Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138156.roa
File:                     AS138156.roa (raw, json)
Hash identifier:          rcNlW3DbrGvjpdNjaUKdexrb709kdWYFR502MSmiZtA=
Subject key identifier:   AF:2E:AA:95:A5:3D:5B:B2:F3:4C:FB:91:52:82:3A:05:31:85:45:51
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1E5A9EA38D8DF2E081C2D7D6A76A2F2F68A4CE5B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138156.roa
Signing time:             Fri 18 Jul 2025 14:54:13 +0000
ROA not before:           Fri 18 Jul 2025 14:49:13 +0000
ROA not after:            Fri 17 Jul 2026 14:54:13 +0000
asID:                     138156
IP address blocks:        147.79.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:5a:9e:a3:8d:8d:f2:e0:81:c2:d7:d6:a7:6a:2f:2f:68:a4:ce:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 18 14:49:13 2025 GMT
            Not After : Jul 17 14:54:13 2026 GMT
        Subject: CN=AF2EAA95A53D5BB2F34CFB9152823A0531854551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d9:1f:56:e3:f4:3b:37:2c:f8:d0:cb:3d:81:
                    7c:01:c4:ac:ae:5e:df:b0:5c:a9:45:cd:cb:cf:a4:
                    cf:b5:89:be:b2:af:4c:08:09:61:92:98:c2:6e:cc:
                    47:e0:b5:0d:64:a7:8f:c3:87:58:f0:ea:16:39:af:
                    0a:c6:d0:ee:9e:cd:46:27:d9:3d:b1:37:f6:10:b7:
                    39:73:82:cb:07:f1:de:cd:4e:08:a6:c9:15:84:fc:
                    dc:80:d6:8f:98:34:3c:73:ef:8e:c5:41:6d:74:39:
                    4c:d0:0c:ef:21:77:ac:9e:9a:2a:d7:00:a0:3b:40:
                    3a:57:fb:2b:80:98:d0:84:95:9e:bd:2f:eb:6b:41:
                    b3:ec:52:96:21:7e:58:93:58:45:68:c9:bf:94:2c:
                    25:dc:8f:ea:3f:68:c5:e0:27:b3:8b:44:1b:a9:6b:
                    8d:2c:40:82:7d:8e:ed:e3:d1:51:a8:41:cd:5d:7c:
                    df:d2:9c:e8:ce:3f:f7:59:63:b5:9a:9d:6d:09:93:
                    54:d9:1a:ca:5d:06:b9:f7:1a:de:29:62:e9:6f:48:
                    6e:fc:e1:70:db:6f:2f:c9:91:75:d4:7d:f7:10:c2:
                    9f:bf:9a:7e:de:45:ef:3f:df:8e:38:82:88:f2:e4:
                    01:02:0c:35:e0:d5:ac:33:9f:3d:6d:e1:a0:5b:4c:
                    43:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:2E:AA:95:A5:3D:5B:B2:F3:4C:FB:91:52:82:3A:05:31:85:45:51
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138156.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b7:4a:a8:30:db:52:19:7d:2b:35:12:8f:61:aa:58:56:80:
         e6:41:41:5b:a1:de:37:2a:9b:89:84:e8:e7:0c:5b:fb:82:93:
         ed:f5:a1:42:16:da:a8:9f:d2:b7:93:d5:2b:5d:4f:b7:d7:a5:
         2b:cf:f0:b2:d9:77:bc:14:a0:c7:46:4b:48:25:0f:ae:24:f1:
         03:4f:5b:e5:5c:1c:6c:9c:cc:c4:20:7c:bc:4b:2b:4d:b8:a8:
         41:9d:97:32:45:22:6b:09:58:37:ad:ad:3d:bd:6e:7c:33:ea:
         f7:79:63:e7:7d:72:2c:38:21:b6:c5:25:0b:3a:38:8f:5e:ee:
         47:a1:14:44:50:0a:23:73:c5:6c:43:ba:a5:11:77:fa:97:ec:
         bc:1a:b7:1d:3a:dc:c9:c4:8a:b6:9a:9c:54:02:69:2e:07:f8:
         a1:c0:00:da:e2:6b:d3:f2:ec:ec:91:72:9f:b8:83:0d:d8:1e:
         6a:22:79:17:66:ef:13:33:70:b7:35:31:d4:0a:6f:73:f2:00:
         fe:4d:6d:5e:17:ad:cd:87:35:25:7c:06:c4:0c:9f:d0:50:25:
         1f:36:60:93:50:79:3d:ef:08:70:df:aa:a9:e7:40:c6:5b:fc:
         04:39:cd:65:11:61:4f:f6:68:82:a9:ad:66:11:d7:d8:7e:77:
         03:f4:83:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHlqeo42N8uCBwtfWp2ovL2ikzlswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTgxNDQ5MTNaFw0yNjA3MTcxNDU0MTNaMDMxMTAvBgNV
BAMTKEFGMkVBQTk1QTUzRDVCQjJGMzRDRkI5MTUyODIzQTA1MzE4NTQ1NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm2R9W4/Q7Nyz40Ms9gXwBxKyu
Xt+wXKlFzcvPpM+1ib6yr0wICWGSmMJuzEfgtQ1kp4/Dh1jw6hY5rwrG0O6ezUYn
2T2xN/YQtzlzgssH8d7NTgimyRWE/NyA1o+YNDxz747FQW10OUzQDO8hd6yemirX
AKA7QDpX+yuAmNCElZ69L+trQbPsUpYhfliTWEVoyb+ULCXcj+o/aMXgJ7OLRBup
a40sQIJ9ju3j0VGoQc1dfN/SnOjOP/dZY7WanW0Jk1TZGspdBrn3Gt4pYulvSG78
4XDbby/JkXXUffcQwp+/mn7eRe8/3444gojy5AECDDXg1awznz1t4aBbTEPfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUry6qlaU9W7LzTPuRUoI6BTGFRVEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk083
MA0GCSqGSIb3DQEBCwUAA4IBAQBAt0qoMNtSGX0rNRKPYapYVoDmQUFbod43KpuJ
hOjnDFv7gpPt9aFCFtqon9K3k9UrXU+316Urz/Cy2Xe8FKDHRktIJQ+uJPEDT1vl
XBxsnMzEIHy8SytNuKhBnZcyRSJrCVg3ra09vW58M+r3eWPnfXIsOCG2xSULOjiP
Xu5HoRREUAojc8VsQ7qlEXf6l+y8GrcdOtzJxIq2mpxUAmkuB/ihwADa4mvT8uzs
kXKfuIMN2B5qInkXZu8TM3C3NTHUCm9z8gD+TW1eF63NhzUlfAbEDJ/QUCUfNmCT
UHk97whw36qp50DGW/wEOc1lEWFP9miCqa1mEdfYfncD9IOk
-----END CERTIFICATE-----