Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151407.roa
File:                     AS151407.roa (raw, json)
Hash identifier:          dSEZv+EpMZT35KF0bdmqTgLNo7Nsn15YYPO8C02BScc=
Subject key identifier:   FD:34:64:85:26:CE:3B:66:5C:59:62:6C:F0:FB:C2:C8:4D:47:09:F7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       05E6BCCF2ADD434B672F59EE2458C26E43780D3D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151407.roa
Signing time:             Fri 01 May 2026 03:16:12 +0000
ROA not before:           Fri 01 May 2026 03:11:12 +0000
ROA not after:            Fri 30 Apr 2027 03:16:12 +0000
asID:                     151407
IP address blocks:        82.47.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:e6:bc:cf:2a:dd:43:4b:67:2f:59:ee:24:58:c2:6e:43:78:0d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  1 03:11:12 2026 GMT
            Not After : Apr 30 03:16:12 2027 GMT
        Subject: CN=FD34648526CE3B665C59626CF0FBC2C84D4709F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bc:34:1d:4d:89:6b:4b:43:b1:65:8d:e6:06:
                    a8:5e:8a:51:6b:96:a8:e1:b7:0b:50:7c:5e:88:2a:
                    f9:03:9b:eb:cd:fc:de:36:b1:a5:3f:5c:cf:f2:d0:
                    b6:90:4d:e4:61:2c:75:3c:8e:68:95:95:e0:d7:dd:
                    49:8f:cb:75:ef:23:97:dc:3c:9c:20:1a:a3:88:50:
                    ac:9b:d1:f4:bc:b5:89:db:71:67:60:eb:21:68:96:
                    16:7b:ce:a4:ee:d6:8b:f5:75:8a:82:ce:66:e1:61:
                    2a:9a:b6:a6:9d:a0:85:83:9b:5f:31:47:a0:56:66:
                    a8:4f:ec:91:a8:ff:2d:fe:a4:2f:87:9c:f7:23:c8:
                    b3:83:52:49:ce:9b:33:ba:99:4b:5b:4e:86:90:16:
                    91:df:79:ea:66:33:aa:2c:f5:37:88:b7:ff:27:7b:
                    1c:5e:c5:02:2e:64:a8:36:66:7c:53:da:c7:a4:76:
                    2c:b7:83:16:b0:b4:fa:1c:9c:60:89:05:5a:95:7a:
                    34:f6:62:11:d7:ca:d7:80:d3:1d:4a:47:b3:a5:0b:
                    37:49:1c:c3:91:b3:27:b1:e5:79:32:3c:98:26:db:
                    75:fd:68:f8:42:66:d0:6f:2e:2d:1f:2c:c2:0e:d6:
                    b4:e8:be:a4:c0:d4:52:3a:a6:d1:0a:e7:2e:31:ef:
                    e0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:34:64:85:26:CE:3B:66:5C:59:62:6C:F0:FB:C2:C8:4D:47:09:F7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:40:af:d6:68:e1:39:e0:d4:7c:91:47:d6:54:83:84:fe:7f:
         6c:5b:5a:79:a9:ac:2a:69:2f:2a:f1:f1:c2:f0:9f:de:87:56:
         0c:dd:9e:1a:7f:00:bf:db:d5:f1:fb:2f:b0:ee:01:f5:5e:3f:
         57:41:2f:85:d0:b6:20:b6:52:fe:5d:56:76:c6:ea:08:5e:d0:
         8d:07:be:28:ed:33:24:40:73:43:e4:2e:17:c4:04:80:3f:80:
         ac:f7:4c:df:8a:24:78:7a:f8:e3:8b:11:d9:b7:76:d9:fa:a2:
         aa:de:3b:7a:f5:0e:ac:11:d3:3d:d4:14:7a:18:7d:ff:ab:ee:
         12:b9:9b:ab:6b:da:6e:5f:99:78:60:e5:a0:73:f3:1a:a5:84:
         e9:35:5f:59:19:a3:70:1b:f2:2a:6e:3b:6f:e7:3b:a0:91:01:
         04:6d:06:62:4d:5d:0e:75:8e:15:36:96:e1:b2:93:84:c2:e6:
         55:d7:1f:ee:47:ed:2f:29:85:1d:a3:fa:1c:8c:f1:16:07:25:
         0b:bd:e9:f6:39:97:ba:2d:a3:ff:ae:bb:e1:8b:6b:8a:b8:df:
         43:ec:19:78:1d:56:f0:43:ea:c2:0a:7a:91:ae:e2:ab:57:de:
         d1:7c:a7:f1:4b:c0:5d:81:d3:db:3d:07:d0:50:dc:00:ef:ca:
         cd:08:c5:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBea8zyrdQ0tnL1nuJFjCbkN4DT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDEwMzExMTJaFw0yNzA0MzAwMzE2MTJaMDMxMTAvBgNV
BAMTKEZEMzQ2NDg1MjZDRTNCNjY1QzU5NjI2Q0YwRkJDMkM4NEQ0NzA5RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqvDQdTYlrS0OxZY3mBqheilFr
lqjhtwtQfF6IKvkDm+vN/N42saU/XM/y0LaQTeRhLHU8jmiVleDX3UmPy3XvI5fc
PJwgGqOIUKyb0fS8tYnbcWdg6yFolhZ7zqTu1ov1dYqCzmbhYSqatqadoIWDm18x
R6BWZqhP7JGo/y3+pC+HnPcjyLODUknOmzO6mUtbToaQFpHfeepmM6os9TeIt/8n
exxexQIuZKg2ZnxT2sekdiy3gxawtPocnGCJBVqVejT2YhHXyteA0x1KR7OlCzdJ
HMORsyex5XkyPJgm23X9aPhCZtBvLi0fLMIO1rTovqTA1FI6ptEK5y4x7+C7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/TRkhSbOO2ZcWWJs8PvCyE1HCfcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUi8g
MA0GCSqGSIb3DQEBCwUAA4IBAQCoQK/WaOE54NR8kUfWVIOE/n9sW1p5qawqaS8q
8fHC8J/eh1YM3Z4afwC/29Xx+y+w7gH1Xj9XQS+F0LYgtlL+XVZ2xuoIXtCNB74o
7TMkQHND5C4XxASAP4Cs90zfiiR4evjjixHZt3bZ+qKq3jt69Q6sEdM91BR6GH3/
q+4SuZura9puX5l4YOWgc/MapYTpNV9ZGaNwG/Iqbjtv5zugkQEEbQZiTV0OdY4V
NpbhspOEwuZV1x/uR+0vKYUdo/ocjPEWByULven2OZe6LaP/rrvhi2uKuN9D7Bl4
HVbwQ+rCCnqRruKrV97RfKfxS8BdgdPbPQfQUNwA78rNCMWl
-----END CERTIFICATE-----