Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
File:                     AS150293.roa (raw, json)
Hash identifier:          SsRTy5NO+/rIAoKfR9xi0YrGUp39MBE8QgmbjOIoQ58=
Subject key identifier:   25:FA:B3:58:BC:98:16:7E:26:D3:3B:57:2A:39:12:D8:BC:22:9B:9C
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       33DCAB54B61CB1008A197C3BDE4BCA6F6B9DCDE7
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
Signing time:             Fri 27 Mar 2026 09:14:02 +0000
ROA not before:           Fri 27 Mar 2026 09:09:02 +0000
ROA not after:            Fri 26 Mar 2027 09:14:02 +0000
asID:                     150293
IP address blocks:        46.236.210.0/24 maxlen: 24
                          46.236.213.0/24 maxlen: 24
                          212.60.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 01:30:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:dc:ab:54:b6:1c:b1:00:8a:19:7c:3b:de:4b:ca:6f:6b:9d:cd:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Mar 27 09:09:02 2026 GMT
            Not After : Mar 26 09:14:02 2027 GMT
        Subject: CN=25FAB358BC98167E26D33B572A3912D8BC229B9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2e:76:ae:ea:ff:02:54:35:dd:57:da:3d:75:
                    96:03:f0:8e:d6:fd:ea:eb:e2:de:79:48:b3:6f:5b:
                    b4:49:29:35:a9:7d:64:a6:f4:f3:24:36:2f:11:35:
                    86:b6:84:39:0a:1f:14:2a:ce:94:8d:e8:30:77:77:
                    54:58:76:c1:c9:63:85:f1:9d:4d:69:eb:7f:cb:41:
                    39:73:09:1d:98:2c:72:47:b1:d7:58:73:96:2b:4a:
                    02:91:2d:6d:bb:ec:fc:77:c4:5b:b0:4d:47:19:2e:
                    66:0b:3b:1a:b6:65:7e:60:24:43:9c:35:1f:cc:09:
                    11:0c:ff:55:d2:68:a5:97:5a:b3:ae:38:05:7c:b8:
                    db:6d:ec:9b:35:a6:7d:11:30:11:d5:8d:ed:55:a8:
                    35:54:2a:37:e5:82:45:1c:87:bb:93:c9:1b:00:4d:
                    87:f0:42:01:a1:dd:fb:99:15:47:47:e1:e8:a6:84:
                    fb:ad:c7:57:8b:d6:2e:60:1c:5c:9b:aa:f6:37:a6:
                    6f:39:68:e4:b7:6a:ba:c7:cc:63:d5:7c:54:b9:3e:
                    1b:e2:bb:f0:cf:65:25:52:a5:1b:d5:e5:6d:13:90:
                    a0:b5:a6:b4:aa:aa:39:1b:b8:6d:6a:0d:b8:a8:97:
                    39:ad:33:74:ce:54:1a:a3:57:98:e0:4b:5f:32:51:
                    2d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FA:B3:58:BC:98:16:7E:26:D3:3B:57:2A:39:12:D8:BC:22:9B:9C
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.210.0/24
                  46.236.213.0/24
                  212.60.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:fc:2f:1a:27:88:96:a5:61:d3:f1:b1:a7:5d:f6:93:d2:76:
         4b:28:82:e0:50:17:8b:42:62:47:76:27:25:b4:c6:b2:0e:e6:
         b0:3a:8a:90:fe:e6:77:6b:44:3d:82:d9:33:ac:42:40:3a:6a:
         61:ac:bd:0c:a9:d3:4f:ee:60:d9:ab:78:a7:52:a3:e0:aa:97:
         50:c7:de:c5:0a:05:70:9f:8d:c9:4c:67:66:02:1a:88:e7:dd:
         5d:88:0c:45:6f:ed:50:8e:d4:59:ad:fe:ec:a5:20:6f:b2:d1:
         c7:cd:b8:57:5c:32:ea:8d:c2:52:c1:99:c7:2a:22:a1:50:19:
         a3:71:ca:0f:5e:81:d0:b9:71:44:2a:17:c4:21:d9:74:5b:20:
         11:a8:e1:d1:ee:a7:58:e8:01:fd:90:70:d4:44:ee:e7:a4:85:
         fc:b8:99:ce:d1:f9:e1:08:ca:8d:28:15:a3:03:08:2e:2f:1e:
         d2:18:96:66:78:b1:f7:07:1b:a1:c4:78:f0:fa:da:f6:59:ae:
         b0:10:1f:3e:9a:97:3c:40:04:02:8a:71:02:ac:e0:0f:f9:9c:
         b4:b9:e8:4f:72:c8:06:95:7a:35:15:0f:dc:ae:b0:f6:63:fb:
         e5:40:83:6a:9e:af:b3:63:5a:22:bb:ec:77:7e:3c:aa:e2:b5:
         d2:56:2b:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUM9yrVLYcsQCKGXw73kvKb2udzecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAzMjcwOTA5MDJaFw0yNzAzMjYwOTE0MDJaMDMxMTAvBgNV
BAMTKDI1RkFCMzU4QkM5ODE2N0UyNkQzM0I1NzJBMzkxMkQ4QkMyMjlCOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsLnau6v8CVDXdV9o9dZYD8I7W
/err4t55SLNvW7RJKTWpfWSm9PMkNi8RNYa2hDkKHxQqzpSN6DB3d1RYdsHJY4Xx
nU1p63/LQTlzCR2YLHJHsddYc5YrSgKRLW277Px3xFuwTUcZLmYLOxq2ZX5gJEOc
NR/MCREM/1XSaKWXWrOuOAV8uNtt7Js1pn0RMBHVje1VqDVUKjflgkUch7uTyRsA
TYfwQgGh3fuZFUdH4eimhPutx1eL1i5gHFybqvY3pm85aOS3arrHzGPVfFS5Phvi
u/DPZSVSpRvV5W0TkKC1prSqqjkbuG1qDbiolzmtM3TOVBqjV5jgS18yUS3XAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUJfqzWLyYFn4m0ztXKjkS2Lwim5wwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTUwMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALuzS
AwQALuzVAwQA1DyRMA0GCSqGSIb3DQEBCwUAA4IBAQAX/C8aJ4iWpWHT8bGnXfaT
0nZLKILgUBeLQmJHdicltMayDuawOoqQ/uZ3a0Q9gtkzrEJAOmphrL0MqdNP7mDZ
q3inUqPgqpdQx97FCgVwn43JTGdmAhqI591diAxFb+1QjtRZrf7spSBvstHHzbhX
XDLqjcJSwZnHKiKhUBmjccoPXoHQuXFEKhfEIdl0WyARqOHR7qdY6AH9kHDURO7n
pIX8uJnO0fnhCMqNKBWjAwguLx7SGJZmeLH3BxuhxHjw+tr2Wa6wEB8+mpc8QAQC
inECrOAP+Zy0uehPcsgGlXo1FQ/crrD2Y/vlQINqnq+zY1oiu+x3fjyq4rXSVisb
-----END CERTIFICATE-----