Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154361.roa
File:                     AS154361.roa (raw, json)
Hash identifier:          8xqnMLaivsHq+/Kcw4TQkI+nnM3cCB3MfPWyaECNdq4=
Subject key identifier:   51:94:2B:93:0D:54:7E:48:AC:C4:BD:27:5F:5F:00:58:C7:B1:96:0E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       509EFF6E36A3E2FA7C5026999A944E3280A665B2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154361.roa
Signing time:             Sat 25 Apr 2026 11:51:43 +0000
ROA not before:           Sat 25 Apr 2026 11:46:43 +0000
ROA not after:            Sat 24 Apr 2027 11:51:43 +0000
asID:                     154361
IP address blocks:        82.47.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:9e:ff:6e:36:a3:e2:fa:7c:50:26:99:9a:94:4e:32:80:a6:65:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 25 11:46:43 2026 GMT
            Not After : Apr 24 11:51:43 2027 GMT
        Subject: CN=51942B930D547E48ACC4BD275F5F0058C7B1960E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:df:02:64:34:8c:af:c4:f6:50:75:36:e4:5c:
                    c6:27:bf:82:ca:ce:1f:22:3c:d2:d5:f9:be:d4:9c:
                    6c:1f:a0:a6:96:ab:b5:39:d5:f8:72:0a:3d:84:f2:
                    b6:a4:cd:a6:1d:7e:aa:4b:0b:84:9e:3d:83:5d:d9:
                    f8:48:fb:15:5b:b5:d8:09:8a:15:e8:be:04:46:bc:
                    db:c2:cc:e8:95:09:20:3e:b3:68:fc:8d:3a:57:63:
                    a3:d8:28:81:63:f4:ac:8a:a3:47:d2:7e:ab:4f:38:
                    34:b5:5b:e9:d3:60:5a:7a:81:cc:a3:25:f4:78:41:
                    7f:25:5e:13:c8:1b:e3:de:e3:de:3d:51:09:a2:15:
                    ad:1b:c7:7a:1c:d3:2d:75:e0:9a:ea:5b:f9:cf:ce:
                    bc:3c:20:99:7a:b6:32:8b:d2:d7:0e:24:9f:7a:94:
                    85:60:84:d2:15:9c:7c:84:10:4a:6f:4c:0b:4c:6f:
                    6f:3c:8a:9a:bd:e1:f8:2e:3a:49:fa:54:c3:53:a6:
                    2a:33:f1:1b:eb:0f:40:e4:88:0a:a6:3a:ae:4d:f3:
                    53:ec:b4:25:40:f8:32:79:35:f5:fd:c3:1f:fc:b7:
                    06:b4:d9:0f:69:96:8a:96:2f:99:43:73:ca:a3:fe:
                    dc:b1:5b:9f:64:b8:95:c0:6c:ea:93:e4:fe:ed:4b:
                    e5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:94:2B:93:0D:54:7E:48:AC:C4:BD:27:5F:5F:00:58:C7:B1:96:0E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS154361.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:e3:36:4d:6c:c6:7d:d9:96:06:ee:1e:a4:af:17:20:cb:7d:
         50:a7:01:75:d3:56:a5:70:02:35:42:11:e7:cf:3d:e7:d0:3d:
         6c:b8:4a:82:d4:c2:38:09:3d:01:ed:e9:9a:b6:82:fe:05:63:
         ff:f4:df:5c:85:c9:ca:87:fe:4f:e1:f3:bd:05:e3:fd:0a:62:
         64:4c:37:40:3b:63:80:94:d5:71:51:5a:b2:29:92:df:6a:51:
         b4:6c:f4:ad:cd:45:c5:72:fa:b3:05:3d:cf:a4:4e:5e:57:a0:
         17:cf:b8:eb:ec:29:62:d2:b0:41:95:03:db:45:4a:ea:b4:2b:
         4e:12:3e:7e:f3:e8:0c:75:5f:b6:e5:01:c1:0a:a5:91:22:6f:
         5e:df:0c:b8:3e:b7:5d:e1:ee:a2:e3:b2:6d:b0:a9:c3:6b:84:
         32:84:45:99:27:c9:94:90:38:84:db:74:83:5b:91:cf:ff:c5:
         86:17:04:29:eb:b4:e5:58:46:15:92:ae:a0:ad:d1:a1:73:c3:
         4f:f3:35:de:89:04:83:a1:01:f7:5e:e4:71:80:36:ab:4c:a4:
         6b:28:84:8c:1f:e8:e4:15:1e:2f:e1:9b:67:8c:4b:63:b0:8c:
         89:fe:85:9d:17:67:aa:7d:27:5a:bf:98:02:58:54:20:c8:a6:
         d0:36:2f:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUJ7/bjaj4vp8UCaZmpROMoCmZbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjUxMTQ2NDNaFw0yNzA0MjQxMTUxNDNaMDMxMTAvBgNV
BAMTKDUxOTQyQjkzMEQ1NDdFNDhBQ0M0QkQyNzVGNUYwMDU4QzdCMTk2MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ3wJkNIyvxPZQdTbkXMYnv4LK
zh8iPNLV+b7UnGwfoKaWq7U51fhyCj2E8rakzaYdfqpLC4SePYNd2fhI+xVbtdgJ
ihXovgRGvNvCzOiVCSA+s2j8jTpXY6PYKIFj9KyKo0fSfqtPODS1W+nTYFp6gcyj
JfR4QX8lXhPIG+Pe4949UQmiFa0bx3oc0y114JrqW/nPzrw8IJl6tjKL0tcOJJ96
lIVghNIVnHyEEEpvTAtMb288ipq94fguOkn6VMNTpioz8RvrD0DkiAqmOq5N81Ps
tCVA+DJ5NfX9wx/8twa02Q9ploqWL5lDc8qj/tyxW59kuJXAbOqT5P7tS+XhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUZQrkw1UfkisxL0nX18AWMexlg4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTU0MzYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUi8Y
MA0GCSqGSIb3DQEBCwUAA4IBAQAR4zZNbMZ92ZYG7h6krxcgy31QpwF101alcAI1
QhHnzz3n0D1suEqC1MI4CT0B7ematoL+BWP/9N9chcnKh/5P4fO9BeP9CmJkTDdA
O2OAlNVxUVqyKZLfalG0bPStzUXFcvqzBT3PpE5eV6AXz7jr7Cli0rBBlQPbRUrq
tCtOEj5+8+gMdV+25QHBCqWRIm9e3wy4Prdd4e6i47JtsKnDa4QyhEWZJ8mUkDiE
23SDW5HP/8WGFwQp67TlWEYVkq6grdGhc8NP8zXeiQSDoQH3XuRxgDarTKRrKISM
H+jkFR4v4ZtnjEtjsIyJ/oWdF2eqfSdav5gCWFQgyKbQNi+k
-----END CERTIFICATE-----