Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151380.roa
File:                     AS151380.roa (raw, json)
Hash identifier:          JfOqA3LhrX25x1uU7F6xbSwpJe+9QCjANxfQcd8GGiQ=
Subject key identifier:   BA:0F:F2:DA:7B:79:91:D0:72:B8:48:92:B4:4E:89:16:FB:89:AF:8A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       06A0DE06D433D0E6434CDCFA0665E48FD263FB5F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151380.roa
Signing time:             Thu 07 May 2026 20:45:03 +0000
ROA not before:           Thu 07 May 2026 20:40:03 +0000
ROA not after:            Thu 06 May 2027 20:45:03 +0000
asID:                     151380
IP address blocks:        82.47.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a0:de:06:d4:33:d0:e6:43:4c:dc:fa:06:65:e4:8f:d2:63:fb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  7 20:40:03 2026 GMT
            Not After : May  6 20:45:03 2027 GMT
        Subject: CN=BA0FF2DA7B7991D072B84892B44E8916FB89AF8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:69:a8:ca:a8:f9:5b:9c:78:da:43:ee:74:44:
                    76:30:41:70:e3:fc:b4:41:2c:6c:c4:24:14:0e:fe:
                    47:97:54:70:59:b3:ca:64:d6:e6:27:34:be:47:50:
                    8b:79:c6:9d:49:fd:74:e8:6c:cf:c4:63:4e:e3:e4:
                    6f:0d:fa:fb:d7:aa:9f:6e:6c:38:85:10:19:b6:af:
                    1e:74:bd:21:aa:c5:68:c7:67:70:c8:92:b0:9d:76:
                    41:c0:2f:a9:6b:d6:51:37:12:f0:0f:7a:e8:44:9f:
                    41:46:b3:75:f1:0d:d0:ee:49:ed:7f:65:b0:d1:86:
                    97:9b:78:a7:14:b9:b4:28:c9:a1:0f:81:0f:8e:05:
                    0e:5e:56:bd:2a:84:88:5c:6b:a0:77:dd:9d:f7:b6:
                    37:c5:7a:09:f3:8c:60:91:cb:c0:c7:9a:ca:2e:0d:
                    cf:a5:02:33:87:c9:da:e6:95:b8:39:a9:23:72:25:
                    73:cd:a7:26:97:9e:76:08:88:87:6f:6b:e4:e5:ac:
                    a5:e5:60:49:0e:64:96:9c:1d:49:26:b1:05:49:2e:
                    ee:8b:99:f4:e5:02:41:a8:05:03:8e:54:01:50:c7:
                    18:9f:53:c7:0d:06:6e:1b:71:c4:a9:dc:4f:6a:f3:
                    51:2a:57:00:41:55:86:1b:3f:09:a7:12:77:71:d9:
                    64:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0F:F2:DA:7B:79:91:D0:72:B8:48:92:B4:4E:89:16:FB:89:AF:8A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151380.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7c:e9:43:e1:36:15:54:dc:1b:51:64:e0:58:a6:2d:0e:df:
         11:8c:be:d6:32:e0:c6:0f:33:d7:5e:1a:86:ea:06:cc:f0:c5:
         75:b7:0e:63:73:9f:b3:c8:98:6d:0b:b9:8e:a2:e2:51:09:4f:
         4f:ff:0a:bf:52:3c:96:80:77:fc:20:b4:03:13:19:ea:07:b9:
         d5:16:34:3f:10:b0:7c:f1:36:fd:5b:ba:d3:34:52:1e:bf:61:
         31:78:3d:a5:74:11:5b:f0:f6:45:2c:a3:45:c8:b2:72:91:d5:
         ca:7a:99:c5:20:0b:69:15:42:fd:77:49:66:de:9e:6d:43:fd:
         1d:78:e8:76:3d:06:a5:e1:26:df:95:6d:89:99:bd:f4:21:93:
         5b:b0:6b:6d:3a:5b:5a:bf:35:2e:11:d8:f0:01:78:6b:c9:28:
         9b:4d:c0:d1:cb:5f:be:e0:df:bd:fa:d7:dd:0e:73:a0:3b:f5:
         a2:53:ba:66:4d:b0:d2:68:45:d1:76:82:b8:b3:65:5d:57:50:
         57:2a:0a:62:ab:ff:c9:f9:85:be:18:fa:b1:34:15:3b:88:02:
         b9:7d:7d:88:cf:cd:54:3b:2f:5d:6d:6f:60:03:76:24:a0:49:
         d1:3c:02:e2:32:92:72:e6:da:4a:e7:c2:16:80:3c:f7:6f:f4:
         09:eb:af:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBqDeBtQz0OZDTNz6BmXkj9Jj+18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDcyMDQwMDNaFw0yNzA1MDYyMDQ1MDNaMDMxMTAvBgNV
BAMTKEJBMEZGMkRBN0I3OTkxRDA3MkI4NDg5MkI0NEU4OTE2RkI4OUFGOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzaajKqPlbnHjaQ+50RHYwQXDj
/LRBLGzEJBQO/keXVHBZs8pk1uYnNL5HUIt5xp1J/XTobM/EY07j5G8N+vvXqp9u
bDiFEBm2rx50vSGqxWjHZ3DIkrCddkHAL6lr1lE3EvAPeuhEn0FGs3XxDdDuSe1/
ZbDRhpebeKcUubQoyaEPgQ+OBQ5eVr0qhIhca6B33Z33tjfFegnzjGCRy8DHmsou
Dc+lAjOHydrmlbg5qSNyJXPNpyaXnnYIiIdva+TlrKXlYEkOZJacHUkmsQVJLu6L
mfTlAkGoBQOOVAFQxxifU8cNBm4bccSp3E9q81EqVwBBVYYbPwmnEndx2WShAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUug/y2nt5kdByuEiStE6JFvuJr4owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxMzgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUi+K
MA0GCSqGSIb3DQEBCwUAA4IBAQACfOlD4TYVVNwbUWTgWKYtDt8RjL7WMuDGDzPX
XhqG6gbM8MV1tw5jc5+zyJhtC7mOouJRCU9P/wq/UjyWgHf8ILQDExnqB7nVFjQ/
ELB88Tb9W7rTNFIev2ExeD2ldBFb8PZFLKNFyLJykdXKepnFIAtpFUL9d0lm3p5t
Q/0deOh2PQal4SbflW2Jmb30IZNbsGttOltavzUuEdjwAXhrySibTcDRy1++4N+9
+tfdDnOgO/WiU7pmTbDSaEXRdoK4s2VdV1BXKgpiq//J+YW+GPqxNBU7iAK5fX2I
z81UOy9dbW9gA3YkoEnRPALiMpJy5tpK58IWgDz3b/QJ668j
-----END CERTIFICATE-----