Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          XeKlMdorfTfwxH22TWJlbklcieU3pvWz2/XvfmCVM7A=
Subject key identifier:   5D:39:32:FD:5B:71:29:92:05:3B:16:C8:56:A4:3D:83:9E:85:11:C9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       48D83B158E1DB9DF79D621A50DE89C981E1C2531
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
Signing time:             Tue 06 May 2025 11:33:14 +0000
ROA not before:           Tue 06 May 2025 11:28:14 +0000
ROA not after:            Tue 05 May 2026 11:33:14 +0000
asID:                     137235
IP address blocks:        143.14.71.0/24 maxlen: 24
                          155.117.243.0/24 maxlen: 24
                          155.117.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:d8:3b:15:8e:1d:b9:df:79:d6:21:a5:0d:e8:9c:98:1e:1c:25:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 11:28:14 2025 GMT
            Not After : May  5 11:33:14 2026 GMT
        Subject: CN=5D3932FD5B712992053B16C856A43D839E8511C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d4:c7:4d:90:fd:7e:5f:10:b1:65:9d:e2:af:
                    7b:18:29:09:0f:75:e1:59:63:7d:50:08:cd:8f:ad:
                    8d:b7:0b:bc:aa:66:5a:5b:cf:2d:30:f5:fd:c8:c3:
                    67:df:be:2e:b1:a7:6a:25:f3:c8:bd:86:d2:0f:85:
                    8e:b3:a8:52:10:73:93:af:ec:f4:54:85:2a:6d:e7:
                    d9:37:3d:78:31:0e:c9:fa:97:09:c7:4f:15:4a:fa:
                    3a:da:ab:b5:05:4b:4b:4a:3d:1c:75:5f:d8:18:61:
                    27:7d:86:e2:bb:d0:37:df:cc:d4:4a:2f:42:39:0d:
                    ec:e9:83:d8:41:43:7b:89:e8:cb:81:f5:4b:0d:b0:
                    ac:d0:08:80:29:de:63:94:a0:e8:e2:7f:68:5c:7e:
                    a5:28:d7:fc:e9:e4:d1:6b:f1:17:a1:25:4b:7b:f6:
                    61:86:ed:2f:8f:13:4b:de:94:69:47:0c:d1:c7:28:
                    54:c7:15:a5:91:53:31:c0:27:7f:91:c3:6b:13:a0:
                    61:fe:a0:5c:17:d6:20:a0:5b:ca:76:1f:46:53:58:
                    45:72:e5:a2:d9:13:10:27:1c:b5:84:1f:36:70:56:
                    dc:4e:3f:a5:31:a7:a1:58:cb:3b:53:b0:fd:2b:cf:
                    5b:f5:8f:46:35:e1:44:3a:f7:8c:51:9b:5b:e6:9a:
                    89:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:39:32:FD:5B:71:29:92:05:3B:16:C8:56:A4:3D:83:9E:85:11:C9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.71.0/24
                  155.117.243.0-155.117.244.255

    Signature Algorithm: sha256WithRSAEncryption
         00:06:8d:19:a4:1f:f2:07:e5:bf:95:eb:95:c6:47:59:d5:06:
         c8:af:c9:07:a6:11:36:da:5f:25:92:c4:20:4d:cf:01:bd:88:
         ef:79:60:25:45:6a:c3:59:85:46:88:a3:71:50:3d:f2:f4:d2:
         c4:ef:a9:a5:99:48:db:0e:60:fc:9a:f4:e9:82:c0:5a:56:6a:
         9e:25:fe:5f:3a:97:c9:a1:df:d8:36:4a:aa:ed:b3:94:df:f0:
         83:63:72:db:e5:92:40:f4:e1:2d:f7:88:3f:aa:a5:3d:25:69:
         0a:3b:bf:bb:4e:5f:bb:d2:1e:78:0b:b3:6f:9e:8c:70:a1:49:
         b7:8d:03:0f:91:36:a7:6c:6b:36:7e:f9:d4:79:c3:ea:0e:95:
         b4:c7:9e:1b:cd:8f:f2:ab:64:d4:0e:31:0d:00:cf:e4:79:d6:
         9f:c5:5d:32:3a:a7:78:5e:52:bb:d9:1d:80:e3:58:4d:c5:0b:
         ff:2b:c4:d2:a9:fa:c7:79:ec:d9:b0:7f:89:cb:06:50:12:61:
         17:3b:68:39:40:0e:bf:39:b6:3c:f8:47:12:57:1a:31:5e:87:
         4a:e3:87:6f:40:c7:0c:28:94:13:f9:1a:6e:2b:9e:58:3b:e1:
         8b:96:98:d6:11:54:cb:1d:d4:8f:98:78:d3:3b:a2:f3:17:95:
         73:98:58:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUSNg7FY4dud951iGlDeicmB4cJTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDYxMTI4MTRaFw0yNjA1MDUxMTMzMTRaMDMxMTAvBgNV
BAMTKDVEMzkzMkZENUI3MTI5OTIwNTNCMTZDODU2QTQzRDgzOUU4NTExQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1MdNkP1+XxCxZZ3ir3sYKQkP
deFZY31QCM2PrY23C7yqZlpbzy0w9f3Iw2ffvi6xp2ol88i9htIPhY6zqFIQc5Ov
7PRUhSpt59k3PXgxDsn6lwnHTxVK+jraq7UFS0tKPRx1X9gYYSd9huK70DffzNRK
L0I5Dezpg9hBQ3uJ6MuB9UsNsKzQCIAp3mOUoOjif2hcfqUo1/zp5NFr8RehJUt7
9mGG7S+PE0velGlHDNHHKFTHFaWRUzHAJ3+Rw2sToGH+oFwX1iCgW8p2H0ZTWEVy
5aLZExAnHLWEHzZwVtxOP6Uxp6FYyztTsP0rz1v1j0Y14UQ694xRm1vmmokVAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQUXTky/VtxKZIFOxbIVqQ9g56FEckwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAjw5H
MAwDBACbdfMDBACbdfQwDQYJKoZIhvcNAQELBQADggEBAAAGjRmkH/IH5b+V65XG
R1nVBsivyQemETbaXyWSxCBNzwG9iO95YCVFasNZhUaIo3FQPfL00sTvqaWZSNsO
YPya9OmCwFpWap4l/l86l8mh39g2Sqrts5Tf8INjctvlkkD04S33iD+qpT0laQo7
v7tOX7vSHngLs2+ejHChSbeNAw+RNqdsazZ++dR5w+oOlbTHnhvNj/KrZNQOMQ0A
z+R51p/FXTI6p3heUrvZHYDjWE3FC/8rxNKp+sd57Nmwf4nLBlASYRc7aDlADr85
tjz4RxJXGjFeh0rjh29AxwwolBP5Gm4rnlg74YuWmNYRVMsd1I+YeNM7ovMXlXOY
WDE=
-----END CERTIFICATE-----