Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS133153.roa
File:                     AS133153.roa (raw, json)
Hash identifier:          hZKmRRfEum0NePfoQ32/gG7k8ms9Eph2dnxcf7oDMHQ=
Subject key identifier:   60:69:E8:52:21:F4:B4:28:52:74:D7:A2:F1:F9:A2:FB:F7:7B:25:A4
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       342E47304D392E0CD4FC11A03142B6F199DAA4A0
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS133153.roa
Signing time:             Wed 04 Mar 2026 08:30:27 +0000
ROA not before:           Wed 04 Mar 2026 08:25:27 +0000
ROA not after:            Wed 03 Mar 2027 08:30:27 +0000
asID:                     133153
IP address blocks:        147.125.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:48:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:2e:47:30:4d:39:2e:0c:d4:fc:11:a0:31:42:b6:f1:99:da:a4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:27 2026 GMT
            Not After : Mar  3 08:30:27 2027 GMT
        Subject: CN=6069E85221F4B4285274D7A2F1F9A2FBF77B25A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a4:37:ce:be:83:2a:36:a2:6f:11:86:8a:70:
                    05:f4:45:bf:36:90:40:9c:eb:47:70:ff:fe:32:6a:
                    7b:09:c7:43:5b:ab:3d:73:7e:9f:50:f1:4b:93:a2:
                    35:3e:95:5a:72:98:02:26:14:da:d9:9b:ae:c7:2a:
                    5a:3c:45:28:f4:37:59:56:bc:db:74:55:58:fe:ef:
                    51:d4:f0:41:9a:fc:0c:bb:69:2c:31:d7:3f:ec:9f:
                    78:c9:9f:5c:9a:05:54:ec:46:d0:8b:fd:c5:41:94:
                    12:7d:93:c0:6f:7e:94:aa:9b:09:d6:19:21:a8:86:
                    ce:a2:70:45:7b:6e:02:a2:4b:9e:38:5c:3b:a7:e7:
                    58:db:53:a0:ff:41:ec:a7:df:4f:76:29:73:19:27:
                    78:92:07:ba:39:ea:4a:97:4e:af:f1:c1:19:c4:a4:
                    7a:8f:ac:3c:69:2e:ff:76:ab:56:01:62:0f:ab:6b:
                    74:c2:55:08:19:e9:3d:07:7b:84:02:48:6d:cd:1f:
                    88:62:dd:16:3d:96:66:70:61:08:51:ec:c3:4d:13:
                    f6:43:7f:2b:44:c4:12:48:0f:2d:62:07:ea:63:a9:
                    41:74:d7:5c:7c:23:77:38:2c:d2:46:ae:00:10:94:
                    0a:0a:7a:e4:d8:ce:6d:0f:62:27:33:b0:2c:ac:97:
                    18:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:69:E8:52:21:F4:B4:28:52:74:D7:A2:F1:F9:A2:FB:F7:7B:25:A4
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS133153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:25:41:42:2a:97:7c:25:7c:46:2e:b8:ba:02:a8:4e:47:b2:
         e6:cb:4a:23:75:01:bf:3e:25:62:5e:26:90:fb:a4:b2:a8:18:
         d5:01:16:6c:f7:e0:94:e9:85:65:a1:2e:9d:4d:a7:18:cd:c4:
         f7:2e:26:d9:c5:be:35:8e:92:af:31:ff:ad:e0:c7:97:30:94:
         5d:be:59:00:af:fc:92:64:57:07:bf:ec:79:32:aa:ff:61:8a:
         78:be:46:d9:56:53:05:a5:87:68:51:bf:71:ef:16:fb:5c:38:
         6f:52:08:77:b2:f8:6a:ea:f5:32:f9:74:d9:45:1b:87:9d:cb:
         6c:54:05:b5:ef:47:55:b5:45:2a:09:a5:17:82:7a:6b:43:72:
         c5:de:3f:be:69:a9:5f:dd:aa:01:e3:df:b7:dd:e3:00:5a:12:
         40:17:bc:77:05:54:f0:18:44:84:e0:d3:5b:e0:f1:9d:2d:ce:
         09:da:73:99:e4:57:a2:67:ee:10:50:71:12:8e:26:24:f9:fe:
         a0:ce:5a:af:d8:19:84:c0:58:2d:99:01:3f:45:d8:e7:35:94:
         92:3f:6d:1f:84:1c:18:6c:75:66:c2:78:9d:30:a1:b1:7d:a0:
         85:df:15:9b:3e:c5:7f:4f:88:c9:1c:d9:5c:95:42:c2:bc:4b:
         48:4b:9e:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNC5HME05LgzU/BGgMUK28ZnapKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjdaFw0yNzAzMDMwODMwMjdaMDMxMTAvBgNV
BAMTKDYwNjlFODUyMjFGNEI0Mjg1Mjc0RDdBMkYxRjlBMkZCRjc3QjI1QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCipDfOvoMqNqJvEYaKcAX0Rb82
kECc60dw//4yansJx0Nbqz1zfp9Q8UuTojU+lVpymAImFNrZm67HKlo8RSj0N1lW
vNt0VVj+71HU8EGa/Ay7aSwx1z/sn3jJn1yaBVTsRtCL/cVBlBJ9k8BvfpSqmwnW
GSGohs6icEV7bgKiS544XDun51jbU6D/Qeyn3092KXMZJ3iSB7o56kqXTq/xwRnE
pHqPrDxpLv92q1YBYg+ra3TCVQgZ6T0He4QCSG3NH4hi3RY9lmZwYQhR7MNNE/ZD
fytExBJIDy1iB+pjqUF011x8I3c4LNJGrgAQlAoKeuTYzm0PYiczsCyslxiDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYGnoUiH0tChSdNei8fmi+/d7JaQwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMTMzMTUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk33H
MA0GCSqGSIb3DQEBCwUAA4IBAQAYJUFCKpd8JXxGLri6AqhOR7Lmy0ojdQG/PiVi
XiaQ+6SyqBjVARZs9+CU6YVloS6dTacYzcT3LibZxb41jpKvMf+t4MeXMJRdvlkA
r/ySZFcHv+x5Mqr/YYp4vkbZVlMFpYdoUb9x7xb7XDhvUgh3svhq6vUy+XTZRRuH
nctsVAW170dVtUUqCaUXgnprQ3LF3j++aalf3aoB49+33eMAWhJAF7x3BVTwGESE
4NNb4PGdLc4J2nOZ5FeiZ+4QUHESjiYk+f6gzlqv2BmEwFgtmQE/RdjnNZSSP20f
hBwYbHVmwnidMKGxfaCF3xWbPsV/T4jJHNlclULCvEtIS56W
-----END CERTIFICATE-----