Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS139317.roa
File:                     AS139317.roa (raw, json)
Hash identifier:          1Ys/AoE+AonP+FnzsHlfOLl/IUfmGIeWI02jq77CSTM=
Subject key identifier:   C4:C4:87:06:D1:0B:E8:A7:CE:30:4F:6D:06:88:C7:54:F4:55:9F:C2
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       09108DADAD3CCFCD78E8A2F11CCBF8740F333B7A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS139317.roa
Signing time:             Wed 25 Mar 2026 03:08:30 +0000
ROA not before:           Wed 25 Mar 2026 03:03:30 +0000
ROA not after:            Wed 24 Mar 2027 03:08:30 +0000
asID:                     139317
IP address blocks:        2a0f:85c1:bfe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:10:8d:ad:ad:3c:cf:cd:78:e8:a2:f1:1c:cb:f8:74:0f:33:3b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 25 03:03:30 2026 GMT
            Not After : Mar 24 03:08:30 2027 GMT
        Subject: CN=C4C48706D10BE8A7CE304F6D0688C754F4559FC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:50:fa:3d:17:93:8b:af:f3:1a:f3:71:5e:
                    dc:66:c1:c8:8c:af:ab:b1:f9:53:5c:ff:e1:4f:73:
                    1d:58:f1:46:e8:da:c9:a1:2e:a3:70:c8:75:94:61:
                    6e:6c:d2:e0:da:d4:56:aa:a8:16:99:c6:c4:23:3d:
                    cd:06:ba:8a:3b:b5:ec:a2:4c:a3:cc:f5:27:ab:d3:
                    29:cd:11:a7:58:28:fb:e7:9e:a2:00:17:b9:d3:8a:
                    14:b3:d5:bc:2b:f6:33:88:b2:31:ab:30:5d:34:b2:
                    c7:98:e2:e6:56:5f:ea:db:94:02:6b:d6:29:b4:4e:
                    2c:a1:5d:9e:73:2f:35:f9:fb:c1:0c:1e:b6:a4:6c:
                    53:5a:5e:7e:f4:56:80:2f:81:6d:b4:d5:9f:c6:d8:
                    93:89:eb:df:1c:ec:e2:ab:b5:25:7b:7f:6c:69:99:
                    a3:90:5b:ff:ee:c1:91:4b:c3:d8:20:30:e1:b6:5e:
                    a9:20:e1:78:11:db:db:ca:0a:28:93:dd:00:f0:f3:
                    a2:32:8a:0c:36:0d:82:e9:4b:5d:0e:0c:9f:ba:bb:
                    17:f6:f3:a1:97:04:e4:53:aa:03:f5:12:88:72:0b:
                    67:6e:60:dd:b5:74:e5:85:b3:24:78:96:a5:4f:e9:
                    a6:df:e0:3f:74:cf:bb:d5:db:47:37:dc:07:41:64:
                    11:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C4:87:06:D1:0B:E8:A7:CE:30:4F:6D:06:88:C7:54:F4:55:9F:C2
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS139317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bfe::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:c1:88:24:38:05:af:96:06:fc:47:24:b8:97:b2:da:bd:17:
         bd:5a:0b:38:00:7b:51:6d:b6:bb:5b:4f:47:74:ea:e6:ca:11:
         63:57:81:79:ff:92:43:64:18:83:75:8d:aa:52:77:d6:a5:0b:
         43:37:89:68:2a:d5:60:95:8c:c3:77:1a:db:af:b8:38:b3:b5:
         85:79:2c:f1:d5:f7:e7:5f:3d:ae:ca:6a:3a:12:e5:09:47:de:
         da:b4:b9:63:31:5e:80:76:31:16:3e:6c:3e:51:2f:79:cc:25:
         a2:00:8c:fe:6d:67:05:ec:f4:15:c7:7a:81:75:37:69:66:fb:
         73:b4:47:5e:9f:f0:5f:a9:89:0d:ec:91:51:43:92:6e:37:14:
         45:7e:c3:48:5c:0e:a5:ba:cc:3f:9d:80:6d:38:86:d5:c3:e0:
         18:46:f4:67:e6:7d:50:60:c3:25:e7:f2:c5:05:7b:ff:f8:b2:
         9a:d5:fa:57:d4:78:5c:88:1a:8e:c5:33:d2:cb:c0:aa:54:dd:
         e4:d1:49:c3:38:07:10:37:8a:14:0a:9d:25:23:7c:ea:f5:08:
         85:c6:a4:ee:cf:55:75:aa:8f:4a:ca:80:57:72:27:a5:81:26:
         bc:15:c6:a2:22:91:02:91:23:03:05:79:a8:ab:c5:24:fd:8f:
         b9:f7:82:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCRCNra08z8146KLxHMv4dA8zO3owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAzMjUwMzAzMzBaFw0yNzAzMjQwMzA4MzBaMDMxMTAvBgNV
BAMTKEM0QzQ4NzA2RDEwQkU4QTdDRTMwNEY2RDA2ODhDNzU0RjQ1NTlGQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCelD6PReTi6/zGvNxXtxmwciM
r6ux+VNc/+FPcx1Y8Ubo2smhLqNwyHWUYW5s0uDa1FaqqBaZxsQjPc0Guoo7teyi
TKPM9Ser0ynNEadYKPvnnqIAF7nTihSz1bwr9jOIsjGrMF00sseY4uZWX+rblAJr
1im0TiyhXZ5zLzX5+8EMHrakbFNaXn70VoAvgW201Z/G2JOJ698c7OKrtSV7f2xp
maOQW//uwZFLw9ggMOG2Xqkg4XgR29vKCiiT3QDw86Iyigw2DYLpS10ODJ+6uxf2
86GXBORTqgP1EohyC2duYN21dOWFsyR4lqVP6abf4D90z7vV20c33AdBZBFNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxMSHBtEL6KfOME9tBojHVPRVn8IwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTM5MzE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQv+MA0GCSqGSIb3DQEBCwUAA4IBAQBzwYgkOAWvlgb8RyS4l7LavRe9Wgs4AHtR
bba7W09HdOrmyhFjV4F5/5JDZBiDdY2qUnfWpQtDN4loKtVglYzDdxrbr7g4s7WF
eSzx1ffnXz2uymo6EuUJR97atLljMV6AdjEWPmw+US95zCWiAIz+bWcF7PQVx3qB
dTdpZvtztEden/BfqYkN7JFRQ5JuNxRFfsNIXA6lusw/nYBtOIbVw+AYRvRn5n1Q
YMMl5/LFBXv/+LKa1fpX1HhciBqOxTPSy8CqVN3k0UnDOAcQN4oUCp0lI3zq9QiF
xqTuz1V1qo9KyoBXcielgSa8FcaiIpECkSMDBXmoq8Uk/Y+594II
-----END CERTIFICATE-----