Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS153947.roa
File:                     AS153947.roa (raw, json)
Hash identifier:          n2t5yTsPTVDVhBe5nH3UJRYPvkuXJ31reTn+y9Uvm18=
Subject key identifier:   A7:0D:01:96:81:DA:C9:E8:A8:5F:4A:BC:7B:DA:66:B5:34:4C:E0:14
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       4CC079E4EA3E1721E8E37F1DC3374D2360E356F0
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS153947.roa
Signing time:             Fri 12 Jun 2026 08:25:48 +0000
ROA not before:           Fri 12 Jun 2026 08:20:48 +0000
ROA not after:            Fri 11 Jun 2027 08:25:48 +0000
asID:                     153947
IP address blocks:        51.146.68.0/24 maxlen: 24
                          78.105.150.0/24 maxlen: 24
                          188.220.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:c0:79:e4:ea:3e:17:21:e8:e3:7f:1d:c3:37:4d:23:60:e3:56:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 12 08:20:48 2026 GMT
            Not After : Jun 11 08:25:48 2027 GMT
        Subject: CN=A70D019681DAC9E8A85F4ABC7BDA66B5344CE014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:06:63:d6:f1:0a:89:88:66:d5:c5:6c:49:ff:
                    92:cc:58:a4:c4:b8:9e:6a:44:96:64:91:96:fc:31:
                    e0:6e:59:17:c7:ca:5c:e5:94:8d:54:a7:37:3c:09:
                    5f:ed:54:cb:8c:d5:17:d5:99:ee:fe:2d:5a:78:d4:
                    0b:a9:ee:17:d7:41:a8:5a:66:0f:5d:3a:b4:17:a4:
                    2a:10:5e:9a:05:d8:8b:7d:10:e0:95:39:ba:67:f2:
                    81:66:76:a6:1e:9b:05:e0:e0:7a:1c:09:50:86:46:
                    03:d7:1f:5f:0e:7a:47:b2:f7:6e:0c:25:8d:17:e5:
                    f0:2d:c3:d5:5b:e3:62:54:d0:cd:83:3e:fa:28:dd:
                    4c:a5:7e:cf:60:ca:49:4b:27:96:5e:19:c4:ce:54:
                    bf:4e:4f:50:b8:b1:c3:27:eb:64:6c:f9:e4:6e:67:
                    fa:80:f4:52:1a:fb:13:b0:0f:bc:f6:96:90:4e:17:
                    3a:7e:26:44:9d:bf:12:a7:9c:8f:d6:9e:18:a5:8d:
                    ab:d4:49:5d:d8:a9:59:91:c7:18:61:fb:d9:df:4d:
                    92:15:f1:36:56:23:b5:01:9c:4d:84:fa:c0:f3:71:
                    40:d4:b6:92:9a:b9:66:b2:0f:8b:c3:69:56:97:0b:
                    9f:ec:87:67:a2:d1:a2:18:cf:cf:e1:ae:15:29:2d:
                    69:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:0D:01:96:81:DA:C9:E8:A8:5F:4A:BC:7B:DA:66:B5:34:4C:E0:14
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS153947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.68.0/24
                  78.105.150.0/24
                  188.220.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:82:d4:cd:76:2e:d7:7d:f4:29:c0:84:69:e2:a6:36:a9:c2:
         5a:eb:c9:90:37:79:57:5d:4d:e0:db:45:55:30:ad:02:ae:b0:
         b1:8b:c1:6c:dc:34:ee:79:b8:0c:e9:48:07:6d:34:f9:ba:54:
         93:4e:23:5d:45:12:8b:c1:6c:c3:d4:36:6a:15:7e:a0:f7:6c:
         f5:53:d3:3a:5a:e8:e8:fa:b5:f2:d8:bd:69:e6:80:8e:6c:e9:
         d1:72:a7:e1:88:81:c2:5d:26:55:f1:34:f4:9e:95:c4:0e:91:
         97:d9:de:f6:ba:38:17:65:e8:31:52:de:21:91:f6:cd:92:79:
         d7:dc:f0:40:eb:a8:84:3b:ae:9e:6e:61:26:ed:f8:42:54:96:
         ec:fa:0d:f2:65:40:17:fe:1d:4e:10:96:42:1e:cd:34:7b:5d:
         51:92:f9:ed:2e:e8:75:a6:02:12:7b:9a:bb:d4:31:49:07:a3:
         b5:2a:e1:89:9e:c7:6f:2a:ae:13:27:61:fe:a6:aa:7d:ca:2a:
         2e:e9:70:d4:42:44:ba:1d:ba:bd:c3:b8:f4:6f:b1:67:64:75:
         ca:fe:bc:5c:a4:a6:04:2c:3a:02:a0:c0:03:be:c5:50:c1:cf:
         2c:60:50:ae:73:98:48:17:90:3c:39:cc:23:65:19:ea:7f:b9:
         49:8e:cf:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUTMB55Oo+FyHo438dwzdNI2DjVvAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTIwODIwNDhaFw0yNzA2MTEwODI1NDhaMDMxMTAvBgNV
BAMTKEE3MEQwMTk2ODFEQUM5RThBODVGNEFCQzdCREE2NkI1MzQ0Q0UwMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOBmPW8QqJiGbVxWxJ/5LMWKTE
uJ5qRJZkkZb8MeBuWRfHylzllI1Upzc8CV/tVMuM1RfVme7+LVp41Aup7hfXQaha
Zg9dOrQXpCoQXpoF2It9EOCVObpn8oFmdqYemwXg4HocCVCGRgPXH18Oekey924M
JY0X5fAtw9Vb42JU0M2DPvoo3Uylfs9gyklLJ5ZeGcTOVL9OT1C4scMn62Rs+eRu
Z/qA9FIa+xOwD7z2lpBOFzp+JkSdvxKnnI/WnhiljavUSV3YqVmRxxhh+9nfTZIV
8TZWI7UBnE2E+sDzcUDUtpKauWayD4vDaVaXC5/sh2ei0aIYz8/hrhUpLWl7AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUpw0BloHayeioX0q8e9pmtTRM4BQwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTUzOTQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAM5JE
AwQATmmWAwQAvNwiMA0GCSqGSIb3DQEBCwUAA4IBAQA1gtTNdi7XffQpwIRp4qY2
qcJa68mQN3lXXU3g20VVMK0CrrCxi8Fs3DTuebgM6UgHbTT5ulSTTiNdRRKLwWzD
1DZqFX6g92z1U9M6Wujo+rXy2L1p5oCObOnRcqfhiIHCXSZV8TT0npXEDpGX2d72
ujgXZegxUt4hkfbNknnX3PBA66iEO66ebmEm7fhCVJbs+g3yZUAX/h1OEJZCHs00
e11RkvntLuh1pgISe5q71DFJB6O1KuGJnsdvKq4TJ2H+pqp9yiou6XDUQkS6Hbq9
w7j0b7FnZHXK/rxcpKYELDoCoMADvsVQwc8sYFCuc5hIF5A8OcwjZRnqf7lJjs8x
-----END CERTIFICATE-----