Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS134972.roa
File:                     AS134972.roa (raw, json)
Hash identifier:          rQQhPKemAJkX5ZSq2xlzZfD8hhb9a25bk2hm/WEic0o=
Subject key identifier:   97:C3:EC:E0:77:48:DA:A0:8E:0D:47:67:94:20:F0:DB:13:41:05:55
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2B53EF8C7FBA2099BCCAEDF1F7B8DFEA1C5F530C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS134972.roa
Signing time:             Tue 10 Mar 2026 09:10:02 +0000
ROA not before:           Tue 10 Mar 2026 09:05:02 +0000
ROA not after:            Tue 09 Mar 2027 09:10:02 +0000
asID:                     134972
IP address blocks:        141.11.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:53:ef:8c:7f:ba:20:99:bc:ca:ed:f1:f7:b8:df:ea:1c:5f:53:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 10 09:05:02 2026 GMT
            Not After : Mar  9 09:10:02 2027 GMT
        Subject: CN=97C3ECE07748DAA08E0D47679420F0DB13410555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4e:25:04:a2:14:13:8d:e9:99:cd:e6:51:7f:
                    06:fd:ce:82:51:45:31:72:66:a4:ad:50:59:85:2d:
                    3e:1f:26:1a:1f:5e:03:b7:d9:03:9a:35:a7:3e:91:
                    3b:79:46:50:d7:76:6f:33:3f:cd:62:83:62:9b:ec:
                    60:ab:fb:70:2c:c6:f7:a1:a4:6f:4e:f2:05:d0:3e:
                    0d:18:99:07:b2:cc:b6:dd:b7:e8:1a:a9:f8:ab:ed:
                    74:86:80:0e:41:19:da:70:b3:82:76:f8:76:aa:a5:
                    e7:cd:bd:44:e4:78:6d:18:3e:98:50:ed:2e:c0:61:
                    ab:41:ee:ca:df:57:21:15:65:2d:6e:0c:5e:9f:8e:
                    03:9d:a8:a5:ea:0c:0e:7a:7f:70:d6:ab:d7:7e:9c:
                    ac:08:83:04:9c:12:94:b6:91:67:54:0d:ed:48:fa:
                    b6:e9:92:be:06:76:7f:73:ea:bf:82:31:52:71:2b:
                    4a:03:42:34:4c:72:f0:7e:78:73:ef:cc:05:c9:25:
                    cc:77:bb:17:da:3f:29:6e:f1:8f:f9:22:09:be:b3:
                    09:49:23:1d:2f:62:e8:e1:3f:75:55:15:c1:22:1c:
                    07:be:6d:ca:5d:1c:d4:b8:f6:b5:cd:e2:c8:53:03:
                    28:e4:a0:2a:b5:84:fe:3c:ec:2a:24:7d:20:5a:b9:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C3:EC:E0:77:48:DA:A0:8E:0D:47:67:94:20:F0:DB:13:41:05:55
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS134972.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:6f:b6:5b:b9:c9:08:90:a2:9e:4b:a3:b7:4e:7c:68:d6:bd:
         01:99:0a:42:21:37:81:f2:8d:26:c5:6b:f0:e0:92:fe:74:d9:
         70:ea:e0:64:97:30:10:82:64:9f:e0:cd:2d:f1:91:26:26:ac:
         eb:84:bb:20:6f:f2:82:03:80:b6:c5:16:03:3f:40:84:1b:51:
         5d:40:b4:c2:98:3e:79:49:59:56:cf:62:c5:32:17:c4:94:52:
         1f:71:f1:3c:44:02:f0:c6:0e:0d:3a:e8:10:0b:c9:61:b8:49:
         dc:87:05:c4:65:4f:74:f4:a1:75:f8:bd:9f:2d:74:f7:43:b0:
         77:31:e9:22:11:30:17:d9:e0:42:57:0c:c6:7e:14:8d:54:c7:
         82:bc:fa:cd:2f:d3:fa:cf:e6:1e:ca:05:b7:62:47:c3:2b:9c:
         3d:1b:d8:98:8d:5a:1d:5b:92:57:9b:45:92:a0:f0:f9:96:5a:
         5c:db:20:aa:47:d4:1c:ad:3a:7f:73:c3:e0:b8:92:d1:e1:fa:
         80:25:5b:91:f7:db:92:e4:56:dd:6f:d7:46:27:ec:bd:1a:88:
         60:1f:51:e3:0e:d0:82:4a:73:f2:5a:48:43:0c:8d:a4:4d:83:
         b2:c4:8c:34:b3:36:65:9e:67:e8:67:66:b6:9e:5a:60:bc:53:
         5a:b5:e2:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK1PvjH+6IJm8yu3x97jf6hxfUwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTAwOTA1MDJaFw0yNzAzMDkwOTEwMDJaMDMxMTAvBgNV
BAMTKDk3QzNFQ0UwNzc0OERBQTA4RTBENDc2Nzk0MjBGMERCMTM0MTA1NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9TiUEohQTjemZzeZRfwb9zoJR
RTFyZqStUFmFLT4fJhofXgO32QOaNac+kTt5RlDXdm8zP81ig2Kb7GCr+3Asxveh
pG9O8gXQPg0YmQeyzLbdt+gaqfir7XSGgA5BGdpws4J2+HaqpefNvUTkeG0YPphQ
7S7AYatB7srfVyEVZS1uDF6fjgOdqKXqDA56f3DWq9d+nKwIgwScEpS2kWdUDe1I
+rbpkr4Gdn9z6r+CMVJxK0oDQjRMcvB+eHPvzAXJJcx3uxfaPylu8Y/5Igm+swlJ
Ix0vYujhP3VVFcEiHAe+bcpdHNS49rXN4shTAyjkoCq1hP487CokfSBauVOPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUl8Ps4HdI2qCODUdnlCDw2xNBBVUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM0OTcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuS
MA0GCSqGSIb3DQEBCwUAA4IBAQDCb7ZbuckIkKKeS6O3Tnxo1r0BmQpCITeB8o0m
xWvw4JL+dNlw6uBklzAQgmSf4M0t8ZEmJqzrhLsgb/KCA4C2xRYDP0CEG1FdQLTC
mD55SVlWz2LFMhfElFIfcfE8RALwxg4NOugQC8lhuEnchwXEZU909KF1+L2fLXT3
Q7B3MekiETAX2eBCVwzGfhSNVMeCvPrNL9P6z+YeygW3YkfDK5w9G9iYjVodW5JX
m0WSoPD5llpc2yCqR9QcrTp/c8PguJLR4fqAJVuR99uS5Fbdb9dGJ+y9GohgH1Hj
DtCCSnPyWkhDDI2kTYOyxIw0szZlnmfoZ2a2nlpgvFNateJa
-----END CERTIFICATE-----