Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          9c6EhVOgPCblt3ZJQ4bKUgJK75M48HT5nlqaInlT8M4=
Subject key identifier:   D6:11:19:39:F9:50:50:BD:8E:C8:31:71:D2:06:7E:2B:76:4D:57:13
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6B0713ED0F1E8663316AC3F5A9190D5C5EFC4393
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
Signing time:             Sat 17 May 2025 04:05:30 +0000
ROA not before:           Sat 17 May 2025 04:00:30 +0000
ROA not after:            Sat 16 May 2026 04:05:30 +0000
asID:                     138195
IP address blocks:        146.103.27.0/24 maxlen: 24
                          155.117.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:07:13:ed:0f:1e:86:63:31:6a:c3:f5:a9:19:0d:5c:5e:fc:43:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 17 04:00:30 2025 GMT
            Not After : May 16 04:05:30 2026 GMT
        Subject: CN=D6111939F95050BD8EC83171D2067E2B764D5713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fd:6c:6f:87:b5:7e:47:28:69:4e:95:a4:78:
                    13:2b:cb:71:24:2b:56:cc:31:a7:47:30:97:51:62:
                    88:bb:af:8e:38:8a:65:4b:e7:a0:82:66:db:32:0c:
                    22:ab:78:f9:ed:67:62:0a:a4:45:08:01:b3:b0:53:
                    be:fd:80:32:e5:5a:e3:70:a5:26:50:52:1d:db:37:
                    c4:a9:d6:83:6f:58:14:28:ea:f5:33:24:e3:a9:bb:
                    89:93:34:69:21:15:54:4f:fb:1a:c0:50:f1:63:a2:
                    08:fb:56:62:7c:2f:a2:a0:27:f5:38:64:d9:53:62:
                    4b:27:d4:7c:bc:e0:79:5a:3a:6a:fc:29:6e:2b:b4:
                    29:5d:f4:15:30:84:b3:35:94:50:67:11:77:92:60:
                    f6:f6:27:3e:78:0c:23:52:7a:33:df:ae:12:87:24:
                    50:21:3e:13:ef:c5:45:24:22:ce:11:be:3e:15:a9:
                    ba:04:1f:9c:7a:8e:c4:27:04:51:6b:f5:00:e1:25:
                    90:b7:1e:f9:15:5c:b3:21:e3:c0:e0:a8:22:0b:7b:
                    ef:39:9b:1c:76:7b:da:6d:c1:29:74:93:29:c5:da:
                    11:a6:c9:e7:8b:ca:88:81:a3:8f:48:c9:4f:6f:49:
                    8c:9c:61:7e:a7:84:32:e3:d6:04:5a:4d:72:5b:79:
                    40:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:11:19:39:F9:50:50:BD:8E:C8:31:71:D2:06:7E:2B:76:4D:57:13
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.27.0/24
                  155.117.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:51:28:0e:37:9d:94:83:1f:77:59:e4:c5:cc:c2:c8:0f:33:
         e9:a9:c8:2f:fd:91:e8:42:72:7d:78:2f:76:d1:02:9f:6f:09:
         93:1d:cd:83:79:af:8d:71:f6:9c:0e:3d:8e:81:af:27:8f:39:
         8a:4f:bc:b6:e0:fa:c0:7a:37:c8:3e:8b:7f:06:d5:0a:aa:1d:
         be:9b:49:29:91:dd:94:85:98:72:4f:ba:5d:7d:9d:3f:b7:7b:
         8d:50:89:60:5a:df:5f:e5:b9:80:4c:1a:7d:d0:cf:35:f5:a5:
         cd:fb:56:18:ef:5d:8e:24:bc:9c:4a:52:fa:17:11:59:79:e7:
         7d:10:8c:07:42:99:df:1b:e4:ec:d6:94:17:e1:bc:80:32:aa:
         03:81:25:3a:73:af:b6:9d:d0:93:8f:0d:81:b8:45:5f:b8:68:
         7a:1b:3a:ae:76:39:12:1b:fd:e9:ea:8f:d8:52:30:8f:3f:75:
         f0:05:9a:35:b6:5d:f4:d9:e6:49:5a:a4:ec:c5:8d:e3:e5:76:
         38:c1:36:d0:fd:66:02:b3:f3:75:a0:57:76:b0:c7:08:33:8e:
         27:8f:10:ad:9d:fb:db:43:44:92:b8:3e:f2:ea:93:aa:ad:2b:
         b6:f6:72:70:15:31:69:00:36:5f:a3:ff:ce:6e:c9:f3:8e:1c:
         0b:bf:25:31
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUawcT7Q8ehmMxasP1qRkNXF78Q5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTcwNDAwMzBaFw0yNjA1MTYwNDA1MzBaMDMxMTAvBgNV
BAMTKEQ2MTExOTM5Rjk1MDUwQkQ4RUM4MzE3MUQyMDY3RTJCNzY0RDU3MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe/Wxvh7V+RyhpTpWkeBMry3Ek
K1bMMadHMJdRYoi7r444imVL56CCZtsyDCKrePntZ2IKpEUIAbOwU779gDLlWuNw
pSZQUh3bN8Sp1oNvWBQo6vUzJOOpu4mTNGkhFVRP+xrAUPFjogj7VmJ8L6KgJ/U4
ZNlTYksn1Hy84HlaOmr8KW4rtCld9BUwhLM1lFBnEXeSYPb2Jz54DCNSejPfrhKH
JFAhPhPvxUUkIs4Rvj4VqboEH5x6jsQnBFFr9QDhJZC3HvkVXLMh48DgqCILe+85
mxx2e9ptwSl0kynF2hGmyeeLyoiBo49IyU9vSYycYX6nhDLj1gRaTXJbeUD5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU1hEZOflQUL2OyDFx0gZ+K3ZNVxMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkmcb
AwQAm3VaMA0GCSqGSIb3DQEBCwUAA4IBAQCAUSgON52Ugx93WeTFzMLIDzPpqcgv
/ZHoQnJ9eC920QKfbwmTHc2Dea+NcfacDj2Oga8njzmKT7y24PrAejfIPot/BtUK
qh2+m0kpkd2UhZhyT7pdfZ0/t3uNUIlgWt9f5bmATBp90M819aXN+1YY712OJLyc
SlL6FxFZeed9EIwHQpnfG+Ts1pQX4byAMqoDgSU6c6+2ndCTjw2BuEVfuGh6Gzqu
djkSG/3p6o/YUjCPP3XwBZo1tl302eZJWqTsxY3j5XY4wTbQ/WYCs/N1oFd2sMcI
M44njxCtnfvbQ0SSuD7y6pOqrSu29nJwFTFpADZfo//ObsnzjhwLvyUx
-----END CERTIFICATE-----