Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa
File:                     AS142146.roa (raw, json)
Hash identifier:          K7DTFL2Dqn3LqRTnOH1acHMTCXXuiVH3IBTSuoWyuho=
Subject key identifier:   6F:7F:92:CF:29:0A:A7:AB:63:31:F9:FF:FC:C3:D0:81:32:2B:40:6D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       09CC8A185903E0F6513A1C156906F8DAD1D41492
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa
Signing time:             Fri 24 Apr 2026 09:54:37 +0000
ROA not before:           Fri 24 Apr 2026 09:49:37 +0000
ROA not after:            Fri 23 Apr 2027 09:54:37 +0000
asID:                     142146
IP address blocks:        178.83.39.0/24 maxlen: 24
                          178.83.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:cc:8a:18:59:03:e0:f6:51:3a:1c:15:69:06:f8:da:d1:d4:14:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 24 09:49:37 2026 GMT
            Not After : Apr 23 09:54:37 2027 GMT
        Subject: CN=6F7F92CF290AA7AB6331F9FFFCC3D081322B406D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:62:08:6b:b4:41:31:fc:f3:cb:eb:c9:48:0e:
                    aa:50:08:b7:4e:8e:a1:bb:f2:f7:3b:cc:d3:63:48:
                    bb:61:bd:9d:8d:dc:72:6d:5d:9b:c1:40:1f:0e:92:
                    e7:24:2c:3f:88:af:17:5e:e7:df:63:b8:29:6c:cf:
                    18:c2:90:41:f2:b5:34:d0:47:8d:0c:02:2d:06:a1:
                    b1:28:7c:45:f3:e1:11:d3:71:9b:52:7b:4f:06:c5:
                    43:f6:a7:b6:72:13:b5:6b:26:83:5b:c1:83:86:ca:
                    2b:5f:5c:a7:a8:66:53:a1:5f:fe:54:42:03:6b:c6:
                    7e:3c:ea:99:4b:63:fb:2a:a5:ff:e4:fd:86:05:dd:
                    e3:22:0e:57:56:b6:72:3c:a4:da:13:a9:a7:f9:52:
                    f1:9f:25:10:8c:4b:4b:37:92:5c:93:43:61:b8:17:
                    6f:74:84:8a:ab:36:aa:fa:ba:a7:b2:96:1d:de:99:
                    d1:13:04:6c:9c:8b:fd:47:25:ac:cf:ee:91:39:2c:
                    14:58:70:e0:de:e3:4d:1b:18:8a:13:d3:90:5a:e2:
                    ba:4d:4f:e9:39:d5:9e:32:f9:a4:fa:31:43:04:10:
                    db:b8:80:d7:4a:54:2f:68:b1:24:91:ad:7d:c8:af:
                    86:8c:1f:3d:06:d5:0b:15:b6:db:14:86:52:f2:fe:
                    42:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:7F:92:CF:29:0A:A7:AB:63:31:F9:FF:FC:C3:D0:81:32:2B:40:6D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.39.0/24
                  178.83.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:1e:98:2b:2d:3f:c2:e8:69:f2:9c:3b:93:83:08:77:a7:06:
         9d:3c:05:c2:41:e7:0a:6d:4b:83:95:e9:cf:be:4e:97:6a:09:
         2b:55:5c:73:21:bf:16:c2:67:18:f4:5b:f4:d3:b2:10:1d:12:
         59:f8:b1:e7:57:eb:34:3e:93:b6:1b:67:ea:04:31:01:16:5e:
         6d:a4:01:b5:55:83:47:66:41:7f:68:72:c8:8a:cb:31:57:93:
         10:29:09:70:c2:db:8d:3e:cf:b2:70:19:93:53:d2:16:68:35:
         6a:0a:e3:b8:12:75:1d:3e:d8:09:57:9b:24:77:2c:b9:53:ab:
         6d:e7:67:9b:e0:93:6c:0d:da:91:1e:90:cc:0a:56:1f:45:ba:
         1b:ed:7b:ee:03:e1:a6:e8:9a:39:1b:96:51:85:dc:cc:45:69:
         b8:27:b9:f6:5f:c3:59:24:74:df:77:9f:14:f3:15:bd:03:fa:
         2b:a6:e0:0d:95:bb:e8:6f:a1:f2:7a:3d:e7:95:e0:bd:b8:b5:
         06:5c:66:83:8e:ac:c9:f9:fe:a6:65:e9:b6:1b:fe:4b:d5:41:
         ab:8c:c2:5e:70:90:b4:27:fe:1d:da:a1:ae:1b:2e:ac:71:5f:
         c9:56:ad:76:68:0d:1b:f2:f7:6e:c4:82:aa:42:a6:f9:b3:2b:
         36:41:90:d8
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUCcyKGFkD4PZROhwVaQb42tHUFJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjQwOTQ5MzdaFw0yNzA0MjMwOTU0MzdaMDMxMTAvBgNV
BAMTKDZGN0Y5MkNGMjkwQUE3QUI2MzMxRjlGRkZDQzNEMDgxMzIyQjQwNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbYghrtEEx/PPL68lIDqpQCLdO
jqG78vc7zNNjSLthvZ2N3HJtXZvBQB8OkuckLD+Irxde599juClszxjCkEHytTTQ
R40MAi0GobEofEXz4RHTcZtSe08GxUP2p7ZyE7VrJoNbwYOGyitfXKeoZlOhX/5U
QgNrxn486plLY/sqpf/k/YYF3eMiDldWtnI8pNoTqaf5UvGfJRCMS0s3klyTQ2G4
F290hIqrNqr6uqeylh3emdETBGyci/1HJazP7pE5LBRYcODe400bGIoT05Ba4rpN
T+k51Z4y+aT6MUMEENu4gNdKVC9osSSRrX3Ir4aMHz0G1QsVttsUhlLy/kLLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUb3+SzykKp6tjMfn//MPQgTIrQG0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMTQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAslMn
AwQAslOsMA0GCSqGSIb3DQEBCwUAA4IBAQAMHpgrLT/C6GnynDuTgwh3pwadPAXC
QecKbUuDlenPvk6XagkrVVxzIb8WwmcY9Fv007IQHRJZ+LHnV+s0PpO2G2fqBDEB
Fl5tpAG1VYNHZkF/aHLIissxV5MQKQlwwtuNPs+ycBmTU9IWaDVqCuO4EnUdPtgJ
V5skdyy5U6tt52eb4JNsDdqRHpDMClYfRbob7XvuA+Gm6Jo5G5ZRhdzMRWm4J7n2
X8NZJHTfd58U8xW9A/orpuANlbvob6Hyej3nleC9uLUGXGaDjqzJ+f6mZem2G/5L
1UGrjMJecJC0J/4d2qGuGy6scV/JVq12aA0b8vduxIKqQqb5sys2QZDY
-----END CERTIFICATE-----