Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          Df9Rw+yiWoI3XpbCMy9xhWdwnyy2+ny49Zlr2/TwI+Y=
Subject key identifier:   E7:D1:38:6C:AC:7C:CB:DB:2A:54:59:D9:08:82:2E:A2:0A:B7:CC:55
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1ED207C19E38EDA4C5912DB952D965BC945A4EA9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
Signing time:             Thu 03 Jul 2025 10:54:13 +0000
ROA not before:           Thu 03 Jul 2025 10:49:13 +0000
ROA not after:            Thu 02 Jul 2026 10:54:13 +0000
asID:                     137409
IP address blocks:        141.11.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 10:45:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:d2:07:c1:9e:38:ed:a4:c5:91:2d:b9:52:d9:65:bc:94:5a:4e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul  3 10:49:13 2025 GMT
            Not After : Jul  2 10:54:13 2026 GMT
        Subject: CN=E7D1386CAC7CCBDB2A5459D908822EA20AB7CC55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d2:ca:26:b5:5f:ce:48:bf:61:f6:c4:d4:29:
                    f2:73:8b:ed:bc:7a:28:03:2d:c9:58:a4:06:31:9d:
                    1b:53:b5:6e:d0:cd:7e:1b:44:df:49:f2:19:d9:8f:
                    73:99:cc:cb:ea:e6:22:51:52:32:5e:a2:4a:ea:3e:
                    38:8c:ea:4f:32:21:68:6f:dc:f5:16:55:7f:84:47:
                    7e:56:6d:66:ee:9f:fb:fa:00:ea:e3:b7:3d:85:a1:
                    6b:a3:9b:3e:41:bb:74:10:08:e2:50:21:43:78:6c:
                    a8:bb:84:ad:63:2c:78:2b:97:b8:2d:ea:b9:0b:34:
                    5e:94:24:4b:b5:fe:25:b8:bc:8e:f3:3f:47:fb:31:
                    42:01:c4:fa:2a:ec:41:ad:34:b4:34:1d:40:a5:51:
                    f5:9a:0f:f1:9e:e4:78:e2:8c:4f:03:13:1c:19:9a:
                    b2:4e:e9:76:e6:69:87:e7:44:c6:e5:cd:72:07:7d:
                    e0:e1:f2:eb:bb:8d:7e:00:6a:63:c2:33:ad:22:6e:
                    80:45:c6:3e:24:24:43:66:91:63:86:89:e1:41:0d:
                    84:28:bf:1c:9d:6f:09:48:a3:b4:a4:ed:94:03:9b:
                    21:0f:19:f9:77:71:24:fe:a6:81:8f:4d:ed:51:e9:
                    ec:a1:73:ee:15:f3:22:fd:fb:c7:22:61:ac:8a:9c:
                    40:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D1:38:6C:AC:7C:CB:DB:2A:54:59:D9:08:82:2E:A2:0A:B7:CC:55
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:4b:1a:7b:59:f0:07:49:9e:31:05:23:b8:77:98:33:38:ae:
         c0:3e:73:52:ba:4f:97:1c:80:a7:8c:fd:57:25:3e:c8:0d:9c:
         d9:05:60:34:92:39:f2:73:d7:f7:9a:d0:cd:8d:90:4c:5f:2d:
         41:73:1f:cd:d4:53:6c:68:bc:6c:40:aa:eb:a4:5d:f2:40:79:
         f9:69:20:ba:29:8e:a0:83:05:85:7a:c4:ce:17:7a:19:1f:85:
         b5:97:ba:04:02:7d:8c:85:8a:a4:a6:3f:9c:e2:a2:40:af:50:
         2c:bd:84:83:87:c5:22:57:2e:01:05:ee:e0:98:59:92:93:6a:
         cc:3a:b0:97:18:81:c2:dd:1a:06:eb:1f:9a:f1:d0:a6:5b:94:
         60:b3:ff:a7:ab:3d:fe:04:ee:bb:08:6f:e1:37:6f:a7:f1:8a:
         8e:d0:8c:09:1a:a9:d7:fd:a4:8c:90:97:07:eb:5f:3e:88:a3:
         05:c7:28:c2:44:3b:c1:85:8e:cb:fb:63:88:1a:a0:9c:e0:f6:
         c6:32:a5:11:c4:92:22:5a:4b:a4:26:0a:a6:c6:89:4e:e1:93:
         ee:40:e9:b0:71:c6:77:8c:6d:80:6a:77:7e:47:78:33:4d:b9:
         1a:fe:cf:4e:74:40:b6:71:0a:9d:b6:88:ad:d1:b6:9e:f5:6a:
         7f:21:0b:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHtIHwZ447aTFkS25UtllvJRaTqkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MDMxMDQ5MTNaFw0yNjA3MDIxMDU0MTNaMDMxMTAvBgNV
BAMTKEU3RDEzODZDQUM3Q0NCREIyQTU0NTlEOTA4ODIyRUEyMEFCN0NDNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0somtV/OSL9h9sTUKfJzi+28
eigDLclYpAYxnRtTtW7QzX4bRN9J8hnZj3OZzMvq5iJRUjJeokrqPjiM6k8yIWhv
3PUWVX+ER35WbWbun/v6AOrjtz2FoWujmz5Bu3QQCOJQIUN4bKi7hK1jLHgrl7gt
6rkLNF6UJEu1/iW4vI7zP0f7MUIBxPoq7EGtNLQ0HUClUfWaD/Ge5HjijE8DExwZ
mrJO6XbmaYfnRMblzXIHfeDh8uu7jX4AamPCM60iboBFxj4kJENmkWOGieFBDYQo
vxydbwlIo7Sk7ZQDmyEPGfl3cST+poGPTe1R6eyhc+4V8yL9+8ciYayKnEA3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU59E4bKx8y9sqVFnZCIIuogq3zFUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsk
MA0GCSqGSIb3DQEBCwUAA4IBAQCOSxp7WfAHSZ4xBSO4d5gzOK7APnNSuk+XHICn
jP1XJT7IDZzZBWA0kjnyc9f3mtDNjZBMXy1Bcx/N1FNsaLxsQKrrpF3yQHn5aSC6
KY6ggwWFesTOF3oZH4W1l7oEAn2MhYqkpj+c4qJAr1AsvYSDh8UiVy4BBe7gmFmS
k2rMOrCXGIHC3RoG6x+a8dCmW5Rgs/+nqz3+BO67CG/hN2+n8YqO0IwJGqnX/aSM
kJcH618+iKMFxyjCRDvBhY7L+2OIGqCc4PbGMqURxJIiWkukJgqmxolO4ZPuQOmw
ccZ3jG2Aand+R3gzTbka/s9OdEC2cQqdtoit0bae9Wp/IQvX
-----END CERTIFICATE-----