Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS154648.roa
File:                     AS154648.roa (raw, json)
Hash identifier:          nPYFfi1GIj8v4K9UTrZXbEgOM1IMpBks/IDUzif4syE=
Subject key identifier:   DE:EE:D1:FE:AA:D5:34:63:5C:5A:83:8F:99:08:1A:8C:6E:30:AC:93
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       30BBD462B1053B5AB11CC63A0B4CB3F9BF68A3AC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS154648.roa
Signing time:             Mon 11 May 2026 10:29:33 +0000
ROA not before:           Mon 11 May 2026 10:24:33 +0000
ROA not after:            Mon 10 May 2027 10:29:33 +0000
asID:                     154648
IP address blocks:        141.11.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:bb:d4:62:b1:05:3b:5a:b1:1c:c6:3a:0b:4c:b3:f9:bf:68:a3:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 11 10:24:33 2026 GMT
            Not After : May 10 10:29:33 2027 GMT
        Subject: CN=DEEED1FEAAD534635C5A838F99081A8C6E30AC93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3d:77:aa:6f:3f:a5:72:8f:00:48:e9:b6:fc:
                    f4:6c:cf:2c:e8:16:9d:4a:66:8c:3a:80:b7:9e:82:
                    00:58:42:97:dd:c9:12:61:13:06:34:a7:59:e3:a5:
                    ee:a3:56:46:67:86:4d:24:86:03:44:35:71:ff:6e:
                    ea:59:f4:1d:63:8f:c0:ba:80:d3:73:42:eb:a9:e5:
                    be:18:3b:6f:49:35:32:de:b4:81:8a:30:3f:c1:86:
                    77:c8:ee:9b:aa:bd:62:e9:ac:c8:53:2f:47:e4:a4:
                    db:1b:29:9c:76:ad:da:85:31:58:1a:f4:6b:5c:f1:
                    d6:16:ae:50:8b:93:ad:00:8a:72:fc:53:3d:e2:d9:
                    88:ac:40:0e:e5:34:de:05:58:87:54:eb:16:0d:ea:
                    ee:30:11:98:94:c6:99:e2:b8:ac:ca:7b:aa:06:58:
                    2a:ca:2c:b9:7c:91:58:55:53:4f:69:d9:d1:12:14:
                    3b:ef:13:6a:c5:a7:7d:f8:6f:54:4f:5f:74:e2:f4:
                    49:0e:24:3b:2d:7f:11:0a:3a:49:13:1f:a0:e4:fe:
                    af:bd:c9:cf:1f:68:68:51:2f:2f:86:7a:f1:ad:7e:
                    e1:79:9a:ef:8f:b4:b0:39:c8:e7:d1:9c:a4:5c:72:
                    5c:e6:e4:9a:43:97:2f:cd:33:04:9e:48:55:24:aa:
                    d9:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EE:D1:FE:AA:D5:34:63:5C:5A:83:8F:99:08:1A:8C:6E:30:AC:93
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS154648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:54:23:0a:8b:98:6d:a3:cd:9d:43:b1:ed:68:2c:09:e2:30:
         04:44:92:88:11:98:72:c3:21:e7:fb:4d:06:78:0b:14:5d:aa:
         7d:94:52:b5:56:22:7f:de:47:95:6a:04:48:58:b8:d7:39:8a:
         23:3c:69:3f:db:6e:19:fc:8f:3d:45:11:fe:cd:5d:ed:8f:1c:
         dc:68:0d:a5:6e:a3:bc:0e:1a:db:a7:d6:4d:5a:53:f0:53:ce:
         b6:f1:6c:ef:a7:39:05:a3:8b:1a:4b:ad:79:84:bc:d4:4a:7f:
         34:34:ea:2d:d9:ec:63:f4:ec:c0:54:25:a1:3f:57:e8:56:84:
         71:13:f9:39:b5:59:db:a8:3f:85:dd:df:d5:c3:99:82:2b:f6:
         8a:8c:ff:52:79:03:4c:df:02:ac:d0:3f:f8:f8:62:85:43:98:
         c2:45:ad:ac:24:d1:29:bc:e5:7f:0e:1e:0e:8d:d4:9b:10:2e:
         c6:88:68:bb:92:20:44:f8:f8:76:5e:a0:c0:a1:1b:2a:76:b5:
         83:15:d1:1d:0a:36:71:1a:63:4e:5b:b7:38:1d:92:75:b8:5b:
         3f:bc:69:3c:97:e5:aa:8f:2a:f8:31:3d:e4:61:0a:88:27:02:
         1a:22:7c:59:37:b4:45:6a:31:68:8b:ad:99:eb:89:5b:05:84:
         2d:09:8e:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMLvUYrEFO1qxHMY6C0yz+b9oo6wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTExMDI0MzNaFw0yNzA1MTAxMDI5MzNaMDMxMTAvBgNV
BAMTKERFRUVEMUZFQUFENTM0NjM1QzVBODM4Rjk5MDgxQThDNkUzMEFDOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3PXeqbz+lco8ASOm2/PRszyzo
Fp1KZow6gLeeggBYQpfdyRJhEwY0p1njpe6jVkZnhk0khgNENXH/bupZ9B1jj8C6
gNNzQuup5b4YO29JNTLetIGKMD/BhnfI7puqvWLprMhTL0fkpNsbKZx2rdqFMVga
9Gtc8dYWrlCLk60AinL8Uz3i2YisQA7lNN4FWIdU6xYN6u4wEZiUxpniuKzKe6oG
WCrKLLl8kVhVU09p2dESFDvvE2rFp334b1RPX3Ti9EkOJDstfxEKOkkTH6Dk/q+9
yc8faGhRLy+GevGtfuF5mu+PtLA5yOfRnKRcclzm5JpDly/NMwSeSFUkqtnJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3u7R/qrVNGNcWoOPmQgajG4wrJMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTU0NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvb
MA0GCSqGSIb3DQEBCwUAA4IBAQBIVCMKi5hto82dQ7HtaCwJ4jAERJKIEZhywyHn
+00GeAsUXap9lFK1ViJ/3keVagRIWLjXOYojPGk/224Z/I89RRH+zV3tjxzcaA2l
bqO8Dhrbp9ZNWlPwU8628WzvpzkFo4saS615hLzUSn80NOot2exj9OzAVCWhP1fo
VoRxE/k5tVnbqD+F3d/Vw5mCK/aKjP9SeQNM3wKs0D/4+GKFQ5jCRa2sJNEpvOV/
Dh4OjdSbEC7GiGi7kiBE+Ph2XqDAoRsqdrWDFdEdCjZxGmNOW7c4HZJ1uFs/vGk8
l+Wqjyr4MT3kYQqIJwIaInxZN7RFajFoi62Z64lbBYQtCY6r
-----END CERTIFICATE-----