Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153564.roa
File:                     AS153564.roa (raw, json)
Hash identifier:          hHY7Nr9+WHsDKHI6RCelvCb5ZwTmtkhm3/kfbzFpP8U=
Subject key identifier:   5A:5A:87:06:92:94:A2:4D:D1:0D:52:C3:CD:25:0B:34:6A:DB:67:58
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0C5B6EFAACE2B906CB9B8902EC7C2E94DD782396
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153564.roa
Signing time:             Sat 09 Aug 2025 16:25:18 +0000
ROA not before:           Sat 09 Aug 2025 16:20:18 +0000
ROA not after:            Sat 08 Aug 2026 16:25:18 +0000
asID:                     153564
IP address blocks:        162.141.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:5b:6e:fa:ac:e2:b9:06:cb:9b:89:02:ec:7c:2e:94:dd:78:23:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  9 16:20:18 2025 GMT
            Not After : Aug  8 16:25:18 2026 GMT
        Subject: CN=5A5A87069294A24DD10D52C3CD250B346ADB6758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:49:b4:f3:09:d0:ee:b1:1e:49:e3:1d:74:
                    64:15:94:d2:de:5f:ba:de:17:36:4e:ea:ff:cd:c2:
                    df:72:21:44:7a:72:f0:ed:e6:94:9f:19:cf:12:3b:
                    15:a9:a3:ba:d4:d5:a8:4c:b1:58:48:66:c8:dd:aa:
                    4c:7d:98:25:aa:7f:11:64:ee:e0:dd:9d:c1:fd:0e:
                    de:8c:c1:57:c3:9f:18:68:b2:28:f8:c1:4d:a6:e8:
                    7e:f5:ce:68:8e:51:dd:7a:96:b1:b4:0b:f4:48:03:
                    36:20:9f:b6:1b:d8:96:c4:5f:ba:62:e7:c8:7b:cf:
                    0c:cf:fc:89:84:48:eb:36:68:00:d0:2e:12:59:0c:
                    8e:4f:c7:b0:9f:b0:33:05:8a:77:1b:a4:d0:0a:79:
                    27:ba:f6:be:a1:0e:81:bc:21:2a:e0:c2:52:15:85:
                    7f:e7:82:91:b7:0d:0a:97:52:be:98:01:b7:32:a4:
                    7c:8d:f6:c8:20:57:54:c1:89:68:57:c4:9e:73:01:
                    fd:f5:de:d0:95:99:73:89:17:28:5b:65:11:5b:ad:
                    da:3b:8e:00:0f:ae:14:7c:94:88:0d:78:45:ac:60:
                    fb:2a:0a:ad:0b:83:9c:56:8e:5d:9f:9e:9c:af:11:
                    d9:a0:28:3a:5c:5c:64:a3:24:84:3a:20:48:3f:cd:
                    ba:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:5A:87:06:92:94:A2:4D:D1:0D:52:C3:CD:25:0B:34:6A:DB:67:58
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS153564.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:d4:3b:a4:ff:ab:d6:8b:83:9d:10:2a:56:61:25:25:a1:b2:
         51:4e:64:61:cc:71:bc:72:4a:27:f6:ae:ac:9a:b2:19:39:a1:
         e7:b0:48:7b:d9:2c:f7:d9:95:05:1d:9b:22:22:0c:67:72:6d:
         c3:f1:3d:13:d3:be:c2:7d:91:40:90:e3:55:06:72:48:d6:68:
         b4:39:15:d5:78:cd:dd:7a:0e:49:57:1d:76:5d:19:e5:a0:2e:
         32:c6:56:cb:7a:5a:f6:18:df:25:a2:82:69:88:08:d8:0b:51:
         35:16:7a:c1:f8:56:ae:5c:76:2e:55:29:a5:43:fc:c4:17:93:
         74:12:59:7b:78:fd:5b:2d:b3:33:ea:a6:ef:a8:a8:c4:08:61:
         27:5b:6f:f7:a6:57:8e:5c:1e:3a:72:da:06:ab:68:a5:37:2a:
         ad:eb:de:d7:93:3b:23:cc:a5:f0:33:8a:eb:83:77:77:a4:d7:
         eb:33:37:54:d1:ac:f9:ea:b3:fc:b2:00:a5:fc:70:f7:a9:ec:
         96:a7:69:d6:d6:24:a5:ee:26:1e:40:9a:a5:db:12:8a:45:92:
         ab:ff:5e:a1:e0:39:51:43:49:91:b8:88:6a:6a:4f:3e:05:c1:
         c4:71:e6:9e:c0:a5:1f:67:87:f7:64:b0:41:99:f2:ba:e2:b5:
         de:c7:82:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDFtu+qziuQbLm4kC7HwulN14I5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDkxNjIwMThaFw0yNjA4MDgxNjI1MThaMDMxMTAvBgNV
BAMTKDVBNUE4NzA2OTI5NEEyNEREMTBENTJDM0NEMjUwQjM0NkFEQjY3NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2WEm08wnQ7rEeSeMddGQVlNLe
X7reFzZO6v/Nwt9yIUR6cvDt5pSfGc8SOxWpo7rU1ahMsVhIZsjdqkx9mCWqfxFk
7uDdncH9Dt6MwVfDnxhosij4wU2m6H71zmiOUd16lrG0C/RIAzYgn7Yb2JbEX7pi
58h7zwzP/ImESOs2aADQLhJZDI5Px7CfsDMFincbpNAKeSe69r6hDoG8ISrgwlIV
hX/ngpG3DQqXUr6YAbcypHyN9sggV1TBiWhXxJ5zAf313tCVmXOJFyhbZRFbrdo7
jgAPrhR8lIgNeEWsYPsqCq0Lg5xWjl2fnpyvEdmgKDpcXGSjJIQ6IEg/zbopAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWlqHBpKUok3RDVLDzSULNGrbZ1gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUzNTY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoo0A
MA0GCSqGSIb3DQEBCwUAA4IBAQC71Duk/6vWi4OdECpWYSUlobJRTmRhzHG8ckon
9q6smrIZOaHnsEh72Sz32ZUFHZsiIgxncm3D8T0T077CfZFAkONVBnJI1mi0ORXV
eM3deg5JVx12XRnloC4yxlbLelr2GN8looJpiAjYC1E1FnrB+FauXHYuVSmlQ/zE
F5N0Ell7eP1bLbMz6qbvqKjECGEnW2/3pleOXB46ctoGq2ilNyqt697XkzsjzKXw
M4rrg3d3pNfrMzdU0az56rP8sgCl/HD3qeyWp2nW1iSl7iYeQJql2xKKRZKr/16h
4DlRQ0mRuIhqak8+BcHEceaewKUfZ4f3ZLBBmfK64rXex4Lp
-----END CERTIFICATE-----