Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216138.roa
File:                     AS216138.roa (raw, json)
Hash identifier:          1qLnxF9vQAPhtzX4sMGQSLYOlfuSOKW2nSVejXA5LOY=
Subject key identifier:   42:7F:80:02:77:1C:75:9B:A2:CD:5B:DE:8F:89:4B:F8:03:F7:71:77
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       62F8282ED4A30F8640E3F3154E91ADF8E5B590E8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216138.roa
Signing time:             Tue 12 Aug 2025 13:59:06 +0000
ROA not before:           Tue 12 Aug 2025 13:54:06 +0000
ROA not after:            Tue 11 Aug 2026 13:59:06 +0000
asID:                     216138
IP address blocks:        95.135.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:f8:28:2e:d4:a3:0f:86:40:e3:f3:15:4e:91:ad:f8:e5:b5:90:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 12 13:54:06 2025 GMT
            Not After : Aug 11 13:59:06 2026 GMT
        Subject: CN=427F8002771C759BA2CD5BDE8F894BF803F77177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:94:7f:4d:1d:cb:81:4e:d6:0e:38:20:bb:94:
                    56:67:19:c1:9c:d2:dd:5d:3f:8f:13:f7:46:db:76:
                    37:f6:ee:22:3e:83:05:b6:12:54:f0:0e:9e:ee:92:
                    23:14:3a:ef:92:26:80:a1:3b:98:b7:0b:22:58:89:
                    9c:b5:7b:f3:c0:31:c0:3f:38:42:19:5f:e0:e6:d6:
                    d8:d5:4e:71:65:dc:c9:73:8a:12:0a:71:a8:49:75:
                    63:c4:3c:3b:52:91:bf:1f:58:0d:f3:ac:b8:cd:36:
                    0f:e6:9f:3a:e6:86:37:06:be:d0:28:e8:99:a8:32:
                    ae:f6:7c:c4:8c:b8:af:9a:d9:95:73:d4:d9:89:fe:
                    2e:a5:76:49:1b:2e:5e:4d:d3:5e:36:ff:ed:f6:1f:
                    e0:8f:87:cd:c6:81:37:26:b4:0c:69:68:e3:be:00:
                    e2:0b:1d:f1:af:bc:d6:fc:8d:a7:af:65:45:f0:e1:
                    8b:e4:94:07:26:63:3b:cb:ed:18:9f:64:8e:e1:92:
                    81:0e:e7:bc:cf:d3:1b:7e:3e:ef:c2:95:85:18:05:
                    18:4c:02:10:0c:60:39:cd:54:36:ed:45:21:36:e3:
                    9b:80:cc:0a:de:d7:64:9e:88:9c:5a:c0:c4:7d:8e:
                    1a:00:52:24:20:0f:e0:be:6d:3f:be:12:c1:fb:a2:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:7F:80:02:77:1C:75:9B:A2:CD:5B:DE:8F:89:4B:F8:03:F7:71:77
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:bf:b1:5f:0b:5d:b6:3a:88:ce:bf:c1:4b:be:5e:17:06:da:
         97:08:2b:5e:7f:b4:7d:30:2f:df:86:56:e7:b1:eb:1c:ad:7e:
         b3:1a:d1:2a:2b:a0:55:c3:29:94:49:57:44:77:f5:43:b1:93:
         47:3d:ec:bd:d0:3c:86:5d:9a:66:76:13:a1:21:bf:0c:31:98:
         1d:17:68:d7:8c:e2:97:ea:78:ec:12:9f:06:41:6d:e6:4f:e0:
         30:80:8e:66:26:45:7b:cb:00:28:04:1e:25:e9:8d:1e:99:ae:
         bd:c2:40:06:dd:b2:4a:d5:bd:7d:ca:39:8a:23:0e:e8:6d:25:
         d5:65:87:17:d0:95:70:28:85:9d:3a:89:14:31:63:af:56:92:
         26:77:fc:51:91:84:1d:65:c9:6b:11:00:80:c4:29:be:b5:49:
         39:29:dd:ef:53:08:5c:13:70:dc:0c:16:19:3f:70:6d:e4:10:
         80:ac:fe:8a:e0:a6:7d:b4:4e:ab:89:11:67:bb:18:2e:30:72:
         f2:52:18:0b:fc:5d:68:60:eb:91:a6:0c:43:bb:78:9f:03:06:
         0b:20:85:03:b0:fd:d6:a7:da:ba:1b:be:dc:f1:c6:84:72:f5:
         6d:ee:b6:1f:b7:65:28:4c:a9:a4:64:cd:22:2b:d3:5f:96:76:
         15:e1:bb:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYvgoLtSjD4ZA4/MVTpGt+OW1kOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MTIxMzU0MDZaFw0yNjA4MTExMzU5MDZaMDMxMTAvBgNV
BAMTKDQyN0Y4MDAyNzcxQzc1OUJBMkNENUJERThGODk0QkY4MDNGNzcxNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQColH9NHcuBTtYOOCC7lFZnGcGc
0t1dP48T90bbdjf27iI+gwW2ElTwDp7ukiMUOu+SJoChO5i3CyJYiZy1e/PAMcA/
OEIZX+Dm1tjVTnFl3MlzihIKcahJdWPEPDtSkb8fWA3zrLjNNg/mnzrmhjcGvtAo
6JmoMq72fMSMuK+a2ZVz1NmJ/i6ldkkbLl5N0142/+32H+CPh83GgTcmtAxpaOO+
AOILHfGvvNb8jaevZUXw4YvklAcmYzvL7RifZI7hkoEO57zP0xt+Pu/ClYUYBRhM
AhAMYDnNVDbtRSE245uAzAre12SeiJxawMR9jhoAUiQgD+C+bT++EsH7okxxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQn+AAnccdZuizVvej4lL+AP3cXcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE2MTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4e8
MA0GCSqGSIb3DQEBCwUAA4IBAQBGv7FfC122OojOv8FLvl4XBtqXCCtef7R9MC/f
hlbnsescrX6zGtEqK6BVwymUSVdEd/VDsZNHPey90DyGXZpmdhOhIb8MMZgdF2jX
jOKX6njsEp8GQW3mT+AwgI5mJkV7ywAoBB4l6Y0ema69wkAG3bJK1b19yjmKIw7o
bSXVZYcX0JVwKIWdOokUMWOvVpImd/xRkYQdZclrEQCAxCm+tUk5Kd3vUwhcE3Dc
DBYZP3Bt5BCArP6K4KZ9tE6riRFnuxguMHLyUhgL/F1oYOuRpgxDu3ifAwYLIIUD
sP3Wp9q6G77c8caEcvVt7rYft2UoTKmkZM0iK9NflnYV4buX
-----END CERTIFICATE-----