Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          Pydnbp4lfotL4kXP5DcmnwjticgwfJ///u5Bx0+VWWk=
Subject key identifier:   43:FA:9B:3E:A8:6F:3D:A2:67:86:83:19:D7:15:FF:A1:2E:84:90:DF
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       026F41F1B8524986C9ED5532076EE26321DCE174
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa
Signing time:             Fri 27 Jun 2025 09:49:03 +0000
ROA not before:           Fri 27 Jun 2025 09:44:03 +0000
ROA not after:            Fri 26 Jun 2026 09:49:03 +0000
asID:                     137517
IP address blocks:        95.135.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:6f:41:f1:b8:52:49:86:c9:ed:55:32:07:6e:e2:63:21:dc:e1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 09:44:03 2025 GMT
            Not After : Jun 26 09:49:03 2026 GMT
        Subject: CN=43FA9B3EA86F3DA267868319D715FFA12E8490DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ca:50:a0:3e:5c:60:79:4c:81:f1:94:14:8d:
                    cd:15:17:b6:14:9f:23:63:7b:38:38:9c:fe:00:19:
                    ef:dd:c7:dc:68:b9:19:9d:e2:43:ae:74:5f:15:02:
                    41:37:6b:70:d1:78:c9:11:bf:84:f4:e1:a5:9d:4e:
                    1b:52:53:e1:48:a7:e4:66:75:cc:fc:93:65:0d:39:
                    05:18:71:f4:9f:66:7e:1d:8b:63:36:09:a3:c1:94:
                    f2:db:1b:94:7d:2f:51:28:43:b4:12:3b:4f:a7:63:
                    7d:63:74:9e:17:10:9c:47:03:87:46:e0:2a:64:04:
                    27:8e:cc:a5:9c:60:e2:23:a1:72:7e:f7:91:3a:80:
                    a7:c1:03:5b:89:96:5e:c9:a8:27:49:d5:a0:c3:19:
                    39:5a:e6:1a:e6:68:31:b0:c4:3d:61:ce:e4:58:f8:
                    2b:7b:cc:5d:40:3b:e7:02:c7:56:2b:68:fb:6d:5a:
                    02:bd:ae:66:bb:bb:a0:0a:75:85:f1:08:4e:42:1b:
                    f1:ad:1c:cf:be:a9:22:0e:c9:8e:e0:e0:8f:83:4d:
                    04:31:c2:05:04:aa:50:8c:01:c2:21:47:bb:5e:a9:
                    bf:a7:2f:13:f8:66:54:7f:d8:66:d2:64:33:65:0e:
                    57:19:24:7d:3c:1e:fd:9d:15:ac:a5:6d:af:23:77:
                    f3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FA:9B:3E:A8:6F:3D:A2:67:86:83:19:D7:15:FF:A1:2E:84:90:DF
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:ee:81:67:25:9b:a9:64:90:09:6a:b0:1e:fd:31:a1:92:54:
         8f:08:60:a7:53:9d:64:01:83:d7:47:c7:46:9a:a5:ca:26:dd:
         ee:0c:4b:01:ba:51:de:b7:97:81:7e:c0:bf:da:98:91:57:42:
         4c:64:48:cb:c9:0b:5e:5f:cc:56:48:51:6d:cb:ac:fd:d8:d3:
         bd:7d:69:1f:58:45:35:64:64:78:4b:e5:ef:99:a1:bd:87:71:
         95:5c:ed:b0:2b:5b:66:14:7f:43:fa:6a:53:5f:5c:2d:ee:48:
         b7:69:93:b4:fe:b1:bb:fb:3d:83:4b:42:ab:ed:1b:fc:93:64:
         64:fc:c4:01:9e:74:f1:0d:86:ca:90:6f:a8:c1:50:31:91:a5:
         f8:20:61:cc:28:36:41:29:07:25:a5:7c:58:68:d8:6e:d5:ed:
         3f:81:f9:bc:6f:ff:6e:03:73:41:d2:b8:c4:cd:3e:2b:fd:75:
         ed:36:c9:d7:bd:25:d6:b5:04:09:fc:de:7d:0f:d2:91:39:8e:
         32:27:64:b2:10:ad:63:93:fb:77:67:d7:c3:1c:ce:b7:c1:e9:
         a8:bb:d9:fa:8b:85:19:5b:0e:cc:fa:6e:e0:48:4a:d9:5a:cf:
         22:6c:24:8d:45:45:2d:86:87:a0:15:f9:59:2e:95:fc:0a:6c:
         4a:dc:60:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAm9B8bhSSYbJ7VUyB27iYyHc4XQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcwOTQ0MDNaFw0yNjA2MjYwOTQ5MDNaMDMxMTAvBgNV
BAMTKDQzRkE5QjNFQTg2RjNEQTI2Nzg2ODMxOUQ3MTVGRkExMkU4NDkwREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsylCgPlxgeUyB8ZQUjc0VF7YU
nyNjezg4nP4AGe/dx9xouRmd4kOudF8VAkE3a3DReMkRv4T04aWdThtSU+FIp+Rm
dcz8k2UNOQUYcfSfZn4di2M2CaPBlPLbG5R9L1EoQ7QSO0+nY31jdJ4XEJxHA4dG
4CpkBCeOzKWcYOIjoXJ+95E6gKfBA1uJll7JqCdJ1aDDGTla5hrmaDGwxD1hzuRY
+Ct7zF1AO+cCx1YraPttWgK9rma7u6AKdYXxCE5CG/GtHM++qSIOyY7g4I+DTQQx
wgUEqlCMAcIhR7teqb+nLxP4ZlR/2GbSZDNlDlcZJH08Hv2dFaylba8jd/PzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQ/qbPqhvPaJnhoMZ1xX/oS6EkN8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4dS
MA0GCSqGSIb3DQEBCwUAA4IBAQAw7oFnJZupZJAJarAe/TGhklSPCGCnU51kAYPX
R8dGmqXKJt3uDEsBulHet5eBfsC/2piRV0JMZEjLyQteX8xWSFFty6z92NO9fWkf
WEU1ZGR4S+XvmaG9h3GVXO2wK1tmFH9D+mpTX1wt7ki3aZO0/rG7+z2DS0Kr7Rv8
k2Rk/MQBnnTxDYbKkG+owVAxkaX4IGHMKDZBKQclpXxYaNhu1e0/gfm8b/9uA3NB
0rjEzT4r/XXtNsnXvSXWtQQJ/N59D9KROY4yJ2SyEK1jk/t3Z9fDHM63wemou9n6
i4UZWw7M+m7gSErZWs8ibCSNRUUthoegFflZLpX8CmxK3GBt
-----END CERTIFICATE-----