Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS139205.roa
File:                     AS139205.roa (raw, json)
Hash identifier:          8KlcBnSq9H9pMOSt6GjAudF+csWbV0vYrmXmimsEK4A=
Subject key identifier:   28:BC:1A:07:8B:B9:A0:E8:C4:45:BB:18:A4:5B:6E:3E:C2:30:87:A0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       75271CD24FCB8F4521C802291170CF675FC926B2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS139205.roa
Signing time:             Fri 20 Mar 2026 11:26:58 +0000
ROA not before:           Fri 20 Mar 2026 11:21:58 +0000
ROA not after:            Fri 19 Mar 2027 11:26:58 +0000
asID:                     139205
IP address blocks:        162.141.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:27:1c:d2:4f:cb:8f:45:21:c8:02:29:11:70:cf:67:5f:c9:26:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 20 11:21:58 2026 GMT
            Not After : Mar 19 11:26:58 2027 GMT
        Subject: CN=28BC1A078BB9A0E8C445BB18A45B6E3EC23087A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ea:c4:98:0b:d9:3e:90:90:f3:d2:73:23:9f:
                    b1:4c:51:7d:2b:6e:08:63:2b:76:f3:25:ea:d8:8a:
                    82:53:1f:5c:de:d5:79:0a:36:92:dc:6e:7e:89:15:
                    d0:e0:cb:7d:af:ca:2f:88:a8:4c:1e:55:f3:e7:28:
                    e6:b9:c5:23:cc:a2:61:9b:50:a8:76:ee:a6:d6:af:
                    28:ed:b0:81:cf:c3:f6:b3:a8:73:cb:21:ed:03:9b:
                    7b:a8:a6:29:de:a2:cc:b4:a7:d2:06:2b:22:25:ab:
                    af:2e:9f:3e:f2:b0:4c:2e:af:40:2d:e2:77:6c:e3:
                    9c:23:2d:07:4b:a6:70:c3:e0:91:97:3e:32:1f:af:
                    17:7a:21:3a:f4:50:ab:2a:2d:7d:07:b1:1e:a8:52:
                    46:02:5f:6c:ee:e6:24:a3:34:d0:99:c8:4e:58:b2:
                    58:76:2b:6c:67:f2:ba:9c:cb:6e:bb:ee:8e:35:a8:
                    ee:1b:56:89:3f:52:5a:e9:07:65:98:97:cc:aa:e5:
                    a3:de:57:e4:7a:db:fd:bb:01:6f:ae:a3:ce:9b:05:
                    df:99:97:a3:64:d6:85:e8:88:27:18:b4:63:d6:2d:
                    53:e7:c6:d4:cf:45:fd:42:1d:33:de:12:5f:8e:68:
                    d7:6b:de:dd:fc:4d:b0:2d:41:89:f2:50:43:04:a0:
                    4c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BC:1A:07:8B:B9:A0:E8:C4:45:BB:18:A4:5B:6E:3E:C2:30:87:A0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS139205.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a4:25:4c:47:60:bf:78:db:da:68:18:3a:15:ba:15:d1:da:
         0d:65:18:f9:03:db:0b:94:ae:76:4c:b1:4c:2e:0c:1f:bc:8a:
         cf:d2:cb:64:e7:09:0b:94:ad:24:4a:dd:8b:a5:0b:3a:ac:52:
         2d:8e:f7:31:06:b2:6f:82:17:dd:e9:6e:de:80:d0:5e:9b:17:
         ac:d7:3a:07:55:8b:87:d3:c7:cf:ac:09:f5:62:da:16:93:66:
         46:9e:0f:be:c6:3c:62:b1:59:b0:e1:3f:17:1f:14:7d:cb:92:
         0b:e6:29:a7:a5:2e:1f:29:24:9e:62:5d:de:c4:eb:f7:ee:d8:
         dd:1d:b2:1d:ee:eb:19:8f:8b:6e:0e:d0:96:dd:ea:52:99:6d:
         a1:28:12:d0:6c:54:7a:c0:89:3c:21:e0:86:6a:54:5d:70:3b:
         bf:12:6e:38:ad:f1:9d:f7:67:95:2c:ab:7a:72:d6:2a:54:ff:
         90:aa:cc:54:02:da:d4:aa:3e:df:03:12:8b:db:7e:f8:cb:77:
         c4:08:e8:b9:58:db:ec:d6:37:18:a7:83:0e:ea:cf:b1:73:0a:
         25:4d:f5:ad:a2:e2:dd:6f:1e:64:ef:7f:e8:c7:ba:f4:b6:17:
         2a:89:f3:77:3b:37:e7:f5:a4:03:10:3b:6c:ad:05:7b:54:64:
         66:05:d4:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdScc0k/Lj0UhyAIpEXDPZ1/JJrIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjAxMTIxNThaFw0yNzAzMTkxMTI2NThaMDMxMTAvBgNV
BAMTKDI4QkMxQTA3OEJCOUEwRThDNDQ1QkIxOEE0NUI2RTNFQzIzMDg3QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCB6sSYC9k+kJDz0nMjn7FMUX0r
bghjK3bzJerYioJTH1ze1XkKNpLcbn6JFdDgy32vyi+IqEweVfPnKOa5xSPMomGb
UKh27qbWryjtsIHPw/azqHPLIe0Dm3uopineosy0p9IGKyIlq68unz7ysEwur0At
4nds45wjLQdLpnDD4JGXPjIfrxd6ITr0UKsqLX0HsR6oUkYCX2zu5iSjNNCZyE5Y
slh2K2xn8rqcy2677o41qO4bVok/UlrpB2WYl8yq5aPeV+R62/27AW+uo86bBd+Z
l6Nk1oXoiCcYtGPWLVPnxtTPRf1CHTPeEl+OaNdr3t38TbAtQYnyUEMEoEz5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKLwaB4u5oOjERbsYpFtuPsIwh6AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM5MjA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo1k
MA0GCSqGSIb3DQEBCwUAA4IBAQCKpCVMR2C/eNvaaBg6FboV0doNZRj5A9sLlK52
TLFMLgwfvIrP0stk5wkLlK0kSt2LpQs6rFItjvcxBrJvghfd6W7egNBemxes1zoH
VYuH08fPrAn1YtoWk2ZGng++xjxisVmw4T8XHxR9y5IL5imnpS4fKSSeYl3exOv3
7tjdHbId7usZj4tuDtCW3epSmW2hKBLQbFR6wIk8IeCGalRdcDu/Em44rfGd92eV
LKt6ctYqVP+QqsxUAtrUqj7fAxKL2374y3fECOi5WNvs1jcYp4MO6s+xcwolTfWt
ouLdbx5k73/ox7r0thcqifN3Ozfn9aQDEDtsrQV7VGRmBdQV
-----END CERTIFICATE-----