Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152599.roa
File:                     AS152599.roa (raw, json)
Hash identifier:          Xb9sLmvSM0m6btDDwkq/xuhqA/9tYp8TeFrveVzY/F8=
Subject key identifier:   C6:BA:12:E8:CD:69:50:CB:B0:81:70:5B:14:06:72:94:54:1F:EA:EE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       224F29DE170FE3009343B599B0EE8E194D0D6BFF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152599.roa
Signing time:             Thu 30 Apr 2026 18:47:07 +0000
ROA not before:           Thu 30 Apr 2026 18:42:07 +0000
ROA not after:            Thu 29 Apr 2027 18:47:07 +0000
asID:                     152599
IP address blocks:        2a13:9500:73::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:4f:29:de:17:0f:e3:00:93:43:b5:99:b0:ee:8e:19:4d:0d:6b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 30 18:42:07 2026 GMT
            Not After : Apr 29 18:47:07 2027 GMT
        Subject: CN=C6BA12E8CD6950CBB081705B14067294541FEAEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:98:f4:e9:14:3e:67:5e:e7:ef:c6:7b:95:ae:
                    3b:fa:d2:09:b2:26:4b:02:9e:5c:44:1d:04:19:e8:
                    39:b0:17:0f:52:56:2a:f8:c0:37:69:f7:b2:bd:b5:
                    ba:6b:6e:ab:31:da:7d:5f:53:32:ca:7f:14:ab:f8:
                    6b:e9:d1:76:79:56:4f:b7:b6:30:41:1e:57:d0:d8:
                    27:6e:b5:e7:16:af:fd:7d:91:72:65:36:8c:c5:53:
                    65:94:41:3c:4a:39:59:2f:09:11:83:6d:17:16:82:
                    09:dd:55:cd:e5:29:68:6d:d8:4d:eb:80:4c:e8:4d:
                    0f:15:1d:2b:9d:3b:07:aa:c1:57:11:b6:cf:52:46:
                    82:d0:b0:25:2d:6c:b6:30:a5:f1:7f:65:50:24:f3:
                    d2:86:b5:a0:ec:d1:da:10:43:48:41:c6:94:13:58:
                    90:97:da:b7:5f:cc:dc:dc:2a:8a:c6:7f:7a:74:62:
                    59:1d:6f:9a:f2:07:4c:02:ab:b6:59:52:c0:eb:ec:
                    5d:3e:49:5a:39:23:7d:22:96:8b:bf:20:d5:a3:31:
                    0f:d1:40:b0:ec:c7:35:eb:4f:b5:11:7e:52:db:4a:
                    73:52:44:c9:d2:6e:6d:3f:07:24:d7:a7:5c:6e:fe:
                    71:d2:53:50:68:fa:a4:1f:6f:85:88:27:68:ef:fb:
                    b7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:BA:12:E8:CD:69:50:CB:B0:81:70:5B:14:06:72:94:54:1F:EA:EE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152599.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:73::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:40:dd:fb:b2:99:2e:b9:40:92:2c:04:09:fd:98:ed:59:c6:
         8a:dd:00:1f:2b:8d:85:4e:c1:e6:a6:f6:a9:ea:1f:7a:20:39:
         9a:b7:d2:3a:f7:49:35:69:75:44:cc:cd:e7:7a:20:55:e0:05:
         ca:5f:ef:8f:d9:f3:20:f7:09:e3:a2:90:6b:06:cc:a1:64:06:
         f3:9a:8d:c7:41:b5:6b:7a:83:2e:df:a8:84:cb:a7:3d:73:b2:
         c8:57:f3:fa:c6:0c:1e:42:3a:e2:fb:06:22:2f:d0:d0:9e:7f:
         14:4d:ee:4d:d9:ef:18:e6:bb:51:c8:f1:28:09:48:1a:ce:55:
         20:0f:4d:fe:97:41:cb:70:84:3b:3d:20:49:e7:2f:e1:d5:11:
         63:bc:f8:fc:92:5a:38:95:45:08:d5:bc:6d:7d:47:28:ee:a4:
         c9:0f:10:74:c6:02:23:b9:e9:bd:58:03:ce:d0:bd:f4:bd:65:
         73:b7:5e:73:c8:72:7b:f1:d5:a5:c7:bb:9c:92:e4:fd:ce:e2:
         0a:4e:98:0d:f9:a1:5f:e7:e9:66:cf:0c:b3:80:e6:94:9d:1b:
         7e:8d:e6:97:4f:34:2b:64:32:cc:3b:ab:ba:ca:f9:88:5f:70:
         00:12:31:8f:70:96:d6:a9:41:54:57:28:a1:82:b8:50:3a:a2:
         92:6e:20:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIk8p3hcP4wCTQ7WZsO6OGU0Na/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MzAxODQyMDdaFw0yNzA0MjkxODQ3MDdaMDMxMTAvBgNV
BAMTKEM2QkExMkU4Q0Q2OTUwQ0JCMDgxNzA1QjE0MDY3Mjk0NTQxRkVBRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVmPTpFD5nXufvxnuVrjv60gmy
JksCnlxEHQQZ6DmwFw9SVir4wDdp97K9tbprbqsx2n1fUzLKfxSr+Gvp0XZ5Vk+3
tjBBHlfQ2CdutecWr/19kXJlNozFU2WUQTxKOVkvCRGDbRcWggndVc3lKWht2E3r
gEzoTQ8VHSudOweqwVcRts9SRoLQsCUtbLYwpfF/ZVAk89KGtaDs0doQQ0hBxpQT
WJCX2rdfzNzcKorGf3p0Ylkdb5ryB0wCq7ZZUsDr7F0+SVo5I30ilou/INWjMQ/R
QLDsxzXrT7URflLbSnNSRMnSbm0/ByTXp1xu/nHSU1Bo+qQfb4WIJ2jv+7fxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxroS6M1pUMuwgXBbFAZylFQf6u4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyNTk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABzMA0GCSqGSIb3DQEBCwUAA4IBAQAmQN37spkuuUCSLAQJ/ZjtWcaK3QAfK42F
TsHmpvap6h96IDmat9I690k1aXVEzM3neiBV4AXKX++P2fMg9wnjopBrBsyhZAbz
mo3HQbVreoMu36iEy6c9c7LIV/P6xgweQjri+wYiL9DQnn8UTe5N2e8Y5rtRyPEo
CUgazlUgD03+l0HLcIQ7PSBJ5y/h1RFjvPj8klo4lUUI1bxtfUco7qTJDxB0xgIj
uem9WAPO0L30vWVzt15zyHJ78dWlx7uckuT9zuIKTpgN+aFf5+lmzwyzgOaUnRt+
jeaXTzQrZDLMO6u6yvmIX3AAEjGPcJbWqUFUVyihgrhQOqKSbiAz
-----END CERTIFICATE-----