Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          ihHBcPOI+UN0m2FgmtuIvvPkeL/imGebULwEVwIvXv0=
Subject key identifier:   A3:23:19:EB:33:9B:B0:54:D4:55:84:55:9E:3A:34:04:91:F7:3C:1A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3E2A2BD4811601002E15C895E4CD429BEBFFD2E7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137517.roa
Signing time:             Wed 29 Apr 2026 06:12:52 +0000
ROA not before:           Wed 29 Apr 2026 06:07:52 +0000
ROA not after:            Wed 28 Apr 2027 06:12:52 +0000
asID:                     137517
IP address blocks:        143.14.95.0/24 maxlen: 24
                          148.135.199.0/24 maxlen: 24
                          167.148.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:2a:2b:d4:81:16:01:00:2e:15:c8:95:e4:cd:42:9b:eb:ff:d2:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 06:07:52 2026 GMT
            Not After : Apr 28 06:12:52 2027 GMT
        Subject: CN=A32319EB339BB054D45584559E3A340491F73C1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2e:5f:4f:1b:04:ba:f6:51:0a:73:c1:09:ee:
                    87:9c:14:07:6a:85:bc:d1:6e:fa:94:b5:ec:97:8c:
                    e3:3a:1a:f1:3b:54:32:b3:c5:e1:14:28:67:ef:de:
                    1f:0b:ec:c7:f5:f6:85:18:26:fd:de:bb:4e:cf:89:
                    7d:02:53:20:10:f4:4b:7c:09:9d:7b:b2:fb:1e:dc:
                    b6:3e:38:88:3f:e8:33:ed:11:ac:28:93:b9:25:86:
                    0e:f1:d4:a1:5e:65:e8:70:9b:29:f4:af:f5:ca:32:
                    77:02:28:ec:b0:ba:9c:c3:7f:0c:1d:f7:a1:7b:a7:
                    16:c9:71:e6:95:ee:58:09:e1:85:fa:2d:7b:67:b4:
                    45:d6:1a:6a:3f:03:2b:62:02:d7:5a:e9:f0:39:53:
                    c2:d3:b1:ca:ce:8d:b1:8c:e9:6e:4f:6f:3a:76:ee:
                    75:9c:29:54:b0:71:6f:fb:69:48:a3:bd:e0:57:0c:
                    dd:59:29:fc:4b:e9:85:78:d9:d9:a2:fe:b8:54:98:
                    4f:df:e8:11:99:bf:7b:75:da:82:66:43:34:83:31:
                    80:19:33:66:00:ed:ec:54:49:63:ad:72:f6:2b:df:
                    f2:d0:87:76:d8:51:ce:32:af:90:72:33:1a:42:db:
                    5b:88:5b:99:3b:b4:18:fd:af:77:76:5b:c9:82:0c:
                    95:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:23:19:EB:33:9B:B0:54:D4:55:84:55:9E:3A:34:04:91:F7:3C:1A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.95.0/24
                  148.135.199.0/24
                  167.148.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b2:67:9b:c7:db:1b:7d:29:35:47:57:6b:5b:56:5b:e5:85:
         93:46:92:9d:ae:21:23:6d:e7:28:98:5d:bd:b4:9d:2d:9e:c1:
         9a:02:10:ed:6b:8b:06:3b:cc:7d:c9:a6:72:de:63:ce:38:90:
         99:79:00:3a:a6:f9:d4:51:79:33:81:22:25:fd:4c:7d:25:c3:
         03:44:17:1b:1d:70:09:c9:1e:61:ac:65:60:98:fe:bd:1b:75:
         d6:c8:66:23:2f:af:f8:1c:ae:04:df:a5:25:e5:6c:a6:a7:21:
         48:94:2b:3d:b9:6b:a0:28:bd:62:b6:08:da:b5:6f:e8:03:a8:
         50:b5:c7:a7:d6:4e:7a:57:7e:02:d5:12:80:ba:e5:7c:c0:c5:
         00:bc:9b:6d:08:c8:bf:17:dd:20:25:68:f4:cb:26:20:64:0c:
         2a:a3:04:16:5c:15:ab:15:94:d1:81:dd:18:dd:f8:5b:b6:47:
         4f:07:e0:e3:52:ea:2e:c1:90:80:82:ad:40:09:84:bf:e7:dd:
         64:de:10:c1:37:22:2d:e0:59:99:69:f1:66:d7:78:87:47:a9:
         fc:68:6a:41:37:7c:70:ff:be:21:5e:cc:7a:1a:83:22:d8:a0:
         f6:8b:b6:4a:26:bb:65:42:52:8f:69:cf:c2:f4:81:c8:f8:6b:
         77:f9:d6:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUPior1IEWAQAuFciV5M1Cm+v/0ucwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjkwNjA3NTJaFw0yNzA0MjgwNjEyNTJaMDMxMTAvBgNV
BAMTKEEzMjMxOUVCMzM5QkIwNTRENDU1ODQ1NTlFM0EzNDA0OTFGNzNDMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNLl9PGwS69lEKc8EJ7oecFAdq
hbzRbvqUteyXjOM6GvE7VDKzxeEUKGfv3h8L7Mf19oUYJv3eu07PiX0CUyAQ9Et8
CZ17svse3LY+OIg/6DPtEawok7klhg7x1KFeZehwmyn0r/XKMncCKOywupzDfwwd
96F7pxbJceaV7lgJ4YX6LXtntEXWGmo/AytiAtda6fA5U8LTscrOjbGM6W5Pbzp2
7nWcKVSwcW/7aUijveBXDN1ZKfxL6YV42dmi/rhUmE/f6BGZv3t12oJmQzSDMYAZ
M2YA7exUSWOtcvYr3/LQh3bYUc4yr5ByMxpC21uIW5k7tBj9r3d2W8mCDJW7AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUoyMZ6zObsFTUVYRVnjo0BJH3PBowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw5f
AwQAlIfHAwQAp5SoMA0GCSqGSIb3DQEBCwUAA4IBAQABsmebx9sbfSk1R1drW1Zb
5YWTRpKdriEjbecomF29tJ0tnsGaAhDta4sGO8x9yaZy3mPOOJCZeQA6pvnUUXkz
gSIl/Ux9JcMDRBcbHXAJyR5hrGVgmP69G3XWyGYjL6/4HK4E36Ul5WympyFIlCs9
uWugKL1itgjatW/oA6hQtcen1k56V34C1RKAuuV8wMUAvJttCMi/F90gJWj0yyYg
ZAwqowQWXBWrFZTRgd0Y3fhbtkdPB+DjUuouwZCAgq1ACYS/591k3hDBNyIt4FmZ
afFm13iHR6n8aGpBN3xw/74hXsx6GoMi2KD2i7ZKJrtlQlKPac/C9IHI+Gt3+dYX
-----END CERTIFICATE-----