Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137557.roa
File:                     AS137557.roa (raw, json)
Hash identifier:          H9oA0nyYZc55BzhH3epVW/6MzpwL8791cIyKIYdDqZo=
Subject key identifier:   F8:82:AE:6E:51:A1:92:1F:A8:E9:25:1F:12:0F:08:C6:92:0A:27:FD
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3FEF09B1890C44CDD2E462A5ED6D939D11403624
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137557.roa
Signing time:             Wed 13 Aug 2025 09:50:22 +0000
ROA not before:           Wed 13 Aug 2025 09:45:22 +0000
ROA not after:            Wed 12 Aug 2026 09:50:22 +0000
asID:                     137557
IP address blocks:        45.146.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:ef:09:b1:89:0c:44:cd:d2:e4:62:a5:ed:6d:93:9d:11:40:36:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 13 09:45:22 2025 GMT
            Not After : Aug 12 09:50:22 2026 GMT
        Subject: CN=F882AE6E51A1921FA8E9251F120F08C6920A27FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:18:26:ee:f3:e3:ac:84:9b:47:b7:f7:dd:09:
                    02:2d:99:74:28:75:80:52:81:ac:de:57:a6:e6:99:
                    df:60:02:2f:c6:6e:25:72:86:2d:02:73:9d:f4:83:
                    89:b8:85:7a:55:bf:90:1a:25:ba:de:57:52:9c:5a:
                    c3:a9:15:b0:00:d3:5e:7c:99:6b:f1:22:a7:39:4c:
                    aa:48:3f:f3:c8:11:0f:a3:e8:56:03:38:1f:9f:8c:
                    ec:62:b1:ab:08:4f:7d:9b:69:f0:88:d9:2f:9a:0d:
                    b4:78:61:43:a3:c9:b4:29:2c:16:16:8f:8f:c8:4d:
                    c4:7c:45:f9:99:4d:d1:e2:7a:66:64:d0:3c:6c:9c:
                    1c:71:81:74:99:65:21:7d:b4:ad:b0:80:81:af:26:
                    a7:69:6f:b1:5a:b0:f7:05:73:80:10:9e:07:c9:2e:
                    22:65:d0:3d:c1:30:af:66:a5:60:87:0b:cd:9c:77:
                    71:3c:38:d4:93:2c:48:b1:c9:ca:1d:9b:b0:c4:91:
                    c0:48:99:73:aa:16:94:6c:52:12:48:54:d9:e9:91:
                    4b:cb:04:2f:63:71:32:d1:ca:54:1f:40:45:f5:45:
                    12:de:3b:57:d9:43:d8:40:7e:70:f7:e1:cb:b8:ee:
                    80:3a:40:cd:91:1a:d3:3f:5d:74:cf:89:ba:50:bd:
                    39:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:82:AE:6E:51:A1:92:1F:A8:E9:25:1F:12:0F:08:C6:92:0A:27:FD
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:2b:4e:b1:aa:93:72:f9:f4:e7:45:64:0b:05:30:1d:36:75:
         4b:d4:4e:75:cd:90:e9:e0:0a:00:38:57:66:d5:82:54:84:a5:
         9c:05:c9:9e:ce:23:c1:91:80:15:94:4c:c8:4f:95:b1:4e:35:
         b4:88:9c:e9:e2:f1:b5:c6:61:f1:dc:23:c3:01:70:5c:f2:c0:
         e4:f2:d5:46:f2:50:08:64:10:f5:c8:83:2c:ce:91:5c:77:bf:
         cf:59:69:1a:f0:5d:79:07:18:13:d5:66:ac:7e:7e:ec:4b:74:
         35:25:a7:b7:d1:75:c1:50:16:0a:ec:f0:9e:77:4d:9b:a1:f4:
         a2:84:00:73:03:e4:5c:d0:ce:2f:2d:92:b5:64:42:e0:8d:25:
         f4:95:2e:1d:12:2a:69:a9:7d:a2:c2:68:18:05:41:88:68:70:
         fe:c5:b0:54:31:a3:c0:57:7d:9f:8e:91:68:8f:4c:64:7e:3b:
         20:ae:14:ad:62:21:e5:42:d8:97:a6:87:d3:26:c0:b7:b2:01:
         94:29:43:da:b1:45:5a:6d:01:09:82:5d:20:fe:aa:d9:60:23:
         33:82:6e:91:f5:ea:f4:af:6c:42:06:a3:8d:9b:6c:6f:39:60:
         c1:0b:1e:ab:a6:6d:05:24:44:38:9c:60:69:de:c1:3b:a5:9b:
         80:06:71:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUP+8JsYkMRM3S5GKl7W2TnRFANiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MTMwOTQ1MjJaFw0yNjA4MTIwOTUwMjJaMDMxMTAvBgNV
BAMTKEY4ODJBRTZFNTFBMTkyMUZBOEU5MjUxRjEyMEYwOEM2OTIwQTI3RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnGCbu8+OshJtHt/fdCQItmXQo
dYBSgazeV6bmmd9gAi/GbiVyhi0Cc530g4m4hXpVv5AaJbreV1KcWsOpFbAA0158
mWvxIqc5TKpIP/PIEQ+j6FYDOB+fjOxisasIT32bafCI2S+aDbR4YUOjybQpLBYW
j4/ITcR8RfmZTdHiemZk0DxsnBxxgXSZZSF9tK2wgIGvJqdpb7FasPcFc4AQngfJ
LiJl0D3BMK9mpWCHC82cd3E8ONSTLEixycodm7DEkcBImXOqFpRsUhJIVNnpkUvL
BC9jcTLRylQfQEX1RRLeO1fZQ9hAfnD34cu47oA6QM2RGtM/XXTPibpQvTk/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+IKublGhkh+o6SUfEg8IxpIKJ/0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM3NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCoK06xqpNy+fTnRWQLBTAdNnVL1E51zZDp4AoA
OFdm1YJUhKWcBcmeziPBkYAVlEzIT5WxTjW0iJzp4vG1xmHx3CPDAXBc8sDk8tVG
8lAIZBD1yIMszpFcd7/PWWka8F15BxgT1Wasfn7sS3Q1Jae30XXBUBYK7PCed02b
ofSihABzA+Rc0M4vLZK1ZELgjSX0lS4dEippqX2iwmgYBUGIaHD+xbBUMaPAV32f
jpFoj0xkfjsgrhStYiHlQtiXpofTJsC3sgGUKUPasUVabQEJgl0g/qrZYCMzgm6R
9er0r2xCBqONm2xvOWDBCx6rpm0FJEQ4nGBp3sE7pZuABnEO
-----END CERTIFICATE-----