Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          FBhgnBt83ib/KhFgaTiWnS+1kHFhE3OnUTKLziTue8A=
Subject key identifier:   0A:DF:18:4E:55:6F:F0:09:95:29:BA:33:6E:2B:39:78:A3:14:E5:4A
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2B919CD2866CB3F5ECF7B229E134B3F7D5E66E4A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa
Signing time:             Fri 27 Jun 2025 09:47:29 +0000
ROA not before:           Fri 27 Jun 2025 09:42:29 +0000
ROA not after:            Fri 26 Jun 2026 09:47:29 +0000
asID:                     137235
IP address blocks:        178.95.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:91:9c:d2:86:6c:b3:f5:ec:f7:b2:29:e1:34:b3:f7:d5:e6:6e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 09:42:29 2025 GMT
            Not After : Jun 26 09:47:29 2026 GMT
        Subject: CN=0ADF184E556FF0099529BA336E2B3978A314E54A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:06:de:18:57:9f:bf:b5:33:4e:aa:7b:c2:e3:
                    1d:06:20:15:be:94:84:93:31:11:43:ec:4d:ed:da:
                    20:89:47:fe:11:50:8f:8f:c2:bd:19:84:11:dc:6b:
                    42:ad:b9:c0:14:d5:54:f9:55:ac:d5:cd:59:83:ad:
                    56:57:00:af:8b:76:53:45:01:1d:3f:e7:5a:aa:81:
                    2d:44:86:3d:d8:ed:48:5a:93:c8:15:f7:84:04:fd:
                    7d:8b:5f:b9:8f:f0:0d:d9:3d:bf:b3:3c:bf:f5:06:
                    e2:3a:72:a5:f7:d0:af:20:fc:8e:39:3e:43:c0:e8:
                    57:45:a7:76:87:40:1a:e9:35:4b:89:a0:c8:6c:28:
                    63:fc:47:65:8d:04:cb:9e:b5:3c:98:d2:c1:53:7e:
                    2e:4b:7d:b9:85:e7:52:b9:58:72:d3:75:23:c6:c1:
                    2f:13:57:19:8d:68:a6:83:c7:18:b7:4a:f2:dd:ec:
                    3e:94:8e:2d:a1:41:e5:80:ac:e9:4e:3a:92:93:99:
                    2e:d6:cc:76:32:93:c6:7d:c3:9b:7d:fb:d7:1c:d4:
                    82:47:af:5a:82:88:7f:3f:d7:68:e2:76:3d:23:9f:
                    a3:d1:f8:07:83:2e:8d:c3:27:17:9a:76:c1:eb:44:
                    4b:02:5b:49:c2:e4:e4:f0:7b:df:58:a2:91:2c:3a:
                    f7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DF:18:4E:55:6F:F0:09:95:29:BA:33:6E:2B:39:78:A3:14:E5:4A
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:fa:a9:0e:61:b4:eb:2f:a3:d5:36:b4:e6:ae:39:da:fd:b4:
         15:5e:6d:64:05:02:fb:fa:07:1c:9a:47:81:9c:f8:e3:07:c8:
         71:2e:cb:79:0f:fd:e8:f9:28:8d:ea:33:2e:cb:6b:18:d9:01:
         29:d6:74:3a:0d:81:18:25:a5:d6:77:4a:bb:d8:3c:bd:32:29:
         d4:86:5c:4d:b0:3a:fa:41:66:51:95:a5:48:ca:aa:47:cd:ee:
         36:81:2b:f1:de:62:8b:81:4c:5b:c1:0b:6a:b8:50:fb:c9:e8:
         6c:fc:c3:4f:24:62:60:43:9c:d6:51:e3:64:8a:ce:86:00:15:
         33:ac:34:f1:0b:ae:eb:9b:79:87:c0:cc:2a:43:d7:6b:41:64:
         b2:29:32:67:97:0f:91:16:cd:f6:34:72:93:4a:40:28:91:b4:
         1e:f5:a0:a3:8e:d1:e3:c7:39:d0:84:82:dc:5e:f7:42:2c:94:
         14:16:19:95:12:82:da:59:42:e1:52:d2:f3:c7:3f:3b:54:10:
         21:83:5f:6c:a1:22:24:f9:e6:44:a3:19:c1:62:f4:35:b2:ea:
         65:ab:e5:f6:ae:47:51:d7:a7:c2:d1:be:02:82:1e:fb:b1:ba:
         e1:0f:c9:ee:38:31:d9:1c:07:b4:fa:93:ce:6e:c0:a4:1d:69:
         4f:24:ae:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK5Gc0oZss/Xs97Ip4TSz99XmbkowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcwOTQyMjlaFw0yNjA2MjYwOTQ3MjlaMDMxMTAvBgNV
BAMTKDBBREYxODRFNTU2RkYwMDk5NTI5QkEzMzZFMkIzOTc4QTMxNEU1NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvBt4YV5+/tTNOqnvC4x0GIBW+
lISTMRFD7E3t2iCJR/4RUI+Pwr0ZhBHca0KtucAU1VT5VazVzVmDrVZXAK+LdlNF
AR0/51qqgS1Ehj3Y7Uhak8gV94QE/X2LX7mP8A3ZPb+zPL/1BuI6cqX30K8g/I45
PkPA6FdFp3aHQBrpNUuJoMhsKGP8R2WNBMuetTyY0sFTfi5LfbmF51K5WHLTdSPG
wS8TVxmNaKaDxxi3SvLd7D6Uji2hQeWArOlOOpKTmS7WzHYyk8Z9w5t9+9cc1IJH
r1qCiH8/12jidj0jn6PR+AeDLo3DJxeadsHrREsCW0nC5OTwe99YopEsOve/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCt8YTlVv8AmVKbozbis5eKMU5UowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl8E
MA0GCSqGSIb3DQEBCwUAA4IBAQAy+qkOYbTrL6PVNrTmrjna/bQVXm1kBQL7+gcc
mkeBnPjjB8hxLst5D/3o+SiN6jMuy2sY2QEp1nQ6DYEYJaXWd0q72Dy9MinUhlxN
sDr6QWZRlaVIyqpHze42gSvx3mKLgUxbwQtquFD7yehs/MNPJGJgQ5zWUeNkis6G
ABUzrDTxC67rm3mHwMwqQ9drQWSyKTJnlw+RFs32NHKTSkAokbQe9aCjjtHjxznQ
hILcXvdCLJQUFhmVEoLaWULhUtLzxz87VBAhg19soSIk+eZEoxnBYvQ1suplq+X2
rkdR16fC0b4Cgh77sbrhD8nuODHZHAe0+pPObsCkHWlPJK5+
-----END CERTIFICATE-----