Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          dO8azf/V/hlUztpRzJTDUN84a/1gyGH2COVvOuTaA38=
Subject key identifier:   A4:69:B9:63:5A:AE:86:27:F6:6B:25:75:B5:38:D3:0F:FD:36:22:A7
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1D9117B65CEB224B6AE9B2A6617293F481E9697B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
Signing time:             Thu 19 Mar 2026 01:43:54 +0000
ROA not before:           Thu 19 Mar 2026 01:38:54 +0000
ROA not after:            Thu 18 Mar 2027 01:43:54 +0000
asID:                     135391
IP address blocks:        45.158.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:91:17:b6:5c:eb:22:4b:6a:e9:b2:a6:61:72:93:f4:81:e9:69:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 19 01:38:54 2026 GMT
            Not After : Mar 18 01:43:54 2027 GMT
        Subject: CN=A469B9635AAE8627F66B2575B538D30FFD3622A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8f:e4:c5:8d:6e:20:3b:88:bd:75:5e:55:c5:
                    2b:a5:34:17:5b:21:b5:d1:d3:73:81:0c:54:71:25:
                    1a:b4:90:00:98:89:2d:58:e3:13:ba:f8:19:d0:e7:
                    d8:ce:13:f8:79:ae:3b:a5:ce:9f:62:0d:ba:47:de:
                    2e:06:a6:87:7d:4c:b1:22:7f:4b:30:5a:13:82:d7:
                    35:42:24:ca:5d:27:21:d3:a6:11:71:45:13:44:2f:
                    c6:fb:15:5b:0d:3e:ab:79:dc:03:6e:e1:7c:1d:09:
                    c0:16:6d:77:e8:b8:69:7e:af:ae:a0:97:10:36:6f:
                    36:6b:3d:5d:0f:28:7d:49:79:9b:d4:4c:c7:d0:dc:
                    74:a7:92:f9:95:23:f1:90:13:b1:d9:a4:66:a1:cd:
                    51:42:1f:7a:c6:99:6c:f1:1d:59:ec:79:89:db:e1:
                    47:8c:72:3b:2d:82:60:44:a6:6a:2c:01:8e:d2:b7:
                    03:c0:d3:fb:6a:be:aa:e1:bd:24:12:1f:ad:99:1f:
                    bf:4e:38:59:70:c2:06:4c:71:57:01:1c:53:57:65:
                    50:b8:c0:c7:51:e1:88:1c:aa:26:08:b9:96:ed:e6:
                    fc:16:7a:cb:46:b4:f9:58:ef:25:02:0b:5a:25:2f:
                    cf:c8:b1:e7:3f:82:61:98:5d:a9:1e:f1:21:ab:68:
                    13:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:69:B9:63:5A:AE:86:27:F6:6B:25:75:B5:38:D3:0F:FD:36:22:A7
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a2:3d:1e:2c:cd:a4:94:e9:ee:72:e6:18:26:5f:0d:17:bb:
         90:88:26:4b:81:a3:2a:af:10:3a:c5:27:96:99:59:17:11:9f:
         96:41:32:ec:a9:53:2f:99:c0:38:6d:e0:7e:dc:7a:11:83:b4:
         f1:9d:08:74:2d:f5:e1:19:e4:e3:63:11:dc:97:3b:63:99:50:
         68:25:32:61:d3:36:4f:9f:49:26:22:c4:cd:29:84:9a:f1:7f:
         cb:c8:90:94:1f:dd:a0:36:ab:69:9a:df:74:e3:27:ee:23:1f:
         66:fc:91:86:b4:37:7d:76:87:b6:f0:f5:61:2d:3c:d7:34:38:
         81:1b:e3:9b:88:47:02:fa:d5:32:e2:22:7a:16:64:05:fd:b2:
         b7:ef:14:c0:10:e4:a5:33:35:c8:1b:fc:ed:c4:e6:93:22:d7:
         8e:60:33:d1:54:cd:b9:da:bc:c4:b2:5d:56:80:83:55:a5:78:
         a1:c1:2d:7d:1b:38:16:c9:a5:cd:28:d7:e6:14:e6:11:b8:4e:
         02:c9:53:b3:fd:af:6d:21:6f:f3:18:94:7d:95:f4:e6:8c:5c:
         28:db:7f:3f:c5:17:af:ee:1f:d5:84:76:0a:32:86:85:b2:1c:
         4a:dd:8f:b7:8c:2f:c0:f1:d6:1d:f2:8b:eb:ef:ff:c7:8d:d5:
         50:20:96:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHZEXtlzrIktq6bKmYXKT9IHpaXswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTkwMTM4NTRaFw0yNzAzMTgwMTQzNTRaMDMxMTAvBgNV
BAMTKEE0NjlCOTYzNUFBRTg2MjdGNjZCMjU3NUI1MzhEMzBGRkQzNjIyQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGj+TFjW4gO4i9dV5VxSulNBdb
IbXR03OBDFRxJRq0kACYiS1Y4xO6+BnQ59jOE/h5rjulzp9iDbpH3i4Gpod9TLEi
f0swWhOC1zVCJMpdJyHTphFxRRNEL8b7FVsNPqt53ANu4XwdCcAWbXfouGl+r66g
lxA2bzZrPV0PKH1JeZvUTMfQ3HSnkvmVI/GQE7HZpGahzVFCH3rGmWzxHVnseYnb
4UeMcjstgmBEpmosAY7StwPA0/tqvqrhvSQSH62ZH79OOFlwwgZMcVcBHFNXZVC4
wMdR4YgcqiYIuZbt5vwWestGtPlY7yUCC1olL8/Isec/gmGYXake8SGraBOtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpGm5Y1quhif2ayV1tTjTD/02IqcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ6o
MA0GCSqGSIb3DQEBCwUAA4IBAQCMoj0eLM2klOnucuYYJl8NF7uQiCZLgaMqrxA6
xSeWmVkXEZ+WQTLsqVMvmcA4beB+3HoRg7TxnQh0LfXhGeTjYxHclztjmVBoJTJh
0zZPn0kmIsTNKYSa8X/LyJCUH92gNqtpmt904yfuIx9m/JGGtDd9doe28PVhLTzX
NDiBG+ObiEcC+tUy4iJ6FmQF/bK37xTAEOSlMzXIG/ztxOaTIteOYDPRVM252rzE
sl1WgINVpXihwS19GzgWyaXNKNfmFOYRuE4CyVOz/a9tIW/zGJR9lfTmjFwo238/
xRev7h/VhHYKMoaFshxK3Y+3jC/A8dYd8ovr7//HjdVQIJbh
-----END CERTIFICATE-----