Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
File:                     AS150293.roa (raw, json)
Hash identifier:          RbUVZQQsl045XbDOK8gskizWIDXdi9SuNl2zj+UtvmQ=
Subject key identifier:   10:1D:06:1C:5A:B7:96:4F:3B:E0:8E:DC:C8:58:19:5D:52:30:F4:38
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       3E3A768DD096F36218C886DA261BDC4EB7F04BB0
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa
Signing time:             Thu 07 May 2026 09:09:59 +0000
ROA not before:           Thu 07 May 2026 09:04:59 +0000
ROA not after:            Thu 06 May 2027 09:09:59 +0000
asID:                     150293
IP address blocks:        212.60.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:3a:76:8d:d0:96:f3:62:18:c8:86:da:26:1b:dc:4e:b7:f0:4b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May  7 09:04:59 2026 GMT
            Not After : May  6 09:09:59 2027 GMT
        Subject: CN=101D061C5AB7964F3BE08EDCC858195D5230F438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:86:69:a2:ca:f7:b6:19:94:36:ee:6b:76:7a:
                    ff:c1:97:d3:e0:4a:84:77:a9:13:05:33:a2:c9:24:
                    76:83:13:a7:9f:f6:9c:9a:7e:73:d9:94:d0:d5:dc:
                    eb:17:4c:2b:d4:af:02:87:40:bc:41:88:dd:e5:e9:
                    6f:f4:7d:54:c3:79:17:f9:f1:c1:02:5d:36:64:1f:
                    77:d5:e0:da:01:4b:85:05:72:d9:03:92:89:38:a7:
                    e4:3c:95:6c:19:a5:01:b4:ad:94:59:e9:48:6b:4d:
                    18:2e:45:e9:86:92:3b:ee:9b:4a:72:a4:8f:49:d2:
                    ff:88:b3:98:7e:3e:07:78:af:40:00:fb:34:fe:81:
                    ca:c3:91:5b:75:f8:03:7b:b1:d1:6a:d2:0f:4e:3c:
                    90:fc:79:d3:c8:ee:67:e9:7f:90:cd:ce:b3:e5:0c:
                    8e:86:f4:cc:b8:2b:7d:13:5b:d7:b0:da:4e:09:1a:
                    5d:aa:e0:72:63:2f:bc:38:cd:3c:ea:bc:9d:16:8b:
                    63:bd:e8:b5:ca:15:c2:a3:a4:8b:68:3c:4c:68:ac:
                    84:e6:e0:64:67:43:67:47:f7:ec:b1:ae:6e:44:50:
                    75:85:39:f5:06:11:73:4c:16:e8:5a:c4:47:51:81:
                    bc:20:dc:e6:20:98:6c:28:b1:22:b2:1b:e7:04:2c:
                    4d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1D:06:1C:5A:B7:96:4F:3B:E0:8E:DC:C8:58:19:5D:52:30:F4:38
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS150293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:02:23:b8:03:e8:1d:19:ad:df:bd:70:97:0a:50:37:92:
         f5:77:81:75:9a:67:2d:a0:60:be:48:49:0f:06:92:26:2a:ba:
         55:f7:04:99:7c:2e:3f:5d:c6:04:04:72:37:f4:e8:dd:9e:7d:
         21:72:24:a5:fc:47:28:cd:ae:7a:1f:b2:0d:d3:5b:13:db:70:
         03:61:b4:0d:3e:2a:bb:74:55:67:3d:99:34:eb:ba:74:36:b1:
         07:e1:7d:41:88:13:06:bd:94:50:b4:85:ab:29:0a:30:9f:a2:
         3d:b5:0c:f7:48:a2:42:5c:51:a7:7c:61:10:23:39:1f:7e:03:
         34:d1:16:d4:d3:d1:cb:6e:f2:f4:7c:0b:72:0f:a7:61:0f:7c:
         30:c1:21:bf:e5:96:d0:a6:09:aa:25:aa:09:ae:b2:07:28:77:
         dd:0e:22:1f:f9:ca:98:26:53:55:40:65:89:29:3b:2e:ec:10:
         37:32:02:76:2e:c2:9a:e2:b5:ce:72:e5:02:b3:dd:7f:15:21:
         e0:15:4d:8e:bc:bd:84:2a:01:62:1c:06:2f:dc:7f:50:b0:4d:
         8e:79:f0:06:1f:f4:30:fb:01:ca:cb:e1:b6:13:ca:a4:db:e9:
         fc:27:b1:71:1f:bf:27:d0:cf:17:70:d6:34:8e:dd:12:96:c9:
         26:37:c1:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPjp2jdCW82IYyIbaJhvcTrfwS7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MDcwOTA0NTlaFw0yNzA1MDYwOTA5NTlaMDMxMTAvBgNV
BAMTKDEwMUQwNjFDNUFCNzk2NEYzQkUwOEVEQ0M4NTgxOTVENTIzMEY0MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIhmmiyve2GZQ27mt2ev/Bl9Pg
SoR3qRMFM6LJJHaDE6ef9pyafnPZlNDV3OsXTCvUrwKHQLxBiN3l6W/0fVTDeRf5
8cECXTZkH3fV4NoBS4UFctkDkok4p+Q8lWwZpQG0rZRZ6UhrTRguRemGkjvum0py
pI9J0v+Is5h+Pgd4r0AA+zT+gcrDkVt1+AN7sdFq0g9OPJD8edPI7mfpf5DNzrPl
DI6G9My4K30TW9ew2k4JGl2q4HJjL7w4zTzqvJ0Wi2O96LXKFcKjpItoPExorITm
4GRnQ2dH9+yxrm5EUHWFOfUGEXNMFuhaxEdRgbwg3OYgmGwosSKyG+cELE3LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEB0GHFq3lk874I7cyFgZXVIw9DgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTUwMjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DyR
MA0GCSqGSIb3DQEBCwUAA4IBAQAaxwIjuAPoHRmt371wlwpQN5L1d4F1mmctoGC+
SEkPBpImKrpV9wSZfC4/XcYEBHI39Ojdnn0hciSl/Ecoza56H7IN01sT23ADYbQN
Piq7dFVnPZk067p0NrEH4X1BiBMGvZRQtIWrKQown6I9tQz3SKJCXFGnfGEQIzkf
fgM00RbU09HLbvL0fAtyD6dhD3wwwSG/5ZbQpgmqJaoJrrIHKHfdDiIf+cqYJlNV
QGWJKTsu7BA3MgJ2LsKa4rXOcuUCs91/FSHgFU2OvL2EKgFiHAYv3H9QsE2OefAG
H/Qw+wHKy+G2E8qk2+n8J7FxH78n0M8XcNY0jt0SlskmN8Go
-----END CERTIFICATE-----