Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          VQeePLZ5ToatD+/70sBv6ioMdltDBDmW1BdnXdf2b08=
Subject key identifier:   B9:4C:6C:5F:6E:0F:62:44:AB:5B:6F:7E:E7:E3:25:AC:57:00:0B:A4
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       65E83B345BAC9D4BBF0EB934C6F4AC5F81D6018D
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
Signing time:             Fri 27 Jun 2025 09:53:28 +0000
ROA not before:           Fri 27 Jun 2025 09:48:28 +0000
ROA not after:            Fri 26 Jun 2026 09:53:28 +0000
asID:                     137517
IP address blocks:        188.119.68.0/24 maxlen: 24
                          194.93.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:e8:3b:34:5b:ac:9d:4b:bf:0e:b9:34:c6:f4:ac:5f:81:d6:01:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 27 09:48:28 2025 GMT
            Not After : Jun 26 09:53:28 2026 GMT
        Subject: CN=B94C6C5F6E0F6244AB5B6F7EE7E325AC57000BA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3e:f9:97:92:bf:05:15:c0:78:0d:45:eb:db:
                    37:e2:de:bd:5b:f1:cc:98:1c:ef:00:65:53:8f:77:
                    ee:c3:de:81:ba:ad:2f:66:1d:db:83:c0:e6:57:3b:
                    16:22:be:b7:d5:de:99:ec:26:9a:a6:3f:4f:5f:12:
                    7e:17:ee:0d:19:10:c7:59:29:1b:c5:4c:8b:79:06:
                    2b:4c:20:b8:f3:0e:3e:17:1e:bc:ce:41:8c:db:d6:
                    e6:fe:4d:c9:21:5f:a0:56:c3:42:ed:ab:d8:7d:4d:
                    d0:75:4d:8c:66:0b:1e:cd:ab:f7:f5:64:6d:c6:24:
                    6c:84:89:55:0a:97:a9:d0:3d:c8:f8:32:00:fa:e3:
                    78:4c:9e:dd:2b:88:09:c4:e1:72:3f:f6:99:34:19:
                    90:67:1f:32:7d:a7:6a:69:9a:73:49:02:f2:1b:63:
                    c3:0f:4a:ff:8b:66:ec:78:23:3b:a5:4d:82:13:79:
                    af:9d:6c:67:3f:52:bf:62:92:3e:9c:fd:7c:ca:0a:
                    75:04:a9:e7:4b:ab:3d:f9:a7:77:6f:01:53:e5:2e:
                    d5:75:82:de:31:58:02:5c:82:cb:34:e9:0b:97:60:
                    15:1a:d2:d5:11:bc:6d:bc:73:8b:ce:46:2a:3f:9a:
                    b1:6b:ca:09:cd:89:12:0e:52:45:5b:52:d0:39:29:
                    1d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4C:6C:5F:6E:0F:62:44:AB:5B:6F:7E:E7:E3:25:AC:57:00:0B:A4
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.68.0/24
                  194.93.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:61:e8:42:80:e1:4d:7c:4d:18:a9:20:96:f3:b7:04:7b:17:
         eb:4b:66:35:79:b9:5a:4e:6d:c2:f4:e5:46:1b:ef:f4:81:41:
         5b:a5:2b:71:6b:17:f2:0a:b7:24:1d:cf:16:06:ae:9f:7d:00:
         27:71:6e:91:ad:9b:8c:47:ae:af:68:34:dc:4f:5f:b7:1b:4f:
         02:20:22:2e:1f:44:60:3c:05:4c:d2:bf:16:06:8b:85:49:ab:
         c4:de:14:c9:c6:bc:e3:d0:17:5a:85:ed:98:2e:16:93:5d:6e:
         2a:4d:79:90:e0:28:b3:67:3e:cd:e2:17:03:6b:b7:c5:2d:da:
         dd:45:34:34:74:7c:98:cd:13:0c:89:e9:92:b2:53:4e:3f:97:
         60:99:7d:65:d4:df:d5:d0:91:39:47:3a:38:67:3e:7e:41:a1:
         f8:c5:c4:28:d5:e0:25:31:55:55:b7:a3:3b:98:e6:87:3d:9f:
         ee:a6:a7:e5:75:63:bb:50:0d:b6:5e:a9:e0:d6:69:69:b2:ef:
         43:fc:ed:c8:ba:16:81:65:44:56:ce:50:b8:d4:f6:37:6f:c8:
         83:85:5b:a0:df:ee:a3:84:32:93:46:ec:f5:49:ef:5e:f9:22:
         90:c7:42:f8:93:b0:ea:2a:69:d6:8e:5d:16:3b:d6:98:a7:8f:
         c9:5d:bb:71
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUZeg7NFusnUu/Drk0xvSsX4HWAY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MjcwOTQ4MjhaFw0yNjA2MjYwOTUzMjhaMDMxMTAvBgNV
BAMTKEI5NEM2QzVGNkUwRjYyNDRBQjVCNkY3RUU3RTMyNUFDNTcwMDBCQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXPvmXkr8FFcB4DUXr2zfi3r1b
8cyYHO8AZVOPd+7D3oG6rS9mHduDwOZXOxYivrfV3pnsJpqmP09fEn4X7g0ZEMdZ
KRvFTIt5BitMILjzDj4XHrzOQYzb1ub+TckhX6BWw0Ltq9h9TdB1TYxmCx7Nq/f1
ZG3GJGyEiVUKl6nQPcj4MgD643hMnt0riAnE4XI/9pk0GZBnHzJ9p2ppmnNJAvIb
Y8MPSv+LZux4IzulTYITea+dbGc/Ur9ikj6c/XzKCnUEqedLqz35p3dvAVPlLtV1
gt4xWAJcgss06QuXYBUa0tURvG28c4vORio/mrFrygnNiRIOUkVbUtA5KR0BAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUuUxsX24PYkSrW29+5+MlrFcAC6QwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvHdE
AwQAwl0+MA0GCSqGSIb3DQEBCwUAA4IBAQCkYehCgOFNfE0YqSCW87cEexfrS2Y1
eblaTm3C9OVGG+/0gUFbpStxaxfyCrckHc8WBq6ffQAncW6RrZuMR66vaDTcT1+3
G08CICIuH0RgPAVM0r8WBouFSavE3hTJxrzj0Bdahe2YLhaTXW4qTXmQ4CizZz7N
4hcDa7fFLdrdRTQ0dHyYzRMMiemSslNOP5dgmX1l1N/V0JE5Rzo4Zz5+QaH4xcQo
1eAlMVVVt6M7mOaHPZ/upqfldWO7UA22Xqng1mlpsu9D/O3IuhaBZURWzlC41PY3
b8iDhVug3+6jhDKTRuz1Se9e+SKQx0L4k7DqKmnWjl0WO9aYp4/JXbtx
-----END CERTIFICATE-----