Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133150.roa
File:                     AS133150.roa (raw, json)
Hash identifier:          ka4wdkz7XUnco9XydL5De01qWMVprTgrD9TRrN3rfdM=
Subject key identifier:   0E:68:C1:F4:21:8F:8D:3F:AF:FF:CB:7F:86:22:E4:BB:07:D5:0D:64
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0D7B9A645682C28306D5F3C33B5D4250B43AD33E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133150.roa
Signing time:             Tue 05 May 2026 09:29:08 +0000
ROA not before:           Tue 05 May 2026 09:24:08 +0000
ROA not after:            Tue 04 May 2027 09:29:08 +0000
asID:                     133150
IP address blocks:        141.11.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:58:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:7b:9a:64:56:82:c2:83:06:d5:f3:c3:3b:5d:42:50:b4:3a:d3:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  5 09:24:08 2026 GMT
            Not After : May  4 09:29:08 2027 GMT
        Subject: CN=0E68C1F4218F8D3FAFFFCB7F8622E4BB07D50D64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b8:7e:a5:de:17:58:96:95:63:dd:54:ec:62:
                    d4:f5:65:8a:a7:6a:71:eb:d1:5a:40:2d:3f:f7:6d:
                    36:71:37:dd:90:8e:42:8c:3d:0a:ed:aa:df:1c:b0:
                    c1:25:6a:1f:4a:f3:63:46:2e:30:f7:f0:e6:e8:6a:
                    e5:98:de:fc:a6:93:ac:6b:c2:eb:54:15:af:b1:d6:
                    c3:1b:af:11:bf:2a:03:52:22:f9:e2:44:0b:2b:54:
                    b1:bd:83:f4:d5:15:da:e0:b3:65:fc:b8:aa:5a:d5:
                    de:6a:3a:85:e6:9c:10:ed:14:12:68:73:56:27:d0:
                    10:9c:a1:f5:10:da:5c:51:30:50:9d:6d:e0:a8:83:
                    74:79:03:14:b9:82:71:c6:5d:58:39:00:37:99:46:
                    3e:6c:7d:34:1f:55:4b:e1:8c:c3:9c:f6:15:f3:06:
                    73:be:aa:2f:4d:56:55:20:07:14:0a:c0:2a:5a:55:
                    ff:89:22:be:a1:10:7a:8c:00:05:6b:c4:87:d9:86:
                    5c:44:b2:f8:26:c6:c0:06:9f:82:42:25:f0:a3:11:
                    09:4e:97:31:e5:84:6c:eb:86:f9:96:06:7e:ae:f8:
                    57:57:3c:d6:24:5f:1c:fe:fb:3c:b6:38:ff:a2:e4:
                    4f:eb:b1:6d:d8:3a:5d:75:f8:b3:a2:39:8c:1f:dd:
                    5c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:68:C1:F4:21:8F:8D:3F:AF:FF:CB:7F:86:22:E4:BB:07:D5:0D:64
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ad:5c:fa:7c:aa:6a:7f:3e:03:a6:02:4f:fd:2c:4c:88:eb:
         83:94:84:5b:c1:15:0c:35:b1:3f:4f:2e:16:a3:a8:55:d0:57:
         1b:b1:f6:f2:a9:46:30:2c:a4:40:8d:4f:6d:9c:d5:bd:79:c0:
         cd:80:aa:85:79:5c:44:b5:9c:ae:11:9a:71:3b:3e:81:42:8f:
         fd:e3:87:48:82:1a:3f:10:6b:f3:b1:76:68:25:55:ac:92:2f:
         30:2b:f9:7e:b9:9f:80:05:f3:2a:6c:36:e9:42:4c:ea:08:6b:
         93:75:12:45:68:a4:f9:96:53:27:94:c2:cb:4d:7c:ad:58:da:
         85:31:4e:0d:f3:f8:45:03:3e:e9:bb:f1:71:f6:48:7c:6c:87:
         66:dc:08:ac:56:38:0b:d0:0f:9a:6a:5d:3a:81:40:b2:b3:10:
         76:18:b4:c1:55:dc:29:18:93:78:60:ff:58:3d:7e:a7:23:eb:
         86:a6:79:31:1b:56:4c:75:03:d3:ff:71:79:37:79:22:9e:eb:
         4a:14:0e:14:7e:0e:18:7b:2a:6e:fa:67:98:75:d5:de:48:bf:
         52:25:7d:f4:71:6f:73:70:74:f0:29:07:2b:52:d4:19:37:81:
         fa:5c:2c:6b:0d:89:9b:b3:3f:2d:fb:dd:25:c1:9a:d2:8f:85:
         4d:f9:b1:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDXuaZFaCwoMG1fPDO11CULQ60z4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDUwOTI0MDhaFw0yNzA1MDQwOTI5MDhaMDMxMTAvBgNV
BAMTKDBFNjhDMUY0MjE4RjhEM0ZBRkZGQ0I3Rjg2MjJFNEJCMDdENTBENjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXuH6l3hdYlpVj3VTsYtT1ZYqn
anHr0VpALT/3bTZxN92QjkKMPQrtqt8csMElah9K82NGLjD38OboauWY3vymk6xr
wutUFa+x1sMbrxG/KgNSIvniRAsrVLG9g/TVFdrgs2X8uKpa1d5qOoXmnBDtFBJo
c1Yn0BCcofUQ2lxRMFCdbeCog3R5AxS5gnHGXVg5ADeZRj5sfTQfVUvhjMOc9hXz
BnO+qi9NVlUgBxQKwCpaVf+JIr6hEHqMAAVrxIfZhlxEsvgmxsAGn4JCJfCjEQlO
lzHlhGzrhvmWBn6u+FdXPNYkXxz++zy2OP+i5E/rsW3YOl11+LOiOYwf3VztAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDmjB9CGPjT+v/8t/hiLkuwfVDWQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTMzMTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtP
MA0GCSqGSIb3DQEBCwUAA4IBAQA1rVz6fKpqfz4DpgJP/SxMiOuDlIRbwRUMNbE/
Ty4Wo6hV0FcbsfbyqUYwLKRAjU9tnNW9ecDNgKqFeVxEtZyuEZpxOz6BQo/944dI
gho/EGvzsXZoJVWski8wK/l+uZ+ABfMqbDbpQkzqCGuTdRJFaKT5llMnlMLLTXyt
WNqFMU4N8/hFAz7pu/Fx9kh8bIdm3AisVjgL0A+aal06gUCysxB2GLTBVdwpGJN4
YP9YPX6nI+uGpnkxG1ZMdQPT/3F5N3kinutKFA4Ufg4Yeypu+meYddXeSL9SJX30
cW9zcHTwKQcrUtQZN4H6XCxrDYmbsz8t+90lwZrSj4VN+bGM
-----END CERTIFICATE-----