Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15830.roa
File:                     AS15830.roa (raw, json)
Hash identifier:          3kuIluAu1OwT4XEuzk3DQLtlwLh/i2HA0fd8aIxPK0c=
Subject key identifier:   E4:55:65:C7:47:FB:8A:D0:94:6C:F5:FD:09:85:8F:74:0A:90:2A:B2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4E198F5AF8BA499BF26E2B6DD78E7CBF1E40E47F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15830.roa
Signing time:             Thu 19 Mar 2026 15:19:41 +0000
ROA not before:           Thu 19 Mar 2026 15:14:41 +0000
ROA not after:            Thu 18 Mar 2027 15:19:41 +0000
asID:                     15830
IP address blocks:        150.241.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:19:8f:5a:f8:ba:49:9b:f2:6e:2b:6d:d7:8e:7c:bf:1e:40:e4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 19 15:14:41 2026 GMT
            Not After : Mar 18 15:19:41 2027 GMT
        Subject: CN=E45565C747FB8AD0946CF5FD09858F740A902AB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:75:5e:6a:56:e2:9e:4e:1c:c7:9a:b4:61:67:
                    f2:9e:73:13:60:ae:ba:3a:5f:83:07:3a:06:4c:02:
                    4a:e9:6c:b1:a2:66:f1:53:2c:43:d8:50:59:dc:3c:
                    f8:87:7b:69:a5:89:34:c0:56:95:cd:a2:de:92:2a:
                    6a:63:30:2f:e2:44:34:1e:0b:08:d2:37:c0:42:7f:
                    6f:50:7c:bf:e2:15:bb:f0:41:25:57:52:0f:7f:63:
                    8c:21:0c:e3:d9:20:ce:70:73:61:c2:25:70:d2:ca:
                    61:21:6e:1d:bd:f2:a0:84:92:80:14:d0:55:2d:eb:
                    38:90:5a:40:76:2f:40:d9:ef:c6:91:4b:22:78:ed:
                    11:cd:ec:60:36:cb:95:90:21:23:27:d1:ac:a5:c1:
                    77:62:e9:43:72:60:88:26:57:ec:5b:c9:23:fb:c2:
                    cd:dd:bf:02:35:bb:cf:5a:67:af:d4:3d:2b:5a:16:
                    73:aa:93:96:36:ea:2b:55:ef:d2:3f:ea:e3:62:22:
                    29:db:21:da:82:5e:20:0a:0f:9b:2f:6e:0b:99:77:
                    af:0a:50:35:30:5b:69:60:44:67:9f:52:c3:e9:fa:
                    f4:92:7f:31:a4:84:58:77:df:76:50:fc:0f:84:b2:
                    77:93:3b:55:80:3e:08:c5:0b:02:b8:f9:ec:6e:69:
                    98:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:55:65:C7:47:FB:8A:D0:94:6C:F5:FD:09:85:8F:74:0A:90:2A:B2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:60:15:c7:06:d0:1a:0e:17:2e:97:f8:9b:3f:3b:1e:8f:a6:
         cc:4f:c8:18:f9:08:6d:ed:49:01:d6:89:26:5f:8c:d7:ee:25:
         d6:52:ee:db:b0:e6:d4:d4:29:c2:34:7d:4e:9a:e7:58:80:1f:
         13:80:0f:3a:1f:cd:0d:5e:b1:c0:00:ab:81:54:0b:fe:29:c4:
         7d:01:d2:c9:7c:b3:de:58:30:80:15:ae:a0:e8:03:57:96:98:
         ff:de:6c:a3:79:b1:0b:83:a6:78:69:07:44:5a:0c:32:c4:02:
         bc:d9:ce:bd:bb:e0:3c:59:b6:91:70:1d:1b:df:6a:b1:eb:5e:
         54:be:ee:5f:7c:37:4d:d8:72:43:cf:5b:46:75:95:de:e5:76:
         c9:34:69:a4:62:17:ca:d3:ff:dc:ef:06:ef:4e:c9:a5:07:2b:
         ad:93:65:c3:f1:f4:b0:52:93:1b:11:93:a9:1f:b1:dc:ab:1b:
         38:d1:55:c4:de:9f:50:12:c7:22:c7:9d:f0:16:3d:a9:76:24:
         8e:86:61:e5:51:a3:b1:3d:13:2a:66:f1:64:75:da:e9:70:35:
         d3:aa:5b:0d:70:3c:fa:e6:44:a2:1e:97:d7:c1:05:08:1f:f2:
         3c:96:71:db:48:f3:5d:f0:36:dc:23:6b:5f:18:11:76:a1:2a:
         31:87:15:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUThmPWvi6SZvybitt1458vx5A5H8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTkxNTE0NDFaFw0yNzAzMTgxNTE5NDFaMDMxMTAvBgNV
BAMTKEU0NTU2NUM3NDdGQjhBRDA5NDZDRjVGRDA5ODU4Rjc0MEE5MDJBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/dV5qVuKeThzHmrRhZ/KecxNg
rro6X4MHOgZMAkrpbLGiZvFTLEPYUFncPPiHe2mliTTAVpXNot6SKmpjMC/iRDQe
CwjSN8BCf29QfL/iFbvwQSVXUg9/Y4whDOPZIM5wc2HCJXDSymEhbh298qCEkoAU
0FUt6ziQWkB2L0DZ78aRSyJ47RHN7GA2y5WQISMn0aylwXdi6UNyYIgmV+xbySP7
ws3dvwI1u89aZ6/UPStaFnOqk5Y26itV79I/6uNiIinbIdqCXiAKD5svbguZd68K
UDUwW2lgRGefUsPp+vSSfzGkhFh333ZQ/A+EsneTO1WAPgjFCwK4+exuaZgRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5FVlx0f7itCUbPX9CYWPdAqQKrIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU4MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACW8Y4w
DQYJKoZIhvcNAQELBQADggEBALVgFccG0BoOFy6X+Js/Ox6PpsxPyBj5CG3tSQHW
iSZfjNfuJdZS7tuw5tTUKcI0fU6a51iAHxOADzofzQ1escAAq4FUC/4pxH0B0sl8
s95YMIAVrqDoA1eWmP/ebKN5sQuDpnhpB0RaDDLEArzZzr274DxZtpFwHRvfarHr
XlS+7l98N03YckPPW0Z1ld7ldsk0aaRiF8rT/9zvBu9OyaUHK62TZcPx9LBSkxsR
k6kfsdyrGzjRVcTen1ASxyLHnfAWPal2JI6GYeVRo7E9Eypm8WR12ulwNdOqWw1w
PPrmRKIel9fBBQgf8jyWcdtI813wNtwja18YEXahKjGHFSE=
-----END CERTIFICATE-----