Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          L0G11jAZh2+i8l6MNr9uUF3uPOdye1UAavNpL9+ricg=
Subject key identifier:   F8:F6:22:30:7C:DD:90:58:02:6D:92:D0:C2:28:25:24:99:2F:CC:B7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1EAFCCAC84C0A723CE963B1126B3098E19C52840
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137409.roa
Signing time:             Tue 28 Apr 2026 10:47:07 +0000
ROA not before:           Tue 28 Apr 2026 10:42:07 +0000
ROA not after:            Tue 27 Apr 2027 10:47:07 +0000
asID:                     137409
IP address blocks:        146.103.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:af:cc:ac:84:c0:a7:23:ce:96:3b:11:26:b3:09:8e:19:c5:28:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 28 10:42:07 2026 GMT
            Not After : Apr 27 10:47:07 2027 GMT
        Subject: CN=F8F622307CDD9058026D92D0C2282524992FCCB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:36:83:c8:d4:09:47:d6:0d:d6:87:b3:84:db:
                    2a:ac:70:f6:df:a5:c8:4b:78:6a:80:37:fe:75:24:
                    27:74:cf:7b:aa:ac:47:a5:4a:c4:11:e8:f0:c3:f5:
                    22:0e:e1:f7:70:32:ef:9b:70:e6:78:56:90:b9:4f:
                    67:8e:a0:d3:9f:03:06:7c:54:12:4b:23:7e:fe:30:
                    35:b1:ff:19:0e:8d:76:b7:45:d8:b2:cd:9f:81:62:
                    ee:bb:86:f5:b8:d3:e6:1f:05:38:1c:d0:1f:18:16:
                    cb:ab:be:65:88:01:21:6b:d6:56:1b:df:00:a2:c9:
                    78:01:64:39:21:62:2a:a4:bb:5a:7a:20:00:7b:2c:
                    42:bc:57:a0:98:0b:ed:0c:36:68:76:89:0d:a0:6a:
                    23:fb:88:2b:cc:21:66:a2:88:99:b5:c7:82:28:b7:
                    a1:0f:16:64:72:08:9e:d5:9f:b3:24:f9:41:82:31:
                    35:bb:90:f5:82:46:1a:d4:83:b8:46:eb:c0:f0:f1:
                    66:ae:d0:f1:ce:18:2e:6d:76:74:31:66:e2:dc:7b:
                    ca:c1:1f:87:03:96:dc:c4:c9:84:0e:07:e7:88:43:
                    32:54:72:cd:c7:32:ec:74:59:dd:c7:16:d7:52:65:
                    03:ab:22:85:63:79:f7:a7:46:6e:7e:a5:ae:98:fc:
                    dd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F6:22:30:7C:DD:90:58:02:6D:92:D0:C2:28:25:24:99:2F:CC:B7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9f:ba:da:c6:99:cd:d6:d1:29:c9:7a:23:27:66:73:fa:a9:
         e0:b5:57:ca:c1:58:99:1d:79:2a:de:7a:46:eb:07:38:9d:99:
         11:a6:72:17:d1:0a:57:c6:81:09:aa:b5:66:79:00:a7:cd:81:
         c5:2c:0c:f1:83:c8:ef:4e:30:a2:f8:f6:f7:d7:f6:39:81:ad:
         7e:86:86:db:88:92:0a:4b:b8:6a:f2:61:e6:cc:29:fc:55:24:
         bd:ce:e9:0d:2b:68:86:81:b0:c9:80:e1:08:1b:21:3d:1a:59:
         86:58:ad:e5:29:aa:c6:4d:e1:62:cb:68:db:07:d3:8c:68:86:
         80:ef:d6:3a:d8:6c:91:9e:41:87:8e:42:a8:bd:a4:02:41:66:
         6d:c5:e8:32:53:91:29:a7:b5:61:7d:c9:55:3f:87:c7:c9:82:
         53:37:bf:b0:6e:a1:2d:ba:20:e5:c3:bb:0f:3b:57:86:e3:94:
         35:81:7e:06:33:bd:af:23:2a:aa:58:eb:4a:b9:51:64:df:21:
         ca:5e:e2:3e:c7:f9:ae:c3:22:7a:c6:46:38:fa:14:56:c5:3f:
         70:3c:42:55:4a:6b:eb:14:60:63:e2:4f:6f:41:7d:f5:ae:84:
         63:05:a0:5f:d1:9b:de:35:bd:2f:93:23:63:3e:ae:61:36:b9:
         10:88:af:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHq/MrITApyPOljsRJrMJjhnFKEAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjgxMDQyMDdaFw0yNzA0MjcxMDQ3MDdaMDMxMTAvBgNV
BAMTKEY4RjYyMjMwN0NERDkwNTgwMjZEOTJEMEMyMjgyNTI0OTkyRkNDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNoPI1AlH1g3Wh7OE2yqscPbf
pchLeGqAN/51JCd0z3uqrEelSsQR6PDD9SIO4fdwMu+bcOZ4VpC5T2eOoNOfAwZ8
VBJLI37+MDWx/xkOjXa3RdiyzZ+BYu67hvW40+YfBTgc0B8YFsurvmWIASFr1lYb
3wCiyXgBZDkhYiqku1p6IAB7LEK8V6CYC+0MNmh2iQ2gaiP7iCvMIWaiiJm1x4Io
t6EPFmRyCJ7Vn7Mk+UGCMTW7kPWCRhrUg7hG68Dw8Wau0PHOGC5tdnQxZuLce8rB
H4cDltzEyYQOB+eIQzJUcs3HMux0Wd3HFtdSZQOrIoVjefenRm5+pa6Y/N1lAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+PYiMHzdkFgCbZLQwiglJJkvzLcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcS
MA0GCSqGSIb3DQEBCwUAA4IBAQAon7raxpnN1tEpyXojJ2Zz+qngtVfKwViZHXkq
3npG6wc4nZkRpnIX0QpXxoEJqrVmeQCnzYHFLAzxg8jvTjCi+Pb31/Y5ga1+hobb
iJIKS7hq8mHmzCn8VSS9zukNK2iGgbDJgOEIGyE9GlmGWK3lKarGTeFiy2jbB9OM
aIaA79Y62GyRnkGHjkKovaQCQWZtxegyU5Epp7VhfclVP4fHyYJTN7+wbqEtuiDl
w7sPO1eG45Q1gX4GM72vIyqqWOtKuVFk3yHKXuI+x/muwyJ6xkY4+hRWxT9wPEJV
SmvrFGBj4k9vQX31roRjBaBf0ZveNb0vkyNjPq5hNrkQiK9i
-----END CERTIFICATE-----