Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          kLOU5wxuX4TTGyuMyKxtcov2Ac40ZixrNIfXYSBoV8Q=
Subject key identifier:   19:8D:4D:EE:06:C1:8F:37:5B:42:5A:55:DA:36:58:4E:59:7D:A8:02
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5B258691624DA277B6186E90A4E3C5E3451C0FF3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
Signing time:             Wed 29 Apr 2026 06:16:05 +0000
ROA not before:           Wed 29 Apr 2026 06:11:05 +0000
ROA not after:            Wed 28 Apr 2027 06:16:05 +0000
asID:                     137235
IP address blocks:        140.150.225.0/24 maxlen: 24
                          143.14.162.0/24 maxlen: 24
                          162.141.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:25:86:91:62:4d:a2:77:b6:18:6e:90:a4:e3:c5:e3:45:1c:0f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 06:11:05 2026 GMT
            Not After : Apr 28 06:16:05 2027 GMT
        Subject: CN=198D4DEE06C18F375B425A55DA36584E597DA802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f7:70:25:8e:42:b9:14:c8:36:ed:9a:c5:8e:
                    0a:af:20:d7:f6:b8:c3:0e:81:9b:97:03:1a:98:10:
                    7c:e1:bc:ea:17:20:9c:95:e0:98:66:cc:5c:7c:4b:
                    d3:54:92:8a:eb:8d:1d:c4:a4:23:1c:05:58:03:12:
                    89:ce:c1:f3:81:ea:83:4e:8a:c1:f2:a0:0f:94:e9:
                    76:34:af:b1:c5:f4:fb:97:cb:de:02:06:2e:d4:28:
                    db:08:81:78:3a:cd:cb:bf:29:80:2d:42:27:f1:cd:
                    a3:d8:38:d8:91:aa:a0:81:f8:87:df:5a:a3:49:df:
                    9d:79:1a:bd:95:a3:99:d2:0f:45:e4:29:78:4d:47:
                    64:91:b6:59:99:2d:38:bc:33:c4:78:cd:e7:5e:2c:
                    ab:96:b9:b8:cd:ee:89:b6:9e:be:c2:a3:1d:cf:76:
                    36:7e:67:75:ea:d1:1c:2b:ad:fc:4d:3d:d7:dd:4d:
                    52:15:ae:fd:06:09:44:7e:a0:0d:18:f4:ea:74:84:
                    4a:3c:ae:97:14:ca:1d:4d:c2:2a:fc:b6:75:a9:93:
                    40:7d:98:0d:52:3d:2c:c1:a6:75:cc:e7:f6:d0:c1:
                    2e:43:09:e4:d0:1a:b9:37:94:a6:76:6b:7f:f4:f6:
                    01:4c:02:70:38:5f:e1:4c:28:20:aa:fb:2f:2b:51:
                    95:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8D:4D:EE:06:C1:8F:37:5B:42:5A:55:DA:36:58:4E:59:7D:A8:02
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.225.0/24
                  143.14.162.0/24
                  162.141.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:25:48:83:b5:a0:be:f2:24:fc:18:fa:3b:9d:a4:79:a9:2f:
         33:b0:57:7a:98:19:9f:77:3f:6b:42:92:7f:5d:cb:02:f2:a4:
         a7:72:88:0b:4d:0a:ee:7b:9c:f8:3b:1d:56:fa:41:df:1e:ca:
         d8:91:83:10:58:92:55:13:b9:44:b0:87:3d:6c:78:10:24:76:
         91:16:bc:5d:ea:06:77:6f:38:2b:92:0e:bf:b8:b2:42:44:c1:
         c3:ee:db:67:ba:8b:6b:53:7f:30:c4:a3:0c:22:d3:21:c4:2f:
         6b:e6:1a:a9:b3:b9:12:90:6f:2a:95:c7:12:6c:83:42:c9:9c:
         43:a5:0a:1e:63:df:76:54:de:bc:ee:cf:4a:7a:32:fe:fc:f1:
         63:69:27:58:d0:13:6e:c5:53:f6:ba:d0:6c:ca:aa:44:26:53:
         ef:64:d6:86:bf:73:c0:6d:60:14:d3:52:f6:c5:dc:c6:1b:2e:
         c2:c0:c9:00:80:be:bd:54:3c:a5:40:61:87:17:52:8c:83:44:
         72:2d:91:08:2c:54:e0:b4:df:d3:b6:e2:80:a1:27:7c:c5:8a:
         c8:7e:12:f0:c6:a9:88:5c:8b:1d:6f:ef:64:7d:9c:22:0e:43:
         c9:f6:d1:4c:d1:c3:84:d7:dd:fc:49:c2:08:72:f9:15:14:ed:
         da:24:de:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUWyWGkWJNone2GG6QpOPF40UcD/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjkwNjExMDVaFw0yNzA0MjgwNjE2MDVaMDMxMTAvBgNV
BAMTKDE5OEQ0REVFMDZDMThGMzc1QjQyNUE1NURBMzY1ODRFNTk3REE4MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv93AljkK5FMg27ZrFjgqvINf2
uMMOgZuXAxqYEHzhvOoXIJyV4JhmzFx8S9NUkorrjR3EpCMcBVgDEonOwfOB6oNO
isHyoA+U6XY0r7HF9PuXy94CBi7UKNsIgXg6zcu/KYAtQifxzaPYONiRqqCB+Iff
WqNJ3515Gr2Vo5nSD0XkKXhNR2SRtlmZLTi8M8R4zedeLKuWubjN7om2nr7Cox3P
djZ+Z3Xq0RwrrfxNPdfdTVIVrv0GCUR+oA0Y9Op0hEo8rpcUyh1Nwir8tnWpk0B9
mA1SPSzBpnXM5/bQwS5DCeTQGrk3lKZ2a3/09gFMAnA4X+FMKCCq+y8rUZWFAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUGY1N7gbBjzdbQlpV2jZYTll9qAIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjJbh
AwQAjw6iAwQAoo1yMA0GCSqGSIb3DQEBCwUAA4IBAQAeJUiDtaC+8iT8GPo7naR5
qS8zsFd6mBmfdz9rQpJ/XcsC8qSncogLTQrue5z4Ox1W+kHfHsrYkYMQWJJVE7lE
sIc9bHgQJHaRFrxd6gZ3bzgrkg6/uLJCRMHD7ttnuotrU38wxKMMItMhxC9r5hqp
s7kSkG8qlccSbINCyZxDpQoeY992VN687s9KejL+/PFjaSdY0BNuxVP2utBsyqpE
JlPvZNaGv3PAbWAU01L2xdzGGy7CwMkAgL69VDylQGGHF1KMg0RyLZEILFTgtN/T
tuKAoSd8xYrIfhLwxqmIXIsdb+9kfZwiDkPJ9tFM0cOE1938ScIIcvkVFO3aJN43
-----END CERTIFICATE-----