Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa
File:                     AS152179.roa (raw, json)
Hash identifier:          fhiHhoKgIeQL07truvTRz593ZYmsb/+NbWzsK9+sEW4=
Subject key identifier:   02:BE:87:03:77:BB:A1:8E:68:06:0C:1B:4D:13:24:2B:42:1D:B3:53
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       75B789ED172B2F1EFB0E86C63101439CD816D334
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa
Signing time:             Fri 26 Sep 2025 14:23:24 +0000
ROA not before:           Fri 26 Sep 2025 14:18:24 +0000
ROA not after:            Fri 25 Sep 2026 14:23:24 +0000
asID:                     152179
IP address blocks:        193.32.206.0/24 maxlen: 24
                          212.115.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:54:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:b7:89:ed:17:2b:2f:1e:fb:0e:86:c6:31:01:43:9c:d8:16:d3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Sep 26 14:18:24 2025 GMT
            Not After : Sep 25 14:23:24 2026 GMT
        Subject: CN=02BE870377BBA18E68060C1B4D13242B421DB353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:52:54:91:a1:08:75:ee:e2:d9:17:10:6c:a1:
                    b8:94:8d:63:fd:67:83:4f:14:fd:34:37:fd:0b:46:
                    77:29:c6:18:73:8f:76:36:e4:86:ca:42:94:63:74:
                    8c:5d:b8:2e:c9:62:ba:cc:d4:1c:29:eb:94:08:b2:
                    2f:42:b5:3f:a3:71:5d:d0:2a:42:c6:53:e8:63:9c:
                    9a:ef:17:00:03:90:b9:5c:bb:d4:07:97:16:7c:de:
                    02:7a:c9:6e:ca:96:68:b2:25:61:20:95:da:50:df:
                    11:76:89:a4:e0:cc:fa:43:e6:11:1d:ab:e7:ad:3a:
                    50:ce:90:bb:3e:4a:0c:17:6d:10:d6:1b:7a:44:63:
                    c8:40:36:6f:34:60:47:20:a3:be:e5:21:bc:8f:59:
                    ff:4c:af:7d:65:f5:dd:f0:a1:17:91:14:be:25:00:
                    9c:b6:2d:8e:d2:29:5e:32:0e:1d:f7:65:4a:32:9c:
                    24:75:7d:36:19:71:76:45:8b:d0:77:17:e2:59:5c:
                    78:82:3a:ac:16:ff:2e:f9:bf:71:18:1b:3d:09:13:
                    b3:c0:c1:45:e8:39:b1:97:9c:d3:d4:43:50:dc:f7:
                    b6:f0:dd:de:d9:6b:36:61:53:18:16:c7:f5:3d:db:
                    ed:0c:c7:aa:54:4c:0c:94:3b:d9:6f:3a:6a:fc:d1:
                    91:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:BE:87:03:77:BB:A1:8E:68:06:0C:1B:4D:13:24:2B:42:1D:B3:53
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS152179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.206.0/24
                  212.115.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:03:e4:ce:67:1c:11:34:78:39:f7:98:11:c6:0a:61:9c:88:
         e3:bc:c6:e3:ac:a6:6b:be:ff:d2:9f:23:97:b6:6a:dd:aa:c5:
         b5:2a:a9:7c:27:8f:44:94:dc:b8:c7:1f:d4:9d:68:4d:ab:e0:
         02:41:15:dd:e4:96:f2:e7:28:6e:36:ec:b1:09:71:b2:98:ea:
         fe:1d:b6:30:8c:75:e2:a4:62:58:9b:ae:90:49:f9:29:35:85:
         a7:55:24:34:6c:88:68:e9:1e:2f:90:a1:84:ce:cd:6f:d2:54:
         d4:a7:f6:e2:f3:84:03:84:67:e0:ee:0e:fb:a6:0e:7c:38:5f:
         59:ea:cb:70:6e:26:1c:41:5c:e4:7d:5a:00:79:cd:ac:aa:07:
         95:3a:1b:05:57:11:01:80:06:a0:a9:b0:c5:4a:e2:41:75:e5:
         08:b8:1b:a8:b7:9c:af:ae:cf:73:95:d2:cf:62:4b:c9:19:b2:
         6b:c9:fd:4f:84:32:09:b8:7f:5d:dd:e6:e8:04:c6:8c:30:78:
         a8:3c:20:73:b2:70:58:89:fe:7b:2e:30:8a:d5:74:d7:3b:87:
         f1:ca:09:5b:19:c2:c5:99:bc:a6:55:20:38:51:4c:e7:2a:f5:
         1a:9c:28:bb:4a:17:20:28:7c:d6:c7:41:87:9d:28:9f:10:a7:
         34:ec:ac:6f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdbeJ7RcrLx77DobGMQFDnNgW0zQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA5MjYxNDE4MjRaFw0yNjA5MjUxNDIzMjRaMDMxMTAvBgNV
BAMTKDAyQkU4NzAzNzdCQkExOEU2ODA2MEMxQjREMTMyNDJCNDIxREIzNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkUlSRoQh17uLZFxBsobiUjWP9
Z4NPFP00N/0LRncpxhhzj3Y25IbKQpRjdIxduC7JYrrM1Bwp65QIsi9CtT+jcV3Q
KkLGU+hjnJrvFwADkLlcu9QHlxZ83gJ6yW7KlmiyJWEgldpQ3xF2iaTgzPpD5hEd
q+etOlDOkLs+SgwXbRDWG3pEY8hANm80YEcgo77lIbyPWf9Mr31l9d3woReRFL4l
AJy2LY7SKV4yDh33ZUoynCR1fTYZcXZFi9B3F+JZXHiCOqwW/y75v3EYGz0JE7PA
wUXoObGXnNPUQ1Dc97bw3d7ZazZhUxgWx/U92+0Mx6pUTAyUO9lvOmr80ZGTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAr6HA3e7oY5oBgwbTRMkK0Ids1MwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTUyMTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSDO
AwQA1HNnMA0GCSqGSIb3DQEBCwUAA4IBAQA4A+TOZxwRNHg595gRxgphnIjjvMbj
rKZrvv/SnyOXtmrdqsW1Kql8J49ElNy4xx/UnWhNq+ACQRXd5Jby5yhuNuyxCXGy
mOr+HbYwjHXipGJYm66QSfkpNYWnVSQ0bIho6R4vkKGEzs1v0lTUp/bi84QDhGfg
7g77pg58OF9Z6stwbiYcQVzkfVoAec2sqgeVOhsFVxEBgAagqbDFSuJBdeUIuBuo
t5yvrs9zldLPYkvJGbJryf1PhDIJuH9d3eboBMaMMHioPCBzsnBYif57LjCK1XTX
O4fxyglbGcLFmbymVSA4UUznKvUanCi7ShcgKHzWx0GHnSifEKc07Kxv
-----END CERTIFICATE-----