Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152626.roa
File:                     AS152626.roa (raw, json)
Hash identifier:          5AmFBaFmlVaabJDRves2AFYMgDDnVEKsv+nzCLsQLY8=
Subject key identifier:   F9:34:E1:15:32:A1:D7:24:72:60:05:16:9A:50:3C:87:E0:4F:54:1B
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       60487E5D5358B233E91816DB5B71ACBF443BD9DB
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152626.roa
Signing time:             Sat 04 Oct 2025 02:38:19 +0000
ROA not before:           Sat 04 Oct 2025 02:33:19 +0000
ROA not after:            Sat 03 Oct 2026 02:38:19 +0000
asID:                     152626
IP address blocks:        2a14:7581:9fc0::/44 maxlen: 48
                          2a14:7583:fd00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:48:7e:5d:53:58:b2:33:e9:18:16:db:5b:71:ac:bf:44:3b:d9:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct  4 02:33:19 2025 GMT
            Not After : Oct  3 02:38:19 2026 GMT
        Subject: CN=F934E11532A1D724726005169A503C87E04F541B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:44:e3:d5:f7:bf:8a:3a:00:74:90:74:75:cb:
                    8f:6c:d8:e3:4b:b6:0f:d2:2a:38:ab:fc:16:39:02:
                    2c:e2:b3:27:70:d4:08:61:af:94:78:5c:29:c1:0a:
                    c3:25:ab:f7:19:78:d9:8d:01:13:b2:37:e6:9d:36:
                    23:05:25:18:81:ca:ca:12:13:33:24:cf:14:89:36:
                    e8:a5:2e:d7:b3:c1:0b:a4:fe:2b:13:1f:55:61:dc:
                    b3:58:01:96:b7:d5:a6:90:ca:06:4c:af:ab:56:c2:
                    eb:80:34:85:6d:3c:1a:80:69:9b:d7:32:c4:cf:46:
                    34:32:eb:f3:ad:a9:b4:87:39:27:4c:7a:a6:e1:1a:
                    9a:9a:6e:d0:07:53:9e:c5:29:9e:f8:1a:e6:ac:ba:
                    ba:1b:be:05:d9:bb:0c:f2:d3:7a:50:df:fe:d3:68:
                    e7:57:bb:9f:c1:55:04:db:fc:95:64:c6:bc:ec:db:
                    98:90:29:08:f7:b6:cb:3c:aa:5d:64:ce:23:63:72:
                    da:28:23:a8:be:40:b9:7c:d8:bb:e4:0d:b4:f3:93:
                    ef:fa:f0:e7:09:ce:60:fe:d3:d8:7e:e4:41:d4:22:
                    24:c9:02:cf:ad:28:d6:b2:15:07:e8:43:5d:b6:76:
                    24:ff:79:11:2f:ef:aa:d6:c1:f4:fe:30:04:37:52:
                    4b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:34:E1:15:32:A1:D7:24:72:60:05:16:9A:50:3C:87:E0:4F:54:1B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152626.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9fc0::/44
                  2a14:7583:fd00::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:b9:42:07:6f:d9:c0:71:9a:99:96:1a:86:86:6a:83:3c:57:
         cb:12:a2:01:80:58:5d:c2:c8:ba:4b:de:ae:39:90:39:8b:0e:
         7e:ca:14:d2:2b:3d:b9:89:0d:58:da:3d:8c:6b:e5:ff:9d:b3:
         da:23:87:fd:98:65:2e:15:60:7e:46:ac:95:33:ef:0d:75:ad:
         ce:32:e1:38:f7:8d:33:75:13:bf:1c:3f:4a:75:ba:c7:84:25:
         42:b2:7c:7b:bb:88:84:11:99:d3:ee:59:d2:9d:3f:9a:8d:23:
         34:7f:c8:60:04:9f:4c:bb:3b:03:0b:a2:c8:f7:66:0e:f4:d3:
         7a:ae:c5:34:48:62:d9:e2:c6:41:4b:59:45:ce:7e:08:84:94:
         12:82:99:b1:b8:29:18:fa:eb:e8:c0:16:2c:b3:dd:4e:5b:57:
         14:73:6c:df:a9:e3:38:12:f6:3e:b9:6c:0d:a2:30:9b:be:6e:
         b3:03:75:7e:4d:87:f4:2d:c1:da:da:4f:fe:8b:ff:93:d8:bd:
         2e:07:63:78:e4:4a:cb:3a:5e:5f:0f:e4:cc:f7:56:75:8f:47:
         79:95:eb:eb:4a:80:c6:f0:b3:f3:4f:5a:28:84:8f:f6:9d:0b:
         45:10:64:93:c4:e6:c3:57:1a:47:b8:a3:4f:16:e1:53:b1:58:
         15:d3:ce:8a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUYEh+XVNYsjPpGBbbW3Gsv0Q72dswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMDQwMjMzMTlaFw0yNjEwMDMwMjM4MTlaMDMxMTAvBgNV
BAMTKEY5MzRFMTE1MzJBMUQ3MjQ3MjYwMDUxNjlBNTAzQzg3RTA0RjU0MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRROPV97+KOgB0kHR1y49s2ONL
tg/SKjir/BY5Aizisydw1Ahhr5R4XCnBCsMlq/cZeNmNAROyN+adNiMFJRiBysoS
EzMkzxSJNuilLtezwQuk/isTH1Vh3LNYAZa31aaQygZMr6tWwuuANIVtPBqAaZvX
MsTPRjQy6/OtqbSHOSdMeqbhGpqabtAHU57FKZ74GuasurobvgXZuwzy03pQ3/7T
aOdXu5/BVQTb/JVkxrzs25iQKQj3tss8ql1kziNjctooI6i+QLl82LvkDbTzk+/6
8OcJzmD+09h+5EHUIiTJAs+tKNayFQfoQ122diT/eREv76rWwfT+MAQ3UkvRAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU+TThFTKh1yRyYAUWmlA8h+BPVBswHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTUyNjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhR1
gZ/AAwYAKhR1g/0wDQYJKoZIhvcNAQELBQADggEBAFO5Qgdv2cBxmpmWGoaGaoM8
V8sSogGAWF3CyLpL3q45kDmLDn7KFNIrPbmJDVjaPYxr5f+ds9ojh/2YZS4VYH5G
rJUz7w11rc4y4Tj3jTN1E78cP0p1useEJUKyfHu7iIQRmdPuWdKdP5qNIzR/yGAE
n0y7OwMLosj3Zg7003quxTRIYtnixkFLWUXOfgiElBKCmbG4KRj66+jAFiyz3U5b
VxRzbN+p4zgS9j65bA2iMJu+brMDdX5Nh/QtwdraT/6L/5PYvS4HY3jkSss6Xl8P
5Mz3VnWPR3mV6+tKgMbws/NPWiiEj/adC0UQZJPE5sNXGke4o08W4VOxWBXTzoo=
-----END CERTIFICATE-----