Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          c9WGQG82YdPkAN27vZgFY6HV6VYanNrcyThxNEo35Go=
Subject key identifier:   69:B8:61:E9:E3:87:62:63:08:CF:E2:EC:C7:7F:28:53:CC:F5:B1:93
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1A19B7A34824B62774507DBDB27B4250D1286589
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
Signing time:             Tue 02 Sep 2025 01:48:46 +0000
ROA not before:           Tue 02 Sep 2025 01:43:46 +0000
ROA not after:            Tue 01 Sep 2026 01:48:46 +0000
asID:                     135391
IP address blocks:        45.155.18.0/24 maxlen: 24
                          45.158.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:43:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:19:b7:a3:48:24:b6:27:74:50:7d:bd:b2:7b:42:50:d1:28:65:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep  2 01:43:46 2025 GMT
            Not After : Sep  1 01:48:46 2026 GMT
        Subject: CN=69B861E9E387626308CFE2ECC77F2853CCF5B193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e9:7c:81:5e:af:a2:b3:44:43:47:0d:d5:92:
                    f5:5b:e0:52:2b:4c:e8:4e:01:f7:b8:5c:43:83:1b:
                    e7:53:ca:69:fb:b1:44:7f:2d:07:e5:ca:49:04:8c:
                    11:00:64:e0:f7:e5:aa:16:a0:2d:3d:ba:50:f5:8b:
                    5a:9a:2f:10:a9:83:0f:d6:63:cf:3d:3d:f8:d7:00:
                    7d:97:b3:38:d3:7a:5a:da:94:5c:50:bc:70:33:83:
                    75:bc:f8:0f:a9:2a:54:78:ce:55:ed:ae:a5:96:c1:
                    d8:8f:88:41:e0:7c:da:11:47:13:5e:dc:40:21:f0:
                    e8:b0:0d:d7:c5:4e:5b:17:24:83:f2:05:b9:85:23:
                    67:bf:1a:e0:86:16:a6:13:fa:47:e1:2f:18:89:6e:
                    d7:b4:ca:83:26:9d:8a:69:89:30:cd:41:e9:93:4e:
                    e7:73:14:e1:e2:54:0c:4b:52:78:64:a6:51:0e:45:
                    56:c3:ed:6e:5a:00:1b:0f:a6:4f:2a:10:c6:b4:04:
                    7c:56:6f:81:39:83:4a:90:e3:e8:8d:52:f2:33:5b:
                    28:da:3b:fa:65:1e:a1:8d:5b:67:de:b5:f7:47:84:
                    8a:ef:82:d0:3d:06:02:68:fa:a3:2e:d0:db:11:bb:
                    b9:31:2c:93:da:d7:96:a9:53:0f:6e:3a:f8:9b:59:
                    89:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B8:61:E9:E3:87:62:63:08:CF:E2:EC:C7:7F:28:53:CC:F5:B1:93
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.18.0/24
                  45.158.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:a4:76:1f:bb:cf:40:74:b1:96:c7:a6:fe:73:80:fa:3e:22:
         39:86:cd:eb:dc:22:2b:aa:05:f6:99:80:c8:cf:3e:70:db:f2:
         81:c0:01:fa:93:de:d4:eb:47:ea:a5:fa:2b:a4:19:cf:99:e8:
         3e:a0:64:19:f0:0e:fd:74:13:4c:f2:39:05:e3:67:f9:9a:c9:
         68:db:12:5f:ce:01:4f:7d:91:86:64:d6:cb:26:b0:ea:32:e0:
         75:d7:e9:5a:cc:80:09:75:96:4d:9f:3c:57:95:3a:31:53:8d:
         05:65:c4:23:9f:7a:41:46:f5:eb:3b:55:f7:90:bc:69:ea:07:
         7a:a6:81:44:b2:9e:82:c4:c7:36:6b:57:b6:4f:25:c8:a2:6c:
         92:e0:64:6e:7c:08:af:42:d9:15:19:1e:29:83:e9:54:b1:17:
         3a:02:87:f4:47:22:e9:46:fc:2b:dc:3c:b6:c4:5d:2b:6a:e6:
         69:89:97:7a:f2:23:6e:4e:03:5a:b9:80:00:47:ef:41:4c:70:
         f0:56:3e:c5:46:2a:35:b6:14:3a:18:7f:60:cb:af:37:ba:39:
         11:9c:84:fa:ad:f6:95:b0:91:96:df:b8:79:eb:19:be:f1:33:
         1c:e6:62:bc:cd:44:5a:76:0c:b1:33:fc:73:3d:bd:65:41:04:
         e8:78:7e:d4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGhm3o0gktid0UH29sntCUNEoZYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA5MDIwMTQzNDZaFw0yNjA5MDEwMTQ4NDZaMDMxMTAvBgNV
BAMTKDY5Qjg2MUU5RTM4NzYyNjMwOENGRTJFQ0M3N0YyODUzQ0NGNUIxOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX6XyBXq+is0RDRw3VkvVb4FIr
TOhOAfe4XEODG+dTymn7sUR/LQflykkEjBEAZOD35aoWoC09ulD1i1qaLxCpgw/W
Y889PfjXAH2XszjTelralFxQvHAzg3W8+A+pKlR4zlXtrqWWwdiPiEHgfNoRRxNe
3EAh8OiwDdfFTlsXJIPyBbmFI2e/GuCGFqYT+kfhLxiJbte0yoMmnYppiTDNQemT
TudzFOHiVAxLUnhkplEORVbD7W5aABsPpk8qEMa0BHxWb4E5g0qQ4+iNUvIzWyja
O/plHqGNW2fetfdHhIrvgtA9BgJo+qMu0NsRu7kxLJPa15apUw9uOvibWYnTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUabhh6eOHYmMIz+Lsx38oU8z1sZMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZsS
AwQALZ6oMA0GCSqGSIb3DQEBCwUAA4IBAQBEpHYfu89AdLGWx6b+c4D6PiI5hs3r
3CIrqgX2mYDIzz5w2/KBwAH6k97U60fqpforpBnPmeg+oGQZ8A79dBNM8jkF42f5
mslo2xJfzgFPfZGGZNbLJrDqMuB11+lazIAJdZZNnzxXlToxU40FZcQjn3pBRvXr
O1X3kLxp6gd6poFEsp6CxMc2a1e2TyXIomyS4GRufAivQtkVGR4pg+lUsRc6Aof0
RyLpRvwr3Dy2xF0rauZpiZd68iNuTgNauYAAR+9BTHDwVj7FRio1thQ6GH9gy683
ujkRnIT6rfaVsJGW37h56xm+8TMc5mK8zURadgyxM/xzPb1lQQToeH7U
-----END CERTIFICATE-----