Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa
File:                     AS152179.roa (raw, json)
Hash identifier:          rznR4Sq8b/FHp91+MBMKXE7+Ogwbe9KveOkzQn2LhGQ=
Subject key identifier:   C3:5B:E2:45:BC:FA:2E:CD:3F:9B:5B:D7:89:52:E1:44:35:29:0F:04
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       49E6F32E27D10CCF14E539F4F110B6734A6B4834
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa
Signing time:             Sun 15 Mar 2026 00:04:04 +0000
ROA not before:           Sat 14 Mar 2026 23:59:04 +0000
ROA not after:            Sun 14 Mar 2027 00:04:04 +0000
asID:                     152179
IP address blocks:        141.11.134.0/23 maxlen: 24
                          194.60.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:e6:f3:2e:27:d1:0c:cf:14:e5:39:f4:f1:10:b6:73:4a:6b:48:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 14 23:59:04 2026 GMT
            Not After : Mar 14 00:04:04 2027 GMT
        Subject: CN=C35BE245BCFA2ECD3F9B5BD78952E14435290F04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9c:6e:6b:40:87:90:34:64:60:58:cd:89:8f:
                    72:00:61:69:35:b1:9a:de:13:46:22:b6:77:6b:ba:
                    e3:3d:88:ad:cc:b9:ce:4e:d4:05:d5:4f:d8:d3:04:
                    45:24:ca:bd:a0:12:95:85:63:80:b5:42:b5:84:08:
                    44:ba:07:6b:f1:c6:2d:13:20:69:8b:a7:eb:ed:e2:
                    df:ac:2e:85:4b:f0:cf:b1:3c:2d:40:ba:6c:f7:1e:
                    ef:c1:09:09:87:b9:e4:1c:ed:60:6f:37:59:33:98:
                    9f:4b:df:20:92:04:8c:ba:a1:b3:2d:45:fd:9e:21:
                    69:5e:51:94:8a:eb:15:d1:59:6e:14:f1:15:9e:bf:
                    b7:30:9c:0d:fd:86:d1:80:49:47:63:d9:33:e3:f9:
                    21:81:08:fc:00:73:2f:99:d7:fc:55:c9:1f:db:35:
                    e6:ca:3d:94:4d:bb:5a:98:09:39:f9:16:04:5c:ed:
                    80:70:da:bf:40:0f:b6:d9:96:91:29:40:2b:28:de:
                    5a:c4:dc:f0:1b:b1:e2:42:c7:30:49:32:de:be:bf:
                    c3:39:41:68:09:21:a3:63:c6:58:4a:d6:20:72:57:
                    78:8d:74:ac:51:63:b2:fc:ac:96:bf:1e:12:05:b3:
                    a1:f9:f9:29:50:74:c5:48:95:4d:5b:96:8f:7c:ee:
                    ec:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5B:E2:45:BC:FA:2E:CD:3F:9B:5B:D7:89:52:E1:44:35:29:0F:04
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.134.0/23
                  194.60.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:16:2b:5a:cd:50:4c:4b:c4:48:35:9e:74:33:ea:14:64:06:
         d9:32:46:bb:d2:b1:a1:43:5d:54:ca:a2:5b:4f:8b:68:36:26:
         d1:14:71:2b:fd:db:75:87:b7:93:e6:2f:13:9b:d1:ef:de:7f:
         da:8f:46:e6:db:14:17:8b:59:4c:97:b1:2a:e5:d9:31:3e:24:
         23:fa:59:dd:51:45:fb:89:4e:e5:ea:0b:35:92:dc:d9:0f:8e:
         ae:8f:9d:e4:26:ec:5d:7e:a7:19:27:27:64:09:be:d1:67:bf:
         06:d4:16:93:7d:9b:24:06:af:a0:15:82:77:29:e3:f3:ff:71:
         70:70:26:46:df:40:90:ae:ee:ca:a3:2a:b1:00:05:d5:85:83:
         74:59:a3:d9:33:9a:d6:fc:40:d9:0f:a8:58:40:a2:ac:2c:03:
         b7:84:a5:61:59:b6:83:c5:3d:e1:0e:01:18:ba:fc:e1:ad:e7:
         76:af:29:93:07:fc:d9:7a:a2:8e:ae:0f:65:a7:3d:ae:12:7e:
         1c:8f:54:16:ea:79:ff:56:d7:be:eb:1b:0e:d4:62:9d:fe:cd:
         60:dc:25:2d:9c:ff:44:35:b8:9b:ec:b9:08:eb:94:91:e5:0d:
         db:d3:14:d7:5a:93:52:05:c9:b6:5e:a3:69:d0:bf:02:c6:06:
         f9:a4:53:04
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUSebzLifRDM8U5Tn08RC2c0prSDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTQyMzU5MDRaFw0yNzAzMTQwMDA0MDRaMDMxMTAvBgNV
BAMTKEMzNUJFMjQ1QkNGQTJFQ0QzRjlCNUJENzg5NTJFMTQ0MzUyOTBGMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJnG5rQIeQNGRgWM2Jj3IAYWk1
sZreE0YitndruuM9iK3Muc5O1AXVT9jTBEUkyr2gEpWFY4C1QrWECES6B2vxxi0T
IGmLp+vt4t+sLoVL8M+xPC1Aumz3Hu/BCQmHueQc7WBvN1kzmJ9L3yCSBIy6obMt
Rf2eIWleUZSK6xXRWW4U8RWev7cwnA39htGASUdj2TPj+SGBCPwAcy+Z1/xVyR/b
NebKPZRNu1qYCTn5FgRc7YBw2r9AD7bZlpEpQCso3lrE3PAbseJCxzBJMt6+v8M5
QWgJIaNjxlhK1iByV3iNdKxRY7L8rJa/HhIFs6H5+SlQdMVIlU1blo987uwfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUw1viRbz6Ls0/m1vXiVLhRDUpDwQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUyMTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQuG
AwQAwjxfMA0GCSqGSIb3DQEBCwUAA4IBAQBPFitazVBMS8RINZ50M+oUZAbZMka7
0rGhQ11UyqJbT4toNibRFHEr/dt1h7eT5i8Tm9Hv3n/aj0bm2xQXi1lMl7Eq5dkx
PiQj+lndUUX7iU7l6gs1ktzZD46uj53kJuxdfqcZJydkCb7RZ78G1BaTfZskBq+g
FYJ3KePz/3FwcCZG30CQru7KoyqxAAXVhYN0WaPZM5rW/EDZD6hYQKKsLAO3hKVh
WbaDxT3hDgEYuvzhred2rymTB/zZeqKOrg9lpz2uEn4cj1QW6nn/Vte+6xsO1GKd
/s1g3CUtnP9ENbib7LkI65SR5Q3b0xTXWpNSBcm2XqNp0L8Cxgb5pFME
-----END CERTIFICATE-----