Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          t7BhyShNE6Yyg5BLvQyp3WlO1jrjfXsHLc1i6oPPCjk=
Subject key identifier:   F5:9D:93:A6:24:5F:4F:EB:BC:69:25:5D:24:3E:50:CC:77:89:CC:A1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       373B030C4CFFCBD20071DAD074F21A72CBE3AF01
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
Signing time:             Mon 02 Mar 2026 00:00:35 +0000
ROA not before:           Sun 01 Mar 2026 23:55:35 +0000
ROA not after:            Mon 01 Mar 2027 00:00:35 +0000
asID:                     137235
IP address blocks:        143.14.162.0/24 maxlen: 24
                          162.141.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 07:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:3b:03:0c:4c:ff:cb:d2:00:71:da:d0:74:f2:1a:72:cb:e3:af:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  1 23:55:35 2026 GMT
            Not After : Mar  1 00:00:35 2027 GMT
        Subject: CN=F59D93A6245F4FEBBC69255D243E50CC7789CCA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fa:65:a3:53:a7:7b:0b:83:ae:cd:bb:45:a6:
                    e6:32:b3:31:a7:45:4a:89:93:95:92:b9:e4:e5:d4:
                    3d:ce:f5:1b:5b:7e:b5:b9:59:1a:a7:98:3c:17:c8:
                    55:c4:19:d2:a8:91:e2:7f:db:9e:5a:3d:17:68:04:
                    bc:ef:14:79:79:f8:a5:44:fd:42:fd:da:82:23:72:
                    15:24:7b:44:1d:8d:23:11:07:92:fc:92:0c:de:bd:
                    f7:c8:7c:31:eb:9c:69:9c:03:70:25:f8:2e:43:16:
                    90:62:d1:e8:1c:7e:61:ee:ea:82:a2:5b:ad:65:a7:
                    da:f8:ea:8a:79:6b:7a:eb:fc:04:65:dd:9e:7e:88:
                    74:9a:d8:45:35:81:d5:40:81:d3:f3:06:68:e5:2e:
                    aa:ee:93:10:69:9b:fa:95:93:e1:7b:3b:b8:dd:ce:
                    ca:b3:c6:99:f5:5e:ae:64:fd:fa:49:fd:dd:d4:dd:
                    78:aa:44:80:c0:24:19:a4:9a:3b:8c:b6:54:b7:50:
                    8f:7c:4f:1a:88:ac:09:45:68:6c:5e:55:fe:37:ef:
                    33:1f:91:33:7a:a7:da:a7:c6:d2:b7:1a:25:8a:8c:
                    37:f3:37:0b:52:bd:fb:09:ae:df:db:71:c9:0d:f8:
                    02:59:b1:28:10:ba:7f:78:63:42:d0:c7:8c:e9:a9:
                    54:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9D:93:A6:24:5F:4F:EB:BC:69:25:5D:24:3E:50:CC:77:89:CC:A1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.162.0/24
                  162.141.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:97:ad:b4:7d:d3:84:26:c5:11:b5:0f:33:7b:08:c9:dd:00:
         da:f1:66:d1:c8:83:26:f9:bf:ee:dd:4e:68:33:d4:0f:ba:3d:
         c2:3e:78:4f:9a:12:24:e1:24:34:75:d5:f1:18:e3:3d:a4:f5:
         a3:60:f7:42:4b:69:d2:bd:cc:c0:4f:9a:03:c1:78:6b:47:b9:
         ac:84:2e:f7:45:74:8d:f6:e5:a2:03:45:19:6c:9a:c8:46:72:
         c3:b5:11:f6:97:d8:ed:c6:4c:27:05:f2:51:0a:48:34:d2:36:
         a8:a4:38:2a:6f:d2:ff:33:72:6e:e2:66:eb:4e:57:e8:12:31:
         d1:56:ba:95:c5:67:6b:51:50:36:ec:4f:fb:da:da:b8:f7:2c:
         c1:1c:a6:9a:97:b9:cd:97:cd:4a:c7:92:6a:c9:17:2a:3a:b4:
         e7:c4:fa:4e:06:ec:84:2b:b7:5b:a2:32:a8:cb:3a:6a:ed:1b:
         c0:37:46:28:78:22:6e:ff:7e:3e:7b:e0:3e:e9:6e:34:4e:ed:
         78:9e:c6:5b:41:36:4a:e9:c1:60:12:c3:cd:9c:7e:31:2a:70:
         56:4d:47:d6:71:67:b4:64:13:0f:cb:da:e9:39:86:21:14:8c:
         70:68:a0:10:c8:2c:4c:27:42:e2:20:fe:85:4f:42:c8:bd:1c:
         63:46:85:93
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNzsDDEz/y9IAcdrQdPIacsvjrwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDEyMzU1MzVaFw0yNzAzMDEwMDAwMzVaMDMxMTAvBgNV
BAMTKEY1OUQ5M0E2MjQ1RjRGRUJCQzY5MjU1RDI0M0U1MENDNzc4OUNDQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1+mWjU6d7C4OuzbtFpuYyszGn
RUqJk5WSueTl1D3O9RtbfrW5WRqnmDwXyFXEGdKokeJ/255aPRdoBLzvFHl5+KVE
/UL92oIjchUke0QdjSMRB5L8kgzevffIfDHrnGmcA3Al+C5DFpBi0egcfmHu6oKi
W61lp9r46op5a3rr/ARl3Z5+iHSa2EU1gdVAgdPzBmjlLqrukxBpm/qVk+F7O7jd
zsqzxpn1Xq5k/fpJ/d3U3XiqRIDAJBmkmjuMtlS3UI98TxqIrAlFaGxeVf437zMf
kTN6p9qnxtK3GiWKjDfzNwtSvfsJrt/bcckN+AJZsSgQun94Y0LQx4zpqVTFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU9Z2TpiRfT+u8aSVdJD5QzHeJzKEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw6i
AwQAoo1yMA0GCSqGSIb3DQEBCwUAA4IBAQCBl620fdOEJsURtQ8zewjJ3QDa8WbR
yIMm+b/u3U5oM9QPuj3CPnhPmhIk4SQ0ddXxGOM9pPWjYPdCS2nSvczAT5oDwXhr
R7mshC73RXSN9uWiA0UZbJrIRnLDtRH2l9jtxkwnBfJRCkg00jaopDgqb9L/M3Ju
4mbrTlfoEjHRVrqVxWdrUVA27E/72tq49yzBHKaal7nNl81Kx5JqyRcqOrTnxPpO
BuyEK7dbojKoyzpq7RvAN0YoeCJu/34+e+A+6W40Tu14nsZbQTZK6cFgEsPNnH4x
KnBWTUfWcWe0ZBMPy9rpOYYhFIxwaKAQyCxMJ0LiIP6FT0LIvRxjRoWT
-----END CERTIFICATE-----