Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa
File:                     AS152179.roa (raw, json)
Hash identifier:          yVNOkUnSeqEnSK/ru+ewvxUx0j+BaEDye4xc80zi/PU=
Subject key identifier:   0F:9D:9B:6B:F9:0C:07:3A:9A:B9:01:B5:9C:48:59:DA:5E:C7:BF:DF
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       57D196616A065C032AB107A59B1F3F323039D83E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa
Signing time:             Tue 17 Jun 2025 14:54:09 +0000
ROA not before:           Tue 17 Jun 2025 14:49:09 +0000
ROA not after:            Tue 16 Jun 2026 14:54:09 +0000
asID:                     152179
IP address blocks:        141.11.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:d1:96:61:6a:06:5c:03:2a:b1:07:a5:9b:1f:3f:32:30:39:d8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 17 14:49:09 2025 GMT
            Not After : Jun 16 14:54:09 2026 GMT
        Subject: CN=0F9D9B6BF90C073A9AB901B59C4859DA5EC7BFDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:6d:01:83:69:12:1d:cd:08:6e:d0:64:f8:de:
                    fd:a8:d6:ff:ee:74:fc:84:3f:cf:ab:46:ff:a1:a1:
                    49:e4:e7:77:3b:03:61:48:2e:c0:a5:74:7e:85:31:
                    9b:e1:f3:92:e7:d5:20:e1:fb:01:50:a9:68:3d:6b:
                    bf:27:b9:cc:2e:a3:f2:fb:40:a6:21:f9:98:dd:41:
                    38:65:29:ac:40:3f:a7:76:c5:39:20:83:53:ac:a7:
                    40:9b:46:26:02:91:21:85:b9:26:15:44:e1:60:79:
                    5d:38:d8:06:cd:77:db:9b:d9:7c:24:6e:11:97:44:
                    4b:61:64:09:32:93:a0:f5:63:af:f3:b2:5f:4c:31:
                    d6:13:3e:6a:64:65:8a:6a:6d:f7:b4:af:f7:6d:71:
                    53:b4:62:df:d2:e5:2c:b1:4a:c5:91:72:32:26:42:
                    55:17:e6:03:1c:6a:3e:92:cb:33:5e:ce:38:8e:ba:
                    9b:5e:e8:6b:6b:43:65:49:c6:3b:c9:a5:1a:a4:d8:
                    f9:4d:e3:cf:0b:85:29:05:a4:f9:7b:82:e1:d2:f2:
                    b6:20:0e:86:4a:f5:7a:25:4b:55:51:7d:7f:54:31:
                    17:40:ef:c3:bd:9b:2b:3c:db:9e:1d:57:94:75:2b:
                    f9:ad:8d:ed:78:c4:03:1b:73:25:4d:88:2a:38:3a:
                    2b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9D:9B:6B:F9:0C:07:3A:9A:B9:01:B5:9C:48:59:DA:5E:C7:BF:DF
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:58:b0:9c:3d:d2:c9:16:6e:06:40:4f:11:bf:d9:73:e1:bf:
         15:75:2a:71:54:84:30:86:57:46:72:87:ae:9a:c6:44:76:5f:
         14:80:fd:ff:e9:37:49:03:a7:88:3f:39:42:d6:c5:c7:b2:7d:
         4f:e0:e4:40:af:e9:d9:25:f9:ea:e9:93:52:51:0f:b8:a2:a4:
         2e:72:a7:e4:d0:a6:cc:cb:17:02:9e:fe:00:fd:9f:4f:0b:4a:
         7d:53:9f:87:e4:d2:07:75:e1:06:e3:8a:db:3b:55:1a:62:10:
         32:79:06:df:c2:8d:8d:ec:fa:d1:94:bc:0e:4d:c9:0a:f4:3a:
         1a:de:80:09:09:56:6d:ad:ee:e3:bc:99:6f:25:d0:c9:93:f3:
         1c:4f:e5:99:34:be:94:cc:bb:f3:d4:3e:e6:68:79:bb:04:91:
         4e:d5:23:0f:3e:b7:60:89:63:64:24:d9:34:fa:87:eb:54:48:
         39:ec:35:e5:c4:5e:65:1f:26:c9:78:db:d5:5f:58:6b:98:eb:
         7f:c2:2c:c7:20:a2:4d:f2:53:3d:25:7c:4d:91:18:62:9e:e7:
         25:2f:3d:fc:41:b4:dd:f3:88:2d:0a:1e:9a:8e:57:ba:28:96:
         67:89:fb:4d:ed:78:e6:1d:61:98:63:45:9a:0e:30:c1:eb:4a:
         33:ce:fa:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV9GWYWoGXAMqsQelmx8/MjA52D4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTcxNDQ5MDlaFw0yNjA2MTYxNDU0MDlaMDMxMTAvBgNV
BAMTKDBGOUQ5QjZCRjkwQzA3M0E5QUI5MDFCNTlDNDg1OURBNUVDN0JGREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDubQGDaRIdzQhu0GT43v2o1v/u
dPyEP8+rRv+hoUnk53c7A2FILsCldH6FMZvh85Ln1SDh+wFQqWg9a78nucwuo/L7
QKYh+ZjdQThlKaxAP6d2xTkgg1Osp0CbRiYCkSGFuSYVROFgeV042AbNd9ub2Xwk
bhGXREthZAkyk6D1Y6/zsl9MMdYTPmpkZYpqbfe0r/dtcVO0Yt/S5SyxSsWRcjIm
QlUX5gMcaj6SyzNezjiOupte6GtrQ2VJxjvJpRqk2PlN488LhSkFpPl7guHS8rYg
DoZK9XolS1VRfX9UMRdA78O9mys8254dV5R1K/mtje14xAMbcyVNiCo4OitpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUD52ba/kMBzqauQG1nEhZ2l7Hv98wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUyMTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuG
MA0GCSqGSIb3DQEBCwUAA4IBAQCGWLCcPdLJFm4GQE8Rv9lz4b8VdSpxVIQwhldG
coeumsZEdl8UgP3/6TdJA6eIPzlC1sXHsn1P4ORAr+nZJfnq6ZNSUQ+4oqQucqfk
0KbMyxcCnv4A/Z9PC0p9U5+H5NIHdeEG44rbO1UaYhAyeQbfwo2N7PrRlLwOTckK
9Doa3oAJCVZtre7jvJlvJdDJk/McT+WZNL6UzLvz1D7maHm7BJFO1SMPPrdgiWNk
JNk0+ofrVEg57DXlxF5lHybJeNvVX1hrmOt/wizHIKJN8lM9JXxNkRhinuclLz38
QbTd84gtCh6ajle6KJZniftN7XjmHWGYY0WaDjDB60ozzvo1
-----END CERTIFICATE-----