Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153377.roa
File:                     AS153377.roa (raw, json)
Hash identifier:          Jan8j5i8KsPAMkVNnMlw6xu5CPAyQ2+IGbqKdfWUoEc=
Subject key identifier:   5A:96:6A:FD:85:9C:A4:4A:C1:D0:0B:6D:9E:A2:D2:89:BF:BB:94:FC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       33FE434E7269A0CBE87456087C71FC7C952AA223
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153377.roa
Signing time:             Fri 15 Aug 2025 12:34:54 +0000
ROA not before:           Fri 15 Aug 2025 12:29:54 +0000
ROA not after:            Fri 14 Aug 2026 12:34:54 +0000
asID:                     153377
IP address blocks:        2a13:9500:c6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:fe:43:4e:72:69:a0:cb:e8:74:56:08:7c:71:fc:7c:95:2a:a2:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 15 12:29:54 2025 GMT
            Not After : Aug 14 12:34:54 2026 GMT
        Subject: CN=5A966AFD859CA44AC1D00B6D9EA2D289BFBB94FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cc:05:ed:3d:5c:13:81:e1:fb:32:5e:4e:8f:
                    24:36:30:46:89:c3:67:8f:aa:70:96:4c:aa:b5:47:
                    60:b4:ca:22:be:ea:36:a1:91:03:e0:46:d0:56:42:
                    d5:70:1d:55:e8:0c:ce:57:60:b5:f7:3a:98:1b:bd:
                    ce:b5:2b:27:4e:b8:f3:90:d5:95:9d:c2:d6:72:c0:
                    9f:22:6f:c0:3d:63:c5:57:af:99:46:7a:19:f6:d6:
                    97:6f:17:8d:c0:00:46:28:8f:f8:4a:e9:a4:6e:3a:
                    44:ed:a0:d7:04:78:58:8e:83:bc:92:e3:4c:99:c4:
                    0e:b7:99:d6:23:46:68:70:c0:86:52:34:65:4f:be:
                    ae:d0:d9:8c:fc:97:cb:1b:9e:77:f6:ad:5f:c5:ae:
                    7c:21:22:5d:35:73:3a:c3:14:a5:ed:e0:83:72:97:
                    62:6d:26:c5:35:f5:97:0e:da:7b:e0:6c:f0:c3:ee:
                    a4:99:01:77:4b:33:85:59:c1:9d:4e:99:e6:e4:ee:
                    5f:b8:d7:72:e6:2d:19:f1:94:b0:31:71:20:fc:c4:
                    44:b8:cd:13:87:e2:6a:78:d1:ca:49:29:c1:03:cb:
                    5d:d4:55:21:a8:88:8f:8a:86:9c:61:61:56:7f:86:
                    e1:54:48:c2:d1:c4:5f:0f:e8:01:c8:4e:29:10:9a:
                    c6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:96:6A:FD:85:9C:A4:4A:C1:D0:0B:6D:9E:A2:D2:89:BF:BB:94:FC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153377.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:c6::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:2e:93:64:c7:ba:10:40:02:cf:f3:ad:6d:92:65:9d:bd:07:
         00:32:9f:b1:42:70:6e:86:54:85:ec:7a:c5:d3:2b:7c:bd:36:
         f2:18:6f:68:69:b0:28:c7:9f:5d:99:3a:16:51:1f:51:6b:16:
         59:c1:12:23:81:2e:14:4a:e5:f2:80:1c:0b:80:a9:02:84:1b:
         66:c1:63:ae:f2:ed:e0:87:3b:19:71:c4:0e:8d:3f:4f:3c:27:
         98:9c:41:61:d5:10:9b:0b:b5:05:25:27:48:83:de:07:fc:e9:
         af:4a:29:5f:f4:4c:c1:6d:99:5d:de:80:47:7b:f9:01:09:53:
         1d:f9:97:5b:39:9e:81:c5:9f:e8:99:d7:03:a7:d3:74:fa:c0:
         79:64:59:71:5d:d8:e6:3d:20:79:62:93:15:f5:a9:b7:6a:4b:
         b0:03:8e:0c:7e:de:14:b2:67:3f:7e:80:23:24:2f:3a:7f:66:
         b7:14:10:a9:9a:61:a2:d1:96:c5:c2:c0:e5:29:e1:86:6d:e1:
         3b:b2:21:74:55:f7:8e:53:0a:31:6a:9d:61:8f:13:40:e9:f6:
         13:f2:a8:e1:e0:b4:95:a3:09:23:6e:08:b0:e4:0e:6a:37:6b:
         cf:b5:c7:72:b4:02:e5:37:70:33:26:b2:9b:9a:38:2e:01:11:
         99:2b:cf:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUM/5DTnJpoMvodFYIfHH8fJUqoiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTUxMjI5NTRaFw0yNjA4MTQxMjM0NTRaMDMxMTAvBgNV
BAMTKDVBOTY2QUZEODU5Q0E0NEFDMUQwMEI2RDlFQTJEMjg5QkZCQjk0RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMzAXtPVwTgeH7Ml5OjyQ2MEaJ
w2ePqnCWTKq1R2C0yiK+6jahkQPgRtBWQtVwHVXoDM5XYLX3Opgbvc61KydOuPOQ
1ZWdwtZywJ8ib8A9Y8VXr5lGehn21pdvF43AAEYoj/hK6aRuOkTtoNcEeFiOg7yS
40yZxA63mdYjRmhwwIZSNGVPvq7Q2Yz8l8sbnnf2rV/FrnwhIl01czrDFKXt4INy
l2JtJsU19ZcO2nvgbPDD7qSZAXdLM4VZwZ1Omebk7l+413LmLRnxlLAxcSD8xES4
zROH4mp40cpJKcEDy13UVSGoiI+KhpxhYVZ/huFUSMLRxF8P6AHITikQmsYLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUWpZq/YWcpErB0AttnqLSib+7lPwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzMzc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADGMA0GCSqGSIb3DQEBCwUAA4IBAQA0LpNkx7oQQALP861tkmWdvQcAMp+xQnBu
hlSF7HrF0yt8vTbyGG9oabAox59dmToWUR9RaxZZwRIjgS4USuXygBwLgKkChBtm
wWOu8u3ghzsZccQOjT9PPCeYnEFh1RCbC7UFJSdIg94H/OmvSilf9EzBbZld3oBH
e/kBCVMd+ZdbOZ6BxZ/omdcDp9N0+sB5ZFlxXdjmPSB5YpMV9am3akuwA44Mft4U
smc/foAjJC86f2a3FBCpmmGi0ZbFwsDlKeGGbeE7siF0VfeOUwoxap1hjxNA6fYT
8qjh4LSVowkjbgiw5A5qN2vPtcdytALlN3AzJrKbmjguARGZK8/2
-----END CERTIFICATE-----