Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa
File:                     AS142146.roa (raw, json)
Hash identifier:          2Tp64IF2gS/4/GkUtF3o+0t3fJs+oRj5XrG4LEuBjgI=
Subject key identifier:   63:01:D5:0B:FB:11:FE:C8:48:29:DC:A4:D3:2A:E5:2A:0E:8A:AD:D3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       06F56CE1C5C38B68102974037D26F30CAA74F868
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa
Signing time:             Tue 24 Mar 2026 13:24:06 +0000
ROA not before:           Tue 24 Mar 2026 13:19:06 +0000
ROA not after:            Tue 23 Mar 2027 13:24:06 +0000
asID:                     142146
IP address blocks:        84.75.146.0/24 maxlen: 24
                          178.83.166.0/24 maxlen: 24
                          178.83.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f5:6c:e1:c5:c3:8b:68:10:29:74:03:7d:26:f3:0c:aa:74:f8:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 24 13:19:06 2026 GMT
            Not After : Mar 23 13:24:06 2027 GMT
        Subject: CN=6301D50BFB11FEC84829DCA4D32AE52A0E8AADD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ad:68:80:c5:65:01:51:7e:ee:da:0f:2a:0c:
                    1f:ab:4c:b2:1a:7a:d8:37:e7:2f:ad:83:01:24:01:
                    cb:32:de:8a:1f:80:81:6d:26:fd:9e:89:26:70:c7:
                    ba:9f:78:8d:35:87:20:62:4a:f7:76:47:0e:f7:44:
                    67:48:26:c2:cc:4a:f8:0e:51:d3:6b:7f:1b:ff:fa:
                    6d:8d:26:1b:c9:fc:ce:09:b9:c0:4e:50:23:0b:98:
                    cb:10:c6:a3:c9:1f:db:34:98:65:92:63:fe:ca:a8:
                    f1:b7:8e:df:4a:fc:91:b8:9b:27:01:93:da:3b:17:
                    b1:86:77:9c:56:7d:b8:84:38:76:62:c8:eb:20:08:
                    d4:d8:b3:7a:17:4a:78:8f:37:55:de:22:22:08:81:
                    3a:52:26:bf:32:e3:85:e3:de:8e:20:e0:6a:99:9b:
                    c7:ba:6f:76:46:5c:8f:b8:72:8d:2a:74:61:06:22:
                    d9:b4:78:f3:61:57:73:71:b0:06:78:cd:30:90:ec:
                    81:3f:c1:2e:ec:0b:6f:49:ad:c4:45:37:23:9b:54:
                    a9:04:60:de:9f:c0:da:55:b5:0b:a3:a5:2c:56:f3:
                    0a:69:af:64:83:77:0b:47:67:f9:56:5d:b9:6c:dc:
                    33:60:58:37:fd:a5:3b:4d:c0:f1:0d:c8:26:e1:8c:
                    c4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:01:D5:0B:FB:11:FE:C8:48:29:DC:A4:D3:2A:E5:2A:0E:8A:AD:D3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.146.0/24
                  178.83.166.0/24
                  178.83.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c4:64:d2:0e:75:c6:a4:6e:3e:07:0c:2e:cb:3c:68:2a:f2:
         ee:23:e0:50:5c:fa:1a:52:ba:56:45:13:f0:2f:c0:f8:e8:61:
         38:f6:bb:40:3d:cf:c3:f9:64:2b:c2:bf:62:21:ff:26:f1:24:
         9c:fc:4f:ac:b3:de:4e:b7:d9:91:97:cc:99:c4:91:c6:d8:0a:
         ee:0c:74:cf:5c:1d:f9:35:0e:25:c3:f4:9b:6f:92:c7:08:06:
         30:7a:45:4d:1a:af:5c:04:86:3c:02:48:41:38:da:ac:4a:b7:
         62:e4:51:24:c5:59:46:de:42:ce:a9:d9:6d:c3:8c:f7:bc:50:
         61:03:c8:02:7c:ba:df:5a:51:0d:26:06:3e:16:73:31:b3:9e:
         93:5f:b4:7b:0c:6a:81:23:e3:be:13:ca:33:d1:a4:24:1e:7a:
         67:4f:b6:d3:a0:79:0d:60:3a:19:94:ea:d0:99:bd:e1:a7:53:
         da:e6:23:02:87:64:0b:45:23:30:14:c6:7c:b2:3a:ef:e6:00:
         e7:02:71:27:e1:29:bd:94:57:47:1f:a9:10:d6:d9:bf:6b:d2:
         03:54:5a:50:f2:dd:11:f0:42:a2:15:ad:06:6e:ac:05:ed:cd:
         41:3b:a1:ea:a3:a4:59:d8:72:d2:ef:15:3c:97:dc:68:d9:99:
         39:e3:9a:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUBvVs4cXDi2gQKXQDfSbzDKp0+GgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjQxMzE5MDZaFw0yNzAzMjMxMzI0MDZaMDMxMTAvBgNV
BAMTKDYzMDFENTBCRkIxMUZFQzg0ODI5RENBNEQzMkFFNTJBMEU4QUFERDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+rWiAxWUBUX7u2g8qDB+rTLIa
etg35y+tgwEkAcsy3oofgIFtJv2eiSZwx7qfeI01hyBiSvd2Rw73RGdIJsLMSvgO
UdNrfxv/+m2NJhvJ/M4JucBOUCMLmMsQxqPJH9s0mGWSY/7KqPG3jt9K/JG4mycB
k9o7F7GGd5xWfbiEOHZiyOsgCNTYs3oXSniPN1XeIiIIgTpSJr8y44Xj3o4g4GqZ
m8e6b3ZGXI+4co0qdGEGItm0ePNhV3NxsAZ4zTCQ7IE/wS7sC29JrcRFNyObVKkE
YN6fwNpVtQujpSxW8wppr2SDdwtHZ/lWXbls3DNgWDf9pTtNwPENyCbhjMTtAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUYwHVC/sR/shIKdyk0yrlKg6KrdMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMTQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVEuS
AwQAslOmAwQAslOuMA0GCSqGSIb3DQEBCwUAA4IBAQCaxGTSDnXGpG4+Bwwuyzxo
KvLuI+BQXPoaUrpWRRPwL8D46GE49rtAPc/D+WQrwr9iIf8m8SSc/E+ss95Ot9mR
l8yZxJHG2AruDHTPXB35NQ4lw/Sbb5LHCAYwekVNGq9cBIY8AkhBONqsSrdi5FEk
xVlG3kLOqdltw4z3vFBhA8gCfLrfWlENJgY+FnMxs56TX7R7DGqBI+O+E8oz0aQk
HnpnT7bToHkNYDoZlOrQmb3hp1Pa5iMCh2QLRSMwFMZ8sjrv5gDnAnEn4Sm9lFdH
H6kQ1tm/a9IDVFpQ8t0R8EKiFa0GbqwF7c1BO6Hqo6RZ2HLS7xU8l9xo2Zk545o/
-----END CERTIFICATE-----