Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa
File:                     AS151490.roa (raw, json)
Hash identifier:          m4VXyyIIDY+Vp5lU1uC4GMUzoaO2BSB3FWvT6IyxeWQ=
Subject key identifier:   25:50:18:56:4F:AA:4C:EC:B8:7D:05:FF:D3:2C:74:71:AC:B1:02:E8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       905E9FFD7C43905C694DE8C214442E6148282E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa
Signing time:             Wed 16 Apr 2025 02:50:24 +0000
ROA not before:           Wed 16 Apr 2025 02:45:24 +0000
ROA not after:            Wed 15 Apr 2026 02:50:24 +0000
asID:                     151490
IP address blocks:        141.11.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            90:5e:9f:fd:7c:43:90:5c:69:4d:e8:c2:14:44:2e:61:48:28:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 16 02:45:24 2025 GMT
            Not After : Apr 15 02:50:24 2026 GMT
        Subject: CN=255018564FAA4CECB87D05FFD32C7471ACB102E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ae:b9:e3:1a:de:19:df:f6:53:b4:79:91:b7:
                    6b:f0:b4:c9:cd:4d:02:29:71:89:9b:d5:0a:ee:66:
                    b3:43:af:fe:ae:d8:fc:10:6a:df:81:53:57:18:4b:
                    1c:3c:d1:89:b6:2e:d5:0d:03:c2:51:0b:cd:ad:92:
                    2f:de:3e:4d:1e:37:3a:13:42:13:14:b3:d8:ce:3e:
                    7f:0b:d8:29:7c:68:c7:5a:68:5d:dc:39:d8:4e:05:
                    9f:43:8a:0b:5d:8e:24:4b:d1:a0:6f:f3:ca:a9:a8:
                    44:48:4b:7c:c7:0b:a7:4c:f0:2a:a7:b9:52:20:2e:
                    15:de:e2:21:76:55:f6:cf:a5:eb:02:96:3b:51:92:
                    71:7b:52:31:e1:fe:0c:b1:6f:d6:cb:37:bd:bb:4a:
                    85:4e:bb:cf:ee:0d:60:b5:ae:d7:40:fd:8e:f9:85:
                    d0:4b:50:60:92:11:31:69:4b:1b:c1:f1:cb:7d:d6:
                    20:bb:9a:5f:ba:32:5e:65:78:fe:b2:9a:a3:a8:a1:
                    18:48:ee:f0:46:76:4b:76:6c:9d:d0:6e:87:11:2a:
                    b2:53:3c:cd:31:47:79:02:01:2c:8a:99:00:aa:6c:
                    0c:7a:ff:1e:78:08:78:e6:f4:07:c5:62:cb:70:12:
                    5b:e4:71:96:0d:c2:f1:cb:76:bf:4a:8f:2a:a8:be:
                    2e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:50:18:56:4F:AA:4C:EC:B8:7D:05:FF:D3:2C:74:71:AC:B1:02:E8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:de:bf:58:77:17:0a:93:9c:98:da:38:2e:15:41:b5:89:ac:
         fa:43:70:6a:50:05:bc:89:3e:0f:7c:81:d8:15:1d:a3:7f:40:
         41:44:57:3c:d5:bd:f3:9c:1d:92:93:e7:c7:7d:19:94:cb:dc:
         69:c2:dc:f8:c9:a1:89:0f:66:53:3a:12:a7:ce:19:41:b9:4c:
         2f:2b:d3:92:44:a4:92:6d:ab:b2:e6:9d:c3:8d:26:47:85:7c:
         55:b9:48:56:6c:82:62:af:60:4b:37:2d:72:68:6b:9b:2f:3c:
         b8:89:7f:8f:2b:d9:83:63:49:ae:3b:2d:0a:74:2c:a3:55:a8:
         b3:d0:29:ac:72:72:5e:20:f5:98:f1:cb:00:86:d4:19:4a:9f:
         ae:96:82:7e:33:00:d3:17:22:25:6e:39:15:59:49:63:cb:b8:
         f4:75:b6:59:87:38:7f:bd:be:26:41:0a:bf:0e:bf:60:f3:d0:
         6f:ba:95:08:8e:97:dc:e8:a8:99:21:7a:85:47:23:57:a1:d5:
         6b:93:07:89:19:12:f2:66:03:94:f0:db:2a:85:68:e4:19:8d:
         e5:45:a1:c7:90:ba:86:90:95:85:ff:b5:d2:88:ef:90:1d:74:
         26:1f:32:ef:7f:8a:63:20:70:67:69:20:c1:9d:cd:c1:40:5c:
         a3:f7:06:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAJBen/18Q5BcaU3owhRELmFIKC4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTYwMjQ1MjRaFw0yNjA0MTUwMjUwMjRaMDMxMTAvBgNV
BAMTKDI1NTAxODU2NEZBQTRDRUNCODdEMDVGRkQzMkM3NDcxQUNCMTAyRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0rrnjGt4Z3/ZTtHmRt2vwtMnN
TQIpcYmb1QruZrNDr/6u2PwQat+BU1cYSxw80Ym2LtUNA8JRC82tki/ePk0eNzoT
QhMUs9jOPn8L2Cl8aMdaaF3cOdhOBZ9DigtdjiRL0aBv88qpqERIS3zHC6dM8Cqn
uVIgLhXe4iF2VfbPpesCljtRknF7UjHh/gyxb9bLN727SoVOu8/uDWC1rtdA/Y75
hdBLUGCSETFpSxvB8ct91iC7ml+6Ml5leP6ymqOooRhI7vBGdkt2bJ3QbocRKrJT
PM0xR3kCASyKmQCqbAx6/x54CHjm9AfFYstwElvkcZYNwvHLdr9Kjyqovi4/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJVAYVk+qTOy4fQX/0yx0cayxAugwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUxNDkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsJ
MA0GCSqGSIb3DQEBCwUAA4IBAQB83r9YdxcKk5yY2jguFUG1iaz6Q3BqUAW8iT4P
fIHYFR2jf0BBRFc81b3znB2Sk+fHfRmUy9xpwtz4yaGJD2ZTOhKnzhlBuUwvK9OS
RKSSbauy5p3DjSZHhXxVuUhWbIJir2BLNy1yaGubLzy4iX+PK9mDY0muOy0KdCyj
Vaiz0CmscnJeIPWY8csAhtQZSp+uloJ+MwDTFyIlbjkVWUljy7j0dbZZhzh/vb4m
QQq/Dr9g89BvupUIjpfc6KiZIXqFRyNXodVrkweJGRLyZgOU8NsqhWjkGY3lRaHH
kLqGkJWF/7XSiO+QHXQmHzLvf4pjIHBnaSDBnc3BQFyj9wZU
-----END CERTIFICATE-----