Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          mqdGM0kVGnYs4QTFhRfqoVtAQYvNN+KGx/2JwIHNy0g=
Subject key identifier:   93:14:31:9C:1D:9C:3F:0C:9B:80:B3:37:A0:30:4B:63:43:1C:31:4A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       796EE81E950C7C56655044E93B90E6600A5014B8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
Signing time:             Tue 05 May 2026 00:07:07 +0000
ROA not before:           Tue 05 May 2026 00:02:07 +0000
ROA not after:            Tue 04 May 2027 00:07:07 +0000
asID:                     135391
IP address blocks:        146.103.31.0/24 maxlen: 24
                          147.79.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:6e:e8:1e:95:0c:7c:56:65:50:44:e9:3b:90:e6:60:0a:50:14:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 00:02:07 2026 GMT
            Not After : May  4 00:07:07 2027 GMT
        Subject: CN=9314319C1D9C3F0C9B80B337A0304B63431C314A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3c:5e:22:1b:d6:b3:9d:5e:9a:5b:a8:bb:02:
                    de:4c:d6:7d:46:95:91:fe:16:09:b4:e5:f5:ba:7f:
                    c8:7d:0f:a6:42:10:9a:e8:4b:7c:5a:88:41:21:99:
                    bb:4b:d2:89:77:77:78:0e:4e:c2:7e:75:51:ee:47:
                    0c:e4:fc:e5:12:c8:f9:7c:2c:a9:2a:1d:11:b8:eb:
                    ac:b5:cb:d9:d8:7c:ee:57:ce:96:9a:34:24:d2:af:
                    10:28:af:31:5d:c1:47:92:b8:21:59:65:a4:14:1b:
                    c3:19:16:38:1d:b2:da:e6:d8:72:9d:7b:33:f9:fc:
                    27:11:34:be:23:13:8b:bc:75:a5:e3:a7:59:c5:f9:
                    15:fb:9e:6d:a8:be:e0:37:71:40:b2:73:98:d7:61:
                    54:05:e5:3d:93:04:67:d9:70:85:e5:58:47:62:80:
                    3a:bc:47:38:80:b0:27:4c:c3:be:25:c8:c2:e2:8f:
                    81:c3:ef:6b:1e:d1:05:25:18:7f:5e:5a:61:b6:51:
                    48:57:29:3e:cc:c2:96:30:c6:9a:dd:6e:d6:6b:06:
                    27:a0:d2:32:18:5e:18:df:40:fd:45:3c:0a:0a:31:
                    8d:98:5c:7c:dd:1f:c6:d6:f5:1f:6d:d8:45:59:a1:
                    ae:fb:cb:4a:5f:6d:2d:c1:2e:b1:a6:15:5d:75:cc:
                    95:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:14:31:9C:1D:9C:3F:0C:9B:80:B3:37:A0:30:4B:63:43:1C:31:4A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.31.0/24
                  147.79.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:ba:6e:4c:5d:fa:5f:78:91:2a:db:aa:a5:2e:6d:3c:1f:b3:
         92:b6:4b:7c:3c:1e:78:8c:1f:89:cf:c1:a6:0c:fd:24:c3:dc:
         3b:50:aa:7a:84:10:27:9b:91:9c:42:4d:7d:da:08:40:22:f6:
         a4:67:3b:bf:0d:97:47:98:c2:52:af:ee:b2:79:cf:cb:65:5d:
         8f:f2:80:34:37:b5:4a:7a:d7:ac:23:e7:21:b0:c9:9f:fd:da:
         a8:6a:64:de:0b:23:54:72:04:dc:39:3d:86:cb:c0:75:c1:e4:
         9f:45:c2:89:50:cf:20:e3:d0:3e:fc:86:5b:e6:bc:e7:3c:52:
         01:51:f1:5b:6b:25:d7:d0:ef:cc:7e:9d:f8:13:d6:07:d7:3c:
         82:99:61:9a:a0:25:ee:79:20:13:48:26:96:0e:7a:f4:e8:fc:
         e2:f6:1b:3d:75:9e:2d:67:7d:b2:3b:4d:f5:b4:94:cf:4f:53:
         5e:41:b1:f8:a4:ab:1d:97:b7:c3:95:55:61:1c:12:d3:92:d5:
         ee:20:2b:ac:11:5a:60:5b:82:6f:8b:9b:f5:99:45:2f:92:e2:
         09:43:48:00:3f:81:1b:85:f1:75:a6:c6:44:ab:5d:f1:c9:d6:
         51:b5:87:48:02:7c:46:1f:74:a2:55:e3:a9:04:cd:97:98:7a:
         ef:f9:e6:72
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUeW7oHpUMfFZlUETpO5DmYApQFLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDUwMDAyMDdaFw0yNzA1MDQwMDA3MDdaMDMxMTAvBgNV
BAMTKDkzMTQzMTlDMUQ5QzNGMEM5QjgwQjMzN0EwMzA0QjYzNDMxQzMxNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfPF4iG9aznV6aW6i7At5M1n1G
lZH+Fgm05fW6f8h9D6ZCEJroS3xaiEEhmbtL0ol3d3gOTsJ+dVHuRwzk/OUSyPl8
LKkqHRG466y1y9nYfO5XzpaaNCTSrxAorzFdwUeSuCFZZaQUG8MZFjgdstrm2HKd
ezP5/CcRNL4jE4u8daXjp1nF+RX7nm2ovuA3cUCyc5jXYVQF5T2TBGfZcIXlWEdi
gDq8RziAsCdMw74lyMLij4HD72se0QUlGH9eWmG2UUhXKT7MwpYwxprdbtZrBieg
0jIYXhjfQP1FPAoKMY2YXHzdH8bW9R9t2EVZoa77y0pfbS3BLrGmFV11zJUFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUkxQxnB2cPwybgLM3oDBLY0McMUowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkmcf
AwQAk084MA0GCSqGSIb3DQEBCwUAA4IBAQCOum5MXfpfeJEq26qlLm08H7OStkt8
PB54jB+Jz8GmDP0kw9w7UKp6hBAnm5GcQk192ghAIvakZzu/DZdHmMJSr+6yec/L
ZV2P8oA0N7VKetesI+chsMmf/dqoamTeCyNUcgTcOT2Gy8B1weSfRcKJUM8g49A+
/IZb5rznPFIBUfFbayXX0O/Mfp34E9YH1zyCmWGaoCXueSATSCaWDnr06Pzi9hs9
dZ4tZ32yO031tJTPT1NeQbH4pKsdl7fDlVVhHBLTktXuICusEVpgW4Jvi5v1mUUv
kuIJQ0gAP4EbhfF1psZEq13xydZRtYdIAnxGH3SiVeOpBM2XmHrv+eZy
-----END CERTIFICATE-----