Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          dTphsa6/kRNrWJBf1qtLa80c0Qj8HntnsCQyHBgnUrE=
Subject key identifier:   3A:83:7C:87:38:05:8E:00:81:4F:C2:9F:22:62:64:F6:C5:DF:55:BB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46F3033390D99517F930D0C42E8ECF88773BB4A8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
Signing time:             Thu 19 Mar 2026 01:18:30 +0000
ROA not before:           Thu 19 Mar 2026 01:13:30 +0000
ROA not after:            Thu 18 Mar 2027 01:18:30 +0000
asID:                     135391
IP address blocks:        181.214.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f3:03:33:90:d9:95:17:f9:30:d0:c4:2e:8e:cf:88:77:3b:b4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 01:13:30 2026 GMT
            Not After : Mar 18 01:18:30 2027 GMT
        Subject: CN=3A837C8738058E00814FC29F226264F6C5DF55BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4d:dd:c2:ea:08:d4:6d:95:14:35:0a:41:50:
                    ff:94:8d:0f:f8:00:77:90:27:62:3e:77:2a:8b:e5:
                    2b:c9:36:66:46:ff:8a:45:45:e5:2c:1c:e3:d1:01:
                    8a:d4:db:55:42:e2:a4:dc:85:ee:a1:89:82:33:ee:
                    5d:34:46:db:e0:64:a7:02:f0:84:a9:1c:2c:fb:4f:
                    73:b7:31:55:90:52:80:99:f1:ed:8a:47:6e:42:ab:
                    42:6e:41:e1:96:83:20:78:27:58:0e:cd:0b:c6:7b:
                    1e:02:2d:9c:ec:92:d9:c6:b1:05:26:6f:8e:1d:63:
                    fd:15:85:cc:aa:45:94:18:92:d8:55:2e:28:aa:c3:
                    82:03:aa:2b:a9:11:99:99:9f:39:58:8f:33:43:75:
                    80:ae:e4:55:72:97:75:8d:fb:db:7c:3f:0a:b3:88:
                    4e:07:fc:85:ea:32:85:5c:d7:e3:bb:0d:ba:03:ce:
                    e2:f1:7d:51:4e:d4:a1:21:0f:e6:79:61:39:3d:ba:
                    70:0d:55:b1:a1:a2:c8:14:05:ca:f5:ea:81:4b:51:
                    11:0c:c9:9b:a4:4a:ca:69:17:b1:a8:16:a1:0c:60:
                    e6:d7:32:01:33:9b:a7:77:0a:23:b1:df:16:50:cf:
                    b5:17:d6:ea:d2:0d:4c:51:c1:6f:c0:3b:95:d7:c4:
                    fe:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:83:7C:87:38:05:8E:00:81:4F:C2:9F:22:62:64:F6:C5:DF:55:BB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:eb:0f:d2:c0:cd:da:bf:62:6e:47:ef:82:fe:b2:29:00:af:
         14:aa:da:bc:77:6e:c1:de:3b:c2:d9:ad:2d:cc:3d:47:8b:3e:
         18:99:d5:7a:e3:62:03:42:21:9f:5b:36:d9:16:b0:12:87:9b:
         1a:3c:d3:49:cd:d4:7b:e5:8a:d5:81:2a:4e:9a:56:9d:a5:75:
         e7:af:f8:1c:e7:55:9c:58:75:c1:c7:63:22:33:a6:bc:50:ff:
         e0:a2:b1:65:e4:e4:ee:7a:2c:79:68:c4:19:50:fe:99:60:07:
         29:c5:cf:c8:67:6c:7f:9f:2d:50:af:a7:90:69:fa:59:a2:ce:
         39:30:5e:a1:f5:13:3a:25:ab:bc:52:36:f5:a1:5c:62:d7:5e:
         00:fa:85:89:2d:65:30:86:99:46:39:70:6d:2b:72:53:d3:15:
         f6:b4:14:30:95:fc:ae:73:a9:61:b6:1e:68:00:10:29:22:b1:
         9a:3f:5b:32:de:c6:43:2e:b0:73:4d:fe:e8:04:c7:ff:64:a9:
         a7:6b:05:3d:04:27:56:b9:47:7e:24:c4:7a:14:28:3f:1a:dd:
         6a:53:36:ad:75:5e:66:c2:c1:80:48:0c:b6:98:fe:af:f5:8e:
         22:a1:c4:bd:dc:48:95:10:4a:61:9c:6d:b5:f0:6a:a8:91:f1:
         8e:04:fc:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURvMDM5DZlRf5MNDELo7PiHc7tKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTkwMTEzMzBaFw0yNzAzMTgwMTE4MzBaMDMxMTAvBgNV
BAMTKDNBODM3Qzg3MzgwNThFMDA4MTRGQzI5RjIyNjI2NEY2QzVERjU1QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcTd3C6gjUbZUUNQpBUP+UjQ/4
AHeQJ2I+dyqL5SvJNmZG/4pFReUsHOPRAYrU21VC4qTche6hiYIz7l00RtvgZKcC
8ISpHCz7T3O3MVWQUoCZ8e2KR25Cq0JuQeGWgyB4J1gOzQvGex4CLZzsktnGsQUm
b44dY/0VhcyqRZQYkthVLiiqw4IDqiupEZmZnzlYjzNDdYCu5FVyl3WN+9t8Pwqz
iE4H/IXqMoVc1+O7DboDzuLxfVFO1KEhD+Z5YTk9unANVbGhosgUBcr16oFLUREM
yZukSsppF7GoFqEMYObXMgEzm6d3CiOx3xZQz7UX1urSDUxRwW/AO5XXxP4jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOoN8hzgFjgCBT8KfImJk9sXfVbswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYV
MA0GCSqGSIb3DQEBCwUAA4IBAQCm6w/SwM3av2JuR++C/rIpAK8Uqtq8d27B3jvC
2a0tzD1Hiz4YmdV642IDQiGfWzbZFrASh5saPNNJzdR75YrVgSpOmladpXXnr/gc
51WcWHXBx2MiM6a8UP/gorFl5OTueix5aMQZUP6ZYAcpxc/IZ2x/ny1Qr6eQafpZ
os45MF6h9RM6Jau8Ujb1oVxi114A+oWJLWUwhplGOXBtK3JT0xX2tBQwlfyuc6lh
th5oABApIrGaP1sy3sZDLrBzTf7oBMf/ZKmnawU9BCdWuUd+JMR6FCg/Gt1qUzat
dV5mwsGASAy2mP6v9Y4iocS93EiVEEphnG218GqokfGOBPzm
-----END CERTIFICATE-----