Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133150.roa
File:                     AS133150.roa (raw, json)
Hash identifier:          vFMwG4+YVFTR0cjXwOVly37lvAaR8D/hqtfPfX+d/3g=
Subject key identifier:   E0:DD:69:34:7C:BC:23:CC:D9:BE:1B:86:00:63:60:B1:37:8D:2B:F8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1142B2CEE1557D53B0323F8BAF2D043BA335E7DE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133150.roa
Signing time:             Sun 26 Apr 2026 16:53:38 +0000
ROA not before:           Sun 26 Apr 2026 16:48:38 +0000
ROA not after:            Sun 25 Apr 2027 16:53:38 +0000
asID:                     133150
IP address blocks:        178.83.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:42:b2:ce:e1:55:7d:53:b0:32:3f:8b:af:2d:04:3b:a3:35:e7:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 26 16:48:38 2026 GMT
            Not After : Apr 25 16:53:38 2027 GMT
        Subject: CN=E0DD69347CBC23CCD9BE1B86006360B1378D2BF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d2:65:ae:cb:ee:e3:7d:ed:d2:48:02:40:82:
                    66:d6:ac:d8:2e:81:ad:6a:96:e7:d9:c6:7e:e6:c0:
                    6f:fa:30:36:41:dd:bf:d6:ab:7f:0f:65:c4:ce:fc:
                    43:95:d4:ad:92:a7:be:78:26:9a:3b:0d:09:9f:a7:
                    6e:8c:12:26:c3:fa:7d:83:d5:e3:ea:7a:2f:dd:0b:
                    5d:e9:1d:1e:29:0b:27:94:5b:42:ff:78:7f:86:36:
                    b1:64:ef:b8:71:ad:97:4b:6b:08:1e:8a:15:e0:dc:
                    6e:90:1f:52:a8:29:66:5b:7a:61:b8:c1:4e:f3:4a:
                    23:a5:f5:8a:c8:4f:b6:0a:87:d0:66:31:31:7d:10:
                    36:02:6e:e2:55:61:8f:5e:39:8c:5b:ba:76:3f:f2:
                    19:a5:26:f7:73:d9:4d:c3:e2:4a:f7:a6:4d:02:73:
                    88:bb:41:f2:64:b2:50:a6:f9:c1:3d:19:43:9d:71:
                    f9:a8:6d:d6:31:6a:70:75:36:1a:cf:06:80:04:84:
                    95:16:6c:47:b9:56:5b:d0:a0:24:c5:c3:c7:d5:e6:
                    88:1c:43:2d:fc:ce:b9:26:f0:b3:3f:28:a8:81:7f:
                    ae:31:98:25:46:88:b1:5c:6c:20:14:d4:08:69:80:
                    bc:07:28:48:f0:37:eb:70:fb:ee:6c:cc:de:e2:85:
                    33:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DD:69:34:7C:BC:23:CC:D9:BE:1B:86:00:63:60:B1:37:8D:2B:F8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:5f:2a:d7:74:09:3e:b5:f1:f3:1b:d6:be:84:7c:1b:46:c9:
         4a:45:38:9b:bd:fb:90:db:4f:cd:0e:47:b5:fe:ff:5d:1f:56:
         c0:1f:46:ce:50:58:a3:7c:61:d0:de:75:41:da:be:8f:33:99:
         d2:b6:f3:3e:83:c0:f9:71:b7:be:9d:e9:95:2f:85:b8:b8:aa:
         3a:e9:c2:be:04:e2:1d:d8:bb:04:86:1c:7f:0a:dc:39:14:c1:
         12:89:40:48:85:9c:80:3e:11:84:4b:6b:a0:de:51:e2:1a:1e:
         25:b6:54:0e:87:c6:cf:09:2b:f6:ff:24:6d:a4:ba:fa:e1:9a:
         1c:00:6d:5b:20:06:8c:b3:03:3b:c1:52:a9:52:f4:38:d9:d0:
         40:7f:bb:c6:94:98:0c:2c:7b:9b:bf:4f:df:55:2e:5b:31:e7:
         21:bb:58:7f:15:b6:1d:55:e9:f9:76:bb:f6:52:d7:ee:34:b5:
         27:e0:8e:c2:23:8e:c3:da:ea:d1:4c:e4:0d:9c:f9:c2:f3:2f:
         3b:68:fc:24:a7:35:95:0b:3f:69:15:b7:e4:22:3e:17:b0:7b:
         e2:1b:a0:44:b2:08:42:64:ae:40:5f:01:55:69:4a:3f:12:c8:
         49:7f:b3:f0:65:33:ff:fe:0c:e6:8f:71:85:5f:ed:b5:b8:e6:
         e1:7c:36:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEUKyzuFVfVOwMj+Lry0EO6M1594wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjYxNjQ4MzhaFw0yNzA0MjUxNjUzMzhaMDMxMTAvBgNV
BAMTKEUwREQ2OTM0N0NCQzIzQ0NEOUJFMUI4NjAwNjM2MEIxMzc4RDJCRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf0mWuy+7jfe3SSAJAgmbWrNgu
ga1qlufZxn7mwG/6MDZB3b/Wq38PZcTO/EOV1K2Sp754Jpo7DQmfp26MEibD+n2D
1ePqei/dC13pHR4pCyeUW0L/eH+GNrFk77hxrZdLawgeihXg3G6QH1KoKWZbemG4
wU7zSiOl9YrIT7YKh9BmMTF9EDYCbuJVYY9eOYxbunY/8hmlJvdz2U3D4kr3pk0C
c4i7QfJkslCm+cE9GUOdcfmobdYxanB1NhrPBoAEhJUWbEe5VlvQoCTFw8fV5ogc
Qy38zrkm8LM/KKiBf64xmCVGiLFcbCAU1AhpgLwHKEjwN+tw++5szN7ihTNxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4N1pNHy8I8zZvhuGAGNgsTeNK/gwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMzMTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBslOW
MA0GCSqGSIb3DQEBCwUAA4IBAQB2XyrXdAk+tfHzG9a+hHwbRslKRTibvfuQ20/N
Dke1/v9dH1bAH0bOUFijfGHQ3nVB2r6PM5nStvM+g8D5cbe+nemVL4W4uKo66cK+
BOId2LsEhhx/Ctw5FMESiUBIhZyAPhGES2ug3lHiGh4ltlQOh8bPCSv2/yRtpLr6
4ZocAG1bIAaMswM7wVKpUvQ42dBAf7vGlJgMLHubv0/fVS5bMechu1h/FbYdVen5
drv2UtfuNLUn4I7CI47D2urRTOQNnPnC8y87aPwkpzWVCz9pFbfkIj4XsHviG6BE
sghCZK5AXwFVaUo/EshJf7PwZTP//gzmj3GFX+21uObhfDb2
-----END CERTIFICATE-----