Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
File:                     AS38136.roa (raw, json)
Hash identifier:          FAxnNED5BhM26PwkulNI6yv7OJ0ZgQ+bD/NSbcAda0A=
Subject key identifier:   75:38:2F:C0:39:0C:1C:20:4E:78:EF:34:38:B5:65:D7:CE:D8:FD:83
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       47045A9411E457BB00AF3B8BEE2A65D343A24E5B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
Signing time:             Tue 08 Jul 2025 01:54:13 +0000
ROA not before:           Tue 08 Jul 2025 01:49:13 +0000
ROA not after:            Tue 07 Jul 2026 01:54:13 +0000
asID:                     38136
IP address blocks:        141.11.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:04:5a:94:11:e4:57:bb:00:af:3b:8b:ee:2a:65:d3:43:a2:4e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul  8 01:49:13 2025 GMT
            Not After : Jul  7 01:54:13 2026 GMT
        Subject: CN=75382FC0390C1C204E78EF3438B565D7CED8FD83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c8:f4:c6:bb:ba:c0:9e:eb:a1:22:e5:d1:02:
                    a2:7a:df:83:27:b6:d1:77:25:60:b2:54:fd:ba:f8:
                    33:ac:b7:b1:83:66:4f:66:22:06:8c:a4:89:59:11:
                    2f:8b:5d:c6:b8:05:63:ec:a0:51:38:9d:98:b1:ba:
                    f5:28:ab:8b:dc:e0:d6:9a:e2:8a:5c:3c:28:d6:93:
                    14:37:e7:6d:c8:1c:20:33:17:d7:2d:30:45:74:d2:
                    25:47:64:ca:47:56:ab:92:f5:ce:bb:bc:40:e7:92:
                    5c:69:26:5d:11:d6:2b:0c:09:f6:25:e2:9b:29:2a:
                    be:73:47:ce:12:17:30:df:cf:dd:1a:d3:a4:49:48:
                    08:c2:b4:27:97:e0:5a:7b:c1:37:43:58:21:39:0a:
                    ad:f3:ad:f2:0f:23:73:da:1b:d7:8d:07:a9:18:de:
                    cd:0a:a1:69:fd:7a:41:e2:49:ec:68:d5:9a:ff:bb:
                    7f:e6:f8:90:af:7d:64:1c:ae:5a:83:66:98:eb:ab:
                    00:82:2d:3c:e6:00:15:10:16:bf:a8:06:3b:2e:2f:
                    21:24:e8:e8:13:c1:7d:d2:df:33:37:f1:d6:ab:6e:
                    57:0d:9e:8d:49:ec:dd:18:04:b1:4f:49:38:0b:b8:
                    3c:32:d6:45:75:b4:b8:b7:cb:d2:de:8a:00:57:aa:
                    ef:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:38:2F:C0:39:0C:1C:20:4E:78:EF:34:38:B5:65:D7:CE:D8:FD:83
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:3d:40:f3:3c:48:44:be:f3:28:cf:0e:bc:41:1b:4f:52:5e:
         7d:fd:e9:46:e2:ba:7d:6d:36:79:fb:a8:5b:55:99:01:c8:db:
         b7:5d:41:b8:62:d6:d9:19:d0:bf:d4:77:74:22:2f:62:e8:88:
         87:01:2b:10:1c:a0:0e:26:2b:85:bd:3b:b9:13:20:f8:e4:5f:
         34:fe:3a:2f:93:f8:0d:ed:39:e6:0a:95:bd:26:64:f6:a1:6a:
         7b:53:46:96:cd:fe:7d:88:14:0e:27:1a:96:df:fa:8d:07:84:
         8e:d2:7a:30:8c:79:10:8a:9c:38:ff:b0:e3:e9:0a:1a:b4:dd:
         18:2c:30:31:d0:f9:94:53:0e:84:e8:14:af:b4:69:04:d0:b8:
         a7:c8:28:a2:c8:e5:ed:8f:41:b6:91:77:00:51:01:f5:e3:36:
         ab:00:9c:75:20:3b:51:84:1f:17:9a:2b:25:91:dc:81:36:d1:
         26:59:40:61:18:17:76:1f:f9:1b:e2:c9:85:44:76:4a:90:00:
         60:f1:8e:1f:55:56:1d:b3:3b:dc:2e:3f:39:d0:87:85:27:d5:
         db:58:ea:7f:af:bc:09:70:b9:4b:f3:e0:91:7f:d9:24:3c:05:
         ac:99:b4:30:23:e8:2a:86:3a:66:2b:75:c1:44:41:51:09:fb:
         56:45:45:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURwRalBHkV7sArzuL7ipl00OiTlswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MDgwMTQ5MTNaFw0yNjA3MDcwMTU0MTNaMDMxMTAvBgNV
BAMTKDc1MzgyRkMwMzkwQzFDMjA0RTc4RUYzNDM4QjU2NUQ3Q0VEOEZEODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDByPTGu7rAnuuhIuXRAqJ634Mn
ttF3JWCyVP26+DOst7GDZk9mIgaMpIlZES+LXca4BWPsoFE4nZixuvUoq4vc4Naa
4opcPCjWkxQ3523IHCAzF9ctMEV00iVHZMpHVquS9c67vEDnklxpJl0R1isMCfYl
4pspKr5zR84SFzDfz90a06RJSAjCtCeX4Fp7wTdDWCE5Cq3zrfIPI3PaG9eNB6kY
3s0KoWn9ekHiSexo1Zr/u3/m+JCvfWQcrlqDZpjrqwCCLTzmABUQFr+oBjsuLyEk
6OgTwX3S3zM38darblcNno1J7N0YBLFPSTgLuDwy1kV1tLi3y9LeigBXqu/7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdTgvwDkMHCBOeO80OLVl187Y/YMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzgxMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCyow
DQYJKoZIhvcNAQELBQADggEBAL09QPM8SES+8yjPDrxBG09SXn396Ubiun1tNnn7
qFtVmQHI27ddQbhi1tkZ0L/Ud3QiL2LoiIcBKxAcoA4mK4W9O7kTIPjkXzT+Oi+T
+A3tOeYKlb0mZPahantTRpbN/n2IFA4nGpbf+o0HhI7SejCMeRCKnDj/sOPpChq0
3RgsMDHQ+ZRTDoToFK+0aQTQuKfIKKLI5e2PQbaRdwBRAfXjNqsAnHUgO1GEHxea
KyWR3IE20SZZQGEYF3Yf+RviyYVEdkqQAGDxjh9VVh2zO9wuPznQh4Un1dtY6n+v
vAlwuUvz4JF/2SQ8BayZtDAj6CqGOmYrdcFEQVEJ+1ZFRR4=
-----END CERTIFICATE-----