FPui3o3rVNm+Z5/lSIHBtU3kojCaox6q/5kg=
Subject key identifier:   BA:5F:13:61:1A:87:9A:85:B3:29:F4:48:2D:CF:39:8E:10:05:2A:D9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0D28D5943EA50997767D04083EE17CA0A0E4A61F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154132.roa
Signing time:             Fri 12 Jun 2026 15:56:30 +0000
ROA not before:           Fri 12 Jun 2026 15:51:30 +0000
ROA not after:            Fri 11 Jun 2027 15:56:30 +0000
asID:                     154132
IP address blocks:        193.111.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:28:d5:94:3e:a5:09:97:76:7d:04:08:3e:e1:7c:a0:a0:e4:a6:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 12 15:51:30 2026 GMT
            Not After : Jun 11 15:56:30 2027 GMT
        Subject: CN=BA5F13611A879A85B329F4482DCF398E10052AD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cf:10:80:c4:87:28:b3:8d:27:4d:91:75:a5:
                    ca:a4:36:ba:ad:c6:26:3a:ca:b7:22:97:dc:71:a9:
                    06:64:51:2a:7b:1a:aa:bc:bc:76:48:5b:82:86:a9:
                    a6:e6:f1:b2:a0:26:dc:44:1e:e3:f8:34:fa:1f:f1:
                    23:8e:d1:59:77:2c:a6:99:db:8c:7d:a5:16:bf:ff:
                    a5:21:48:75:e3:ce:2b:24:07:9c:cc:aa:67:4d:c3:
                    89:a0:3c:8b:32:d7:41:ab:88:57:42:2d:43:fd:0b:
                    b8:e6:21:71:05:89:c9:52:12:68:1a:13:c1:7d:5a:
                    ee:57:f5:79:ac:5e:47:d3:5a:08:ba:58:9f:7c:ef:
                    6f:5e:28:32:33:da:1c:1f:e7:62:46:0a:73:5a:e4:
                    0e:01:30:ec:aa:22:f9:43:78:04:d0:c0:6f:c8:ae:
                    d7:8d:d5:75:9d:1b:88:4d:40:cb:13:f6:ac:61:b6:
                    59:46:6b:ed:4e:4c:71:6a:82:62:b7:f2:94:de:88:
                    34:e2:54:09:4c:83:0c:2f:68:12:6b:7a:d7:43:8b:
                    f9:c1:f8:0c:66:f8:ee:0b:80:8b:ad:ed:e0:1b:f3:
                    4e:0f:ee:c4:2e:b4:d1:f6:1d:e2:c3:12:12:16:db:
                    5d:3d:70:f2:fe:74:4c:bb:3a:75:75:90:fc:e1:38:
                    34:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:5F:13:61:1A:87:9A:85:B3:29:F4:48:2D:CF:39:8E:10:05:2A:D9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS154132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:67:b4:7c:47:ba:05:c7:11:f5:eb:9d:7b:e6:39:2e:3a:70:
         ef:ca:45:77:37:fe:db:b4:79:26:e0:f8:a5:84:69:2d:24:74:
         a3:30:66:57:57:ca:9c:82:03:9e:78:d5:8a:99:99:a3:c7:12:
         79:b6:fb:9c:13:1e:03:32:d7:6c:ba:0a:11:60:16:89:b3:a5:
         89:ec:47:a4:42:4f:27:af:77:38:b0:69:bd:e5:df:1b:7c:22:
         24:66:e2:ac:d0:cb:db:2e:a5:a7:c1:84:50:71:e8:a0:c1:3b:
         3b:a7:58:60:50:c7:e2:30:e9:f9:f1:b7:6b:de:60:51:c3:85:
         82:4d:cd:82:22:7a:fc:13:9c:d4:a9:e7:bc:04:98:3a:ec:f4:
         28:5c:ea:42:3e:b1:c3:b0:0e:da:c4:7d:86:6f:c7:ca:dc:89:
         1e:f2:3f:c0:14:88:b3:cd:bc:9f:bd:86:cf:e9:c2:06:5e:bb:
         d5:d9:de:98:92:d8:2e:42:e1:16:59:eb:58:7f:c4:fc:68:f2:
         b6:78:5c:46:c4:b7:2a:4d:97:4c:42:44:0f:92:60:9d:18:e5:
         7a:04:06:9e:4f:83:7d:62:35:23:5e:b3:f4:c5:c8:c6:08:3e:
         41:55:3f:5a:31:6b:d0:1f:d8:b7:af:b9:20:36:ad:31:24:67:
         34:9d:7f:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDSjVlD6lCZd2fQQIPuF8oKDkph8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTIxNTUxMzBaFw0yNzA2MTExNTU2MzBaMDMxMTAvBgNV
BAMTKEJBNUYxMzYxMUE4NzlBODVCMzI5RjQ0ODJEQ0YzOThFMTAwNTJBRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDzxCAxIcos40nTZF1pcqkNrqt
xiY6yrcil9xxqQZkUSp7Gqq8vHZIW4KGqabm8bKgJtxEHuP4NPof8SOO0Vl3LKaZ
24x9pRa//6UhSHXjziskB5zMqmdNw4mgPIsy10GriFdCLUP9C7jmIXEFiclSEmga
E8F9Wu5X9XmsXkfTWgi6WJ98729eKDIz2hwf52JGCnNa5A4BMOyqIvlDeATQwG/I
rteN1XWdG4hNQMsT9qxhtllGa+1OTHFqgmK38pTeiDTiVAlMgwwvaBJretdDi/nB
+Axm+O4LgIut7eAb804P7sQutNH2HeLDEhIW2109cPL+dEy7OnV1kPzhODTJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUul8TYRqHmoWzKfRILc85jhAFKtkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTU0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW98
MA0GCSqGSIb3DQEBCwUAA4IBAQBeZ7R8R7oFxxH165175jkuOnDvykV3N/7btHkm
4PilhGktJHSjMGZXV8qcggOeeNWKmZmjxxJ5tvucEx4DMtdsugoRYBaJs6WJ7Eek
Qk8nr3c4sGm95d8bfCIkZuKs0MvbLqWnwYRQceigwTs7p1hgUMfiMOn58bdr3mBR
w4WCTc2CInr8E5zUqee8BJg67PQoXOpCPrHDsA7axH2Gb8fK3Ike8j/AFIizzbyf
vYbP6cIGXrvV2d6YktguQuEWWetYf8T8aPK2eFxGxLcqTZdMQkQPkmCdGOV6BAae
T4N9YjUjXrP0xcjGCD5BVT9aMWvQH9i3r7kgNq0xJGc0nX8K
-----END CERTIFICATE-----