Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          Y9UvfHoHT/x96pt+KFD1GFP/gX4ktFwFm+kigGEhsmM=
Subject key identifier:   5C:FE:D6:F3:53:55:F6:FB:08:59:A5:00:02:08:24:03:AD:CB:FD:DF
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       6C511D44EFD5EE5C5AECE07DD0182228BA3A82FB
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS137409.roa
Signing time:             Wed 15 Oct 2025 08:11:23 +0000
ROA not before:           Wed 15 Oct 2025 08:06:23 +0000
ROA not after:            Wed 14 Oct 2026 08:11:23 +0000
asID:                     137409
IP address blocks:        82.139.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:51:1d:44:ef:d5:ee:5c:5a:ec:e0:7d:d0:18:22:28:ba:3a:82:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Oct 15 08:06:23 2025 GMT
            Not After : Oct 14 08:11:23 2026 GMT
        Subject: CN=5CFED6F35355F6FB0859A50002082403ADCBFDDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:eb:21:c5:9b:86:9d:b1:59:63:78:87:e2:07:
                    d6:00:32:71:73:9b:d8:c1:d8:b9:02:b0:7f:99:56:
                    cb:61:fd:e7:12:0d:79:5e:77:d9:49:5c:ba:b3:06:
                    c8:2d:83:30:eb:47:a5:62:ef:4e:79:9c:b8:47:89:
                    a3:74:17:34:b8:1f:ac:56:fc:d6:c5:ca:15:71:01:
                    5a:24:ea:f1:b3:5a:ba:4b:46:57:a5:63:3b:81:c1:
                    3e:d8:17:90:fd:6a:cc:e4:03:88:81:f8:fb:b7:3d:
                    f1:e7:9c:cf:0d:f7:a2:ce:5a:06:50:48:7f:d8:a9:
                    79:10:e9:81:b2:12:0f:1f:1b:82:5b:ad:b6:01:38:
                    61:2a:f9:5b:6a:e4:9c:6f:36:bb:0b:9b:01:29:2d:
                    d0:da:1a:db:da:5b:9e:70:71:19:62:0a:7e:df:3b:
                    49:33:b6:7e:d0:a1:a0:a1:a8:12:83:3d:e2:fd:91:
                    dc:c8:55:e5:84:86:15:ab:f9:0c:81:14:bc:da:e0:
                    bd:66:73:60:3c:ed:95:ed:6f:b0:3a:1a:4d:7d:bb:
                    23:70:c7:a8:1a:e1:be:05:42:b8:a6:84:0c:e5:41:
                    bf:cb:a1:66:87:cc:3c:91:23:73:81:0e:4d:eb:8b:
                    83:fd:65:6a:f6:bf:72:62:12:da:96:02:c8:b2:79:
                    a7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FE:D6:F3:53:55:F6:FB:08:59:A5:00:02:08:24:03:AD:CB:FD:DF
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:70:6e:cf:29:ae:c7:01:1a:dc:c6:9c:3e:9e:76:58:8a:41:
         46:e0:c9:7d:d4:90:d8:b2:83:de:3f:e9:45:2c:35:f8:30:3d:
         06:8d:d4:d3:a6:23:bd:6b:24:88:6a:cf:b3:e8:16:a7:59:71:
         ec:5d:f4:b0:c6:74:84:97:d2:b1:07:95:be:7c:12:e0:14:ab:
         35:d0:9c:64:35:fc:6e:c8:b9:5b:76:38:ae:69:6e:22:5c:b4:
         c0:5b:fe:2c:6b:4a:ce:70:d7:20:35:8b:ff:22:04:28:c0:b0:
         ed:59:97:f7:98:18:6a:09:92:f6:d3:72:08:f0:20:42:5d:73:
         5e:e4:de:a1:68:73:99:06:6d:eb:e0:85:2f:26:01:55:e9:16:
         dd:26:ca:d5:b4:77:09:d4:ce:d0:b9:1b:c3:39:3e:c3:1f:e4:
         aa:68:a7:30:0d:7c:61:8c:6c:17:58:32:04:34:19:c7:ef:0c:
         5b:92:60:bb:12:25:33:b5:13:f4:20:23:38:7f:a2:04:dc:7c:
         43:cd:1c:32:14:8b:8a:af:5b:7e:e2:84:31:e4:9b:41:fb:42:
         c4:bf:39:dd:14:2d:82:ca:7a:5f:d3:b4:31:76:63:07:4f:4a:
         b7:99:e6:77:6e:0c:ec:f2:a0:f3:73:75:0e:12:9f:0b:54:4d:
         38:3a:a9:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbFEdRO/V7lxa7OB90BgiKLo6gvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTEwMTUwODA2MjNaFw0yNjEwMTQwODExMjNaMDMxMTAvBgNV
BAMTKDVDRkVENkYzNTM1NUY2RkIwODU5QTUwMDAyMDgyNDAzQURDQkZEREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE6yHFm4adsVljeIfiB9YAMnFz
m9jB2LkCsH+ZVsth/ecSDXled9lJXLqzBsgtgzDrR6Vi7055nLhHiaN0FzS4H6xW
/NbFyhVxAVok6vGzWrpLRlelYzuBwT7YF5D9aszkA4iB+Pu3PfHnnM8N96LOWgZQ
SH/YqXkQ6YGyEg8fG4JbrbYBOGEq+Vtq5JxvNrsLmwEpLdDaGtvaW55wcRliCn7f
O0kztn7QoaChqBKDPeL9kdzIVeWEhhWr+QyBFLza4L1mc2A87ZXtb7A6Gk19uyNw
x6ga4b4FQrimhAzlQb/LoWaHzDyRI3OBDk3ri4P9ZWr2v3JiEtqWAsiyeac7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXP7W81NV9vsIWaUAAggkA63L/d8wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovD
MA0GCSqGSIb3DQEBCwUAA4IBAQCmcG7PKa7HARrcxpw+nnZYikFG4Ml91JDYsoPe
P+lFLDX4MD0GjdTTpiO9aySIas+z6BanWXHsXfSwxnSEl9KxB5W+fBLgFKs10Jxk
NfxuyLlbdjiuaW4iXLTAW/4sa0rOcNcgNYv/IgQowLDtWZf3mBhqCZL203II8CBC
XXNe5N6haHOZBm3r4IUvJgFV6RbdJsrVtHcJ1M7QuRvDOT7DH+SqaKcwDXxhjGwX
WDIENBnH7wxbkmC7EiUztRP0ICM4f6IE3HxDzRwyFIuKr1t+4oQx5JtB+0LEvznd
FC2Cynpf07QxdmMHT0q3meZ3bgzs8qDzc3UOEp8LVE04OqmJ
-----END CERTIFICATE-----