Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa
File:                     AS151490.roa (raw, json)
Hash identifier:          ObYkNAAEoqsj7wImXlaa3JtMJgD4H8rdFs7/+iDwOhk=
Subject key identifier:   BC:80:E8:F7:AD:69:2B:9A:36:36:5D:82:78:DC:42:0B:76:71:49:34
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3250A25C7DE5B352472F53B71A639C25D215792D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa
Signing time:             Wed 18 Mar 2026 03:46:48 +0000
ROA not before:           Wed 18 Mar 2026 03:41:48 +0000
ROA not after:            Wed 17 Mar 2027 03:46:48 +0000
asID:                     151490
IP address blocks:        141.11.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:50:a2:5c:7d:e5:b3:52:47:2f:53:b7:1a:63:9c:25:d2:15:79:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 18 03:41:48 2026 GMT
            Not After : Mar 17 03:46:48 2027 GMT
        Subject: CN=BC80E8F7AD692B9A36365D8278DC420B76714934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:6e:43:2b:5e:6d:dd:97:b2:d3:22:0f:67:
                    40:83:b1:a9:8f:ad:86:08:cf:65:95:80:e4:b2:41:
                    45:0b:f8:8c:29:5c:48:c4:7e:a6:06:c4:ff:f4:4a:
                    aa:f2:db:83:ea:13:ab:ee:02:0e:e7:66:e7:bb:c0:
                    07:d0:0e:55:0f:8d:e1:e7:6a:8d:f2:91:9b:0f:e9:
                    ad:8b:d4:2f:28:f2:ea:b3:ec:c8:e5:9b:fc:ea:f9:
                    aa:76:96:e3:7a:fb:e0:10:f2:dc:db:34:d9:26:40:
                    00:dd:73:60:e9:ff:03:5a:fb:62:c7:5e:b1:89:c5:
                    48:c9:aa:db:a1:bf:b7:25:87:41:86:5e:2f:cd:3a:
                    3c:75:06:d0:03:c1:bf:d3:fa:0d:a8:a3:f0:ad:ef:
                    38:ce:17:dd:8b:a6:9b:42:5a:28:05:0c:af:e9:b0:
                    52:23:fd:ca:6e:27:1d:1b:d3:57:4c:e7:c0:33:05:
                    a3:06:d3:72:de:89:ca:46:f4:ef:d0:fb:0b:e6:c1:
                    d8:90:e7:97:62:e6:2f:0b:0c:ee:b4:27:1f:2c:d5:
                    18:7b:20:27:19:c6:f3:c3:ea:9d:26:23:81:bd:8a:
                    de:40:25:d9:d8:4d:fc:b7:a6:35:43:a1:d3:28:d9:
                    bd:50:91:16:e2:46:8b:e6:53:f6:b6:95:63:09:b2:
                    7f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:80:E8:F7:AD:69:2B:9A:36:36:5D:82:78:DC:42:0B:76:71:49:34
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151490.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:38:39:99:98:1b:43:e0:33:26:4d:44:8d:25:c7:34:51:64:
         61:0a:16:91:8e:b7:ff:29:0a:83:df:25:82:2e:91:6d:2f:dd:
         b7:b5:aa:d9:01:79:d1:11:15:02:4c:0f:08:dc:7f:7e:fb:5e:
         44:a3:89:07:78:6f:16:6e:97:42:df:a7:da:4d:c0:4b:1c:09:
         21:01:ab:9e:52:66:71:78:ef:90:3e:ba:88:24:eb:92:10:eb:
         d7:02:3f:73:ad:50:25:73:59:9a:a9:ba:0e:01:92:6f:4d:6e:
         eb:fe:3b:24:a2:74:28:d3:64:c7:10:fd:93:c5:1f:7a:55:c8:
         ae:cc:bd:53:a9:33:fc:92:83:55:e6:b6:18:5d:b6:32:23:ea:
         c9:4e:34:0e:bc:83:87:54:90:f0:8b:a2:4e:6b:26:47:30:fc:
         2e:79:67:43:c9:34:1d:2d:6b:0f:db:1d:88:f6:cb:0d:65:d4:
         74:22:14:df:7c:db:00:ff:d2:0a:89:73:73:6f:ec:36:f7:5f:
         0f:dc:74:30:7b:82:37:2b:89:01:fb:ea:42:af:7e:d2:e4:9f:
         07:82:25:ba:f4:73:5d:a6:e6:9e:4f:65:81:f2:3a:23:92:34:
         6d:4c:16:ad:56:43:64:b8:28:a0:74:12:8c:77:31:fa:1e:f7:
         0b:cd:8a:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMlCiXH3ls1JHL1O3GmOcJdIVeS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTgwMzQxNDhaFw0yNzAzMTcwMzQ2NDhaMDMxMTAvBgNV
BAMTKEJDODBFOEY3QUQ2OTJCOUEzNjM2NUQ4Mjc4REM0MjBCNzY3MTQ5MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCssm5DK15t3Zey0yIPZ0CDsamP
rYYIz2WVgOSyQUUL+IwpXEjEfqYGxP/0Sqry24PqE6vuAg7nZue7wAfQDlUPjeHn
ao3ykZsP6a2L1C8o8uqz7Mjlm/zq+ap2luN6++AQ8tzbNNkmQADdc2Dp/wNa+2LH
XrGJxUjJqtuhv7clh0GGXi/NOjx1BtADwb/T+g2oo/Ct7zjOF92LpptCWigFDK/p
sFIj/cpuJx0b01dM58AzBaMG03LeicpG9O/Q+wvmwdiQ55di5i8LDO60Jx8s1Rh7
ICcZxvPD6p0mI4G9it5AJdnYTfy3pjVDodMo2b1QkRbiRovmU/a2lWMJsn+TAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvIDo961pK5o2Nl2CeNxCC3ZxSTQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUxNDkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsJ
MA0GCSqGSIb3DQEBCwUAA4IBAQByODmZmBtD4DMmTUSNJcc0UWRhChaRjrf/KQqD
3yWCLpFtL923tarZAXnRERUCTA8I3H9++15Eo4kHeG8WbpdC36faTcBLHAkhAaue
UmZxeO+QPrqIJOuSEOvXAj9zrVAlc1maqboOAZJvTW7r/jskonQo02THEP2TxR96
VciuzL1TqTP8koNV5rYYXbYyI+rJTjQOvIOHVJDwi6JOayZHMPwueWdDyTQdLWsP
2x2I9ssNZdR0IhTffNsA/9IKiXNzb+w2918P3HQwe4I3K4kB++pCr37S5J8HgiW6
9HNdpuaeT2WB8jojkjRtTBatVkNkuCigdBKMdzH6HvcLzYp7
-----END CERTIFICATE-----