Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138160.roa
File:                     AS138160.roa (raw, json)
Hash identifier:          t63IEYoKmj/q2jAKy9+mP9ydwbgqF22wdfMU+7hlveo=
Subject key identifier:   3D:6C:F0:F8:1A:18:2A:40:41:44:C2:DE:9D:72:28:59:10:CB:C1:A2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7AF090233AD01AF18D887DA96DD2F4CD0DECA1FA
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138160.roa
Signing time:             Wed 20 Aug 2025 13:15:33 +0000
ROA not before:           Wed 20 Aug 2025 13:10:33 +0000
ROA not after:            Wed 19 Aug 2026 13:15:33 +0000
asID:                     138160
IP address blocks:        45.146.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f0:90:23:3a:d0:1a:f1:8d:88:7d:a9:6d:d2:f4:cd:0d:ec:a1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 20 13:10:33 2025 GMT
            Not After : Aug 19 13:15:33 2026 GMT
        Subject: CN=3D6CF0F81A182A404144C2DE9D72285910CBC1A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:51:74:c8:16:67:05:80:26:64:42:ff:c9:b5:
                    75:83:d5:14:eb:ba:a7:a3:b8:28:9e:17:ea:19:8a:
                    c0:7e:44:dc:80:f6:39:06:7d:c0:b2:99:9e:cc:c2:
                    3a:26:ad:0a:79:07:59:76:a2:73:99:3f:27:d8:68:
                    4e:f2:79:cf:2d:0d:f3:96:e3:a1:56:3d:79:e1:75:
                    9b:eb:87:ca:07:1b:0c:81:99:c9:62:12:bf:a6:c4:
                    cd:5b:b2:a7:d0:a0:ce:5e:a7:5c:3a:dd:a1:21:77:
                    3d:d5:fe:bc:8c:71:5c:f5:65:b3:8b:67:bb:7e:fb:
                    ac:22:5d:b0:92:c8:dc:91:70:7d:88:d0:2a:cb:8c:
                    8e:47:1c:d5:0d:a1:07:00:f2:2c:7d:81:7a:2e:d6:
                    44:10:9d:87:3f:dc:0e:4b:48:2f:37:a8:b0:8c:28:
                    ea:16:a5:1d:bd:07:d3:41:3b:6f:c9:18:9a:9b:29:
                    72:9d:36:57:4d:a6:8c:c7:6f:8d:e7:35:9f:51:51:
                    15:ae:b7:29:fa:3d:f9:53:b5:7c:95:45:25:08:9f:
                    f7:fd:8a:fe:12:dc:6e:8a:2a:1a:5b:5e:a7:dc:6b:
                    26:ce:05:56:9b:9c:2e:47:51:3b:8b:80:95:25:fa:
                    c1:5b:56:db:67:2a:65:98:30:d2:4f:16:4a:aa:a9:
                    9f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:6C:F0:F8:1A:18:2A:40:41:44:C2:DE:9D:72:28:59:10:CB:C1:A2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138160.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:06:b4:1f:5d:01:b2:83:1b:38:f1:3b:c0:d8:1a:ef:96:d1:
         d1:bd:74:bd:2b:99:bb:31:87:aa:39:61:48:fe:b8:72:9c:c9:
         ee:20:fc:9b:4f:4e:7f:6e:f8:e0:5b:bb:ba:5b:13:5c:99:47:
         60:98:8d:09:e8:fd:0d:54:83:c3:2a:e0:07:d3:97:ef:99:86:
         e9:59:4b:81:13:5f:9a:03:4d:73:2b:86:fe:c2:4f:fb:fa:f7:
         a8:fa:2e:ac:e0:10:17:ac:17:d8:97:de:a2:02:c3:37:f9:af:
         74:b7:89:18:c2:9b:5b:d1:06:2f:ad:ca:a6:8f:01:c4:5c:b0:
         7a:8a:9d:00:52:35:c2:97:b5:66:db:be:54:17:93:c2:57:7c:
         ae:4c:df:82:04:ff:0c:15:e6:4f:68:ba:c7:63:80:28:db:99:
         94:93:69:da:30:aa:ec:8d:a1:7a:0e:2d:08:56:d8:2b:6e:97:
         ed:fe:e8:03:18:e5:d6:e4:b1:0e:7a:9a:4c:fe:60:47:86:19:
         a2:1b:a9:41:a1:97:74:2d:64:4c:2c:de:7e:b5:ad:80:32:7b:
         5e:60:49:f2:86:47:88:bb:30:fb:45:79:ea:17:54:58:2b:f7:
         8e:1f:b5:cf:f2:fc:e2:93:a8:4a:f2:77:06:2e:d3:af:4b:cb:
         0d:2f:70:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUevCQIzrQGvGNiH2pbdL0zQ3sofowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MjAxMzEwMzNaFw0yNjA4MTkxMzE1MzNaMDMxMTAvBgNV
BAMTKDNENkNGMEY4MUExODJBNDA0MTQ0QzJERTlENzIyODU5MTBDQkMxQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpUXTIFmcFgCZkQv/JtXWD1RTr
uqejuCieF+oZisB+RNyA9jkGfcCymZ7MwjomrQp5B1l2onOZPyfYaE7yec8tDfOW
46FWPXnhdZvrh8oHGwyBmcliEr+mxM1bsqfQoM5ep1w63aEhdz3V/ryMcVz1ZbOL
Z7t++6wiXbCSyNyRcH2I0CrLjI5HHNUNoQcA8ix9gXou1kQQnYc/3A5LSC83qLCM
KOoWpR29B9NBO2/JGJqbKXKdNldNpozHb43nNZ9RURWutyn6PflTtXyVRSUIn/f9
iv4S3G6KKhpbXqfcaybOBVabnC5HUTuLgJUl+sFbVttnKmWYMNJPFkqqqZ/ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPWzw+BoYKkBBRMLenXIoWRDLwaIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM4MTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQApBrQfXQGygxs48TvA2BrvltHRvXS9K5m7MYeq
OWFI/rhynMnuIPybT05/bvjgW7u6WxNcmUdgmI0J6P0NVIPDKuAH05fvmYbpWUuB
E1+aA01zK4b+wk/7+veo+i6s4BAXrBfYl96iAsM3+a90t4kYwptb0QYvrcqmjwHE
XLB6ip0AUjXCl7Vm275UF5PCV3yuTN+CBP8MFeZPaLrHY4Ao25mUk2naMKrsjaF6
Di0IVtgrbpft/ugDGOXW5LEOeppM/mBHhhmiG6lBoZd0LWRMLN5+ta2AMnteYEny
hkeIuzD7RXnqF1RYK/eOH7XP8vzik6hK8ncGLtOvS8sNL3Ai
-----END CERTIFICATE-----