Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS150249.roa
File:                     AS150249.roa (raw, json)
Hash identifier:          xPj/VGmEfk/a3Ip+HNSzCyX14B9fPl1JuxPD0qzgE8E=
Subject key identifier:   79:51:97:D7:5C:83:7B:8E:44:C3:20:45:7B:DE:08:7C:CB:12:1C:35
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3E878B3815B4EAAAED1B0FE270657FB8A8951D2A
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS150249.roa
Signing time:             Sun 05 Apr 2026 07:16:22 +0000
ROA not before:           Sun 05 Apr 2026 07:11:22 +0000
ROA not after:            Sun 04 Apr 2027 07:16:22 +0000
asID:                     150249
IP address blocks:        2a14:7580:ff0f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:87:8b:38:15:b4:ea:aa:ed:1b:0f:e2:70:65:7f:b8:a8:95:1d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr  5 07:11:22 2026 GMT
            Not After : Apr  4 07:16:22 2027 GMT
        Subject: CN=795197D75C837B8E44C320457BDE087CCB121C35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fa:ac:bd:67:c5:b5:79:04:61:3b:c5:52:82:
                    ea:f5:0d:b4:19:e0:5b:e2:e0:09:cb:27:f9:14:f1:
                    14:23:22:0a:99:f7:f2:ae:93:9f:5c:89:80:8c:1a:
                    0d:4f:13:89:ea:c2:35:19:2e:09:1d:be:c9:64:c7:
                    a3:e8:3b:82:26:16:ad:52:c6:e1:04:4a:d3:19:07:
                    13:f5:0f:db:12:a9:71:8d:40:b3:3a:07:70:6b:5e:
                    6e:d0:70:d5:a4:be:f6:bb:c2:8b:6e:19:72:7a:fb:
                    94:83:81:32:5b:14:7d:e6:b5:bb:9e:27:c5:8a:50:
                    a9:08:9a:55:d7:9f:a0:ad:c0:80:22:ac:42:c1:cd:
                    8f:1e:27:71:78:27:be:13:b8:5b:6f:14:7d:ce:3f:
                    59:a9:bd:17:c9:40:2d:ac:08:51:0f:38:34:dc:9e:
                    68:fa:74:3a:8e:99:5f:02:2d:5f:ec:d6:d3:ed:6e:
                    e1:a0:10:23:ac:ca:33:2d:f1:ab:18:66:d1:52:d4:
                    08:df:7f:d2:a0:0d:b1:02:bf:a5:28:0b:03:52:74:
                    f0:ac:af:4f:76:0b:9f:30:2f:91:0c:35:b0:63:70:
                    3a:70:bf:67:44:d3:ed:20:ed:7f:76:40:38:03:5f:
                    70:d4:8a:ce:f1:77:f3:1e:9c:98:ad:36:7d:59:c7:
                    38:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:51:97:D7:5C:83:7B:8E:44:C3:20:45:7B:DE:08:7C:CB:12:1C:35
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS150249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:95:f4:6c:01:cf:37:dc:5b:dd:67:08:ec:65:19:30:74:ab:
         bc:37:20:a9:56:9c:4a:27:b8:bc:28:33:1b:7d:82:70:8d:9c:
         4f:58:7d:dc:52:87:c6:3c:d5:21:7d:2d:bd:d7:4e:a2:97:4a:
         c3:45:b6:b7:02:e3:47:a1:63:43:76:01:91:aa:36:d5:4a:83:
         77:98:2d:cf:66:48:71:66:8c:45:17:fe:40:d2:7d:93:ab:9e:
         7d:87:5a:d8:20:71:d0:3e:1f:34:cc:84:b0:ee:41:34:81:87:
         11:24:8d:b7:89:12:7a:75:af:11:23:94:ed:ce:c3:fd:b5:b0:
         ce:64:c9:ec:6c:6b:90:6f:4b:b4:f4:8f:1b:0c:e1:c4:0a:8a:
         1c:82:74:78:6b:b7:06:cb:0f:1f:38:9b:8c:f5:8e:bb:fd:ac:
         7f:fa:43:75:47:8b:18:cf:9e:6e:c8:bd:52:52:45:b3:4d:db:
         49:d3:a1:4d:78:04:86:b2:2d:85:11:f0:ff:a1:53:f8:36:44:
         fc:ce:dd:0f:8e:70:58:2c:2c:33:fe:65:fe:bf:4c:5b:dc:23:
         4c:35:da:cb:73:f3:89:ea:97:2e:dc:25:08:a0:a0:65:38:52:
         3a:7c:9e:e5:52:33:b3:75:7c:11:10:79:44:e0:1f:47:31:5d:
         b6:f6:4c:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPoeLOBW06qrtGw/icGV/uKiVHSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MDUwNzExMjJaFw0yNzA0MDQwNzE2MjJaMDMxMTAvBgNV
BAMTKDc5NTE5N0Q3NUM4MzdCOEU0NEMzMjA0NTdCREUwODdDQ0IxMjFDMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi+qy9Z8W1eQRhO8VSgur1DbQZ
4Fvi4AnLJ/kU8RQjIgqZ9/Kuk59ciYCMGg1PE4nqwjUZLgkdvslkx6PoO4ImFq1S
xuEEStMZBxP1D9sSqXGNQLM6B3BrXm7QcNWkvva7wotuGXJ6+5SDgTJbFH3mtbue
J8WKUKkImlXXn6CtwIAirELBzY8eJ3F4J74TuFtvFH3OP1mpvRfJQC2sCFEPODTc
nmj6dDqOmV8CLV/s1tPtbuGgECOsyjMt8asYZtFS1Ajff9KgDbECv6UoCwNSdPCs
r092C58wL5EMNbBjcDpwv2dE0+0g7X92QDgDX3DUis7xd/MenJitNn1ZxzhjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUeVGX11yDe45EwyBFe94IfMsSHDUwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTUwMjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gP8PMA0GCSqGSIb3DQEBCwUAA4IBAQA1lfRsAc833FvdZwjsZRkwdKu8NyCpVpxK
J7i8KDMbfYJwjZxPWH3cUofGPNUhfS29106il0rDRba3AuNHoWNDdgGRqjbVSoN3
mC3PZkhxZoxFF/5A0n2Tq559h1rYIHHQPh80zISw7kE0gYcRJI23iRJ6da8RI5Tt
zsP9tbDOZMnsbGuQb0u09I8bDOHECoocgnR4a7cGyw8fOJuM9Y67/ax/+kN1R4sY
z55uyL1SUkWzTdtJ06FNeASGsi2FEfD/oVP4NkT8zt0PjnBYLCwz/mX+v0xb3CNM
NdrLc/OJ6pcu3CUIoKBlOFI6fJ7lUjOzdXwREHlE4B9HMV229kw0
-----END CERTIFICATE-----