Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133398.roa
File:                     AS133398.roa (raw, json)
Hash identifier:          snzJxVHPxRsVGA6L72hFPPXErSKQcm7qNGmIOzBu7Yk=
Subject key identifier:   CC:EE:C7:F6:00:25:C3:4C:0A:41:CA:D2:30:88:40:BD:F9:5E:1B:E3
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       265417F42A3D05D3B54827C30D7A15C036C41115
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133398.roa
Signing time:             Sat 09 May 2026 10:02:29 +0000
ROA not before:           Sat 09 May 2026 09:57:29 +0000
ROA not after:            Sat 08 May 2027 10:02:29 +0000
asID:                     133398
IP address blocks:        141.11.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:54:17:f4:2a:3d:05:d3:b5:48:27:c3:0d:7a:15:c0:36:c4:11:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  9 09:57:29 2026 GMT
            Not After : May  8 10:02:29 2027 GMT
        Subject: CN=CCEEC7F60025C34C0A41CAD2308840BDF95E1BE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:ee:90:21:18:ff:8e:73:e3:da:01:3e:b6:
                    98:d8:e1:97:63:91:d1:7f:58:b7:fc:39:3b:cd:33:
                    f8:0a:d0:34:a4:be:7c:9b:be:24:98:61:28:0c:bc:
                    29:bf:e2:cb:df:b0:9d:3f:0e:74:39:e4:d8:80:4b:
                    0c:0f:71:ee:a3:80:33:60:b0:2c:13:8f:10:42:0c:
                    c7:e2:0e:21:87:ff:8c:8b:bf:d5:55:60:b7:83:10:
                    58:76:4c:17:0e:50:c1:13:5e:b5:ae:0f:62:82:2d:
                    fb:87:f7:9c:9e:a5:0c:c0:42:ea:67:aa:05:52:da:
                    3f:c7:0f:fe:f2:aa:da:ce:0e:d3:22:4b:c3:c1:1e:
                    ee:79:ab:e1:b2:84:77:3f:1a:09:3e:02:58:e4:72:
                    68:eb:14:ca:bd:d9:d3:1b:bd:ef:c6:6b:85:eb:55:
                    6f:bd:d2:fd:5e:7e:a2:40:ab:bc:88:e3:09:5f:78:
                    23:fe:4f:41:9e:94:39:1e:10:ea:db:3c:ea:c9:7d:
                    f4:04:ec:41:d3:4b:c3:54:fa:e4:1c:26:3a:5c:38:
                    dc:7b:79:c6:43:56:99:37:e9:23:92:e1:86:d8:ae:
                    57:20:79:e7:ad:ea:2e:02:16:ba:87:3d:81:ee:78:
                    e8:43:95:42:bd:d6:c0:2c:c5:b8:72:b7:87:77:18:
                    cd:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:C7:F6:00:25:C3:4C:0A:41:CA:D2:30:88:40:BD:F9:5E:1B:E3
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS133398.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:1f:86:05:10:06:7e:af:95:ec:87:5e:2f:80:49:cf:09:2c:
         83:7c:1f:6d:d5:dd:96:0d:a7:22:62:35:a9:26:c7:f9:44:ef:
         0b:e0:ce:7c:38:29:c6:fd:d8:0f:4c:36:85:a8:75:bd:34:10:
         b4:a6:c3:ec:75:45:e4:28:9b:23:ec:8f:9d:9b:29:9e:68:7d:
         9f:ec:18:4e:8b:24:63:26:11:8c:33:8b:65:be:c6:38:a5:31:
         bc:e3:1b:f3:ee:0a:ee:0e:ff:8e:68:65:77:bc:64:8a:64:7c:
         87:7b:74:42:06:1e:fd:89:69:dd:8b:f8:a2:3a:5e:34:21:2e:
         35:ec:33:d0:b5:78:26:82:5d:d8:1a:d5:4c:f4:ce:1e:9c:3c:
         11:9c:11:c5:fe:21:33:14:d7:04:65:29:36:22:b3:a0:db:92:
         f8:9d:b2:d9:a6:b0:df:fc:9c:19:df:16:93:05:71:70:1d:0e:
         f8:d8:4f:58:4f:e8:a0:e3:ce:f2:6b:06:04:71:b9:76:03:05:
         b5:24:d1:d2:da:3f:b4:3d:81:48:ca:b4:f3:e7:62:db:e9:07:
         70:07:3b:73:38:e5:e0:4b:63:ba:72:31:33:cc:e4:3e:8a:25:
         ea:f9:16:3a:b9:03:40:4c:f6:5c:86:a9:e8:3f:12:5b:e2:55:
         a7:57:96:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJlQX9Co9BdO1SCfDDXoVwDbEERUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDkwOTU3MjlaFw0yNzA1MDgxMDAyMjlaMDMxMTAvBgNV
BAMTKENDRUVDN0Y2MDAyNUMzNEMwQTQxQ0FEMjMwODg0MEJERjk1RTFCRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfvO6QIRj/jnPj2gE+tpjY4Zdj
kdF/WLf8OTvNM/gK0DSkvnybviSYYSgMvCm/4svfsJ0/DnQ55NiASwwPce6jgDNg
sCwTjxBCDMfiDiGH/4yLv9VVYLeDEFh2TBcOUMETXrWuD2KCLfuH95yepQzAQupn
qgVS2j/HD/7yqtrODtMiS8PBHu55q+GyhHc/Ggk+AljkcmjrFMq92dMbve/Ga4Xr
VW+90v1efqJAq7yI4wlfeCP+T0GelDkeEOrbPOrJffQE7EHTS8NU+uQcJjpcONx7
ecZDVpk36SOS4YbYrlcgeeet6i4CFrqHPYHueOhDlUK91sAsxbhyt4d3GM3hAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUzO7H9gAlw0wKQcrSMIhAvfleG+MwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTMzMzk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtO
MA0GCSqGSIb3DQEBCwUAA4IBAQBSH4YFEAZ+r5Xsh14vgEnPCSyDfB9t1d2WDaci
YjWpJsf5RO8L4M58OCnG/dgPTDaFqHW9NBC0psPsdUXkKJsj7I+dmymeaH2f7BhO
iyRjJhGMM4tlvsY4pTG84xvz7gruDv+OaGV3vGSKZHyHe3RCBh79iWndi/iiOl40
IS417DPQtXgmgl3YGtVM9M4enDwRnBHF/iEzFNcEZSk2IrOg25L4nbLZprDf/JwZ
3xaTBXFwHQ742E9YT+ig487yawYEcbl2AwW1JNHS2j+0PYFIyrTz52Lb6QdwBztz
OOXgS2O6cjEzzOQ+iiXq+RY6uQNATPZchqnoPxJb4lWnV5bC
-----END CERTIFICATE-----