Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          yyR32aJQd1vfY91jdHE4IZlXunSCXNokEeGVKSqWz1g=
Subject key identifier:   9E:6F:9A:B7:41:0E:7A:F9:C4:DE:E3:5C:18:2F:7F:B7:5D:F0:1B:B1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       76A31A2D7F6D03D5AE0A75B9655620E27BDF1AE1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
Signing time:             Thu 11 Jul 2024 00:01:59 +0000
ROA not before:           Wed 10 Jul 2024 23:56:59 +0000
ROA not after:            Thu 10 Jul 2025 00:01:59 +0000
asID:                     138195
IP address blocks:        146.103.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a3:1a:2d:7f:6d:03:d5:ae:0a:75:b9:65:56:20:e2:7b:df:1a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 10 23:56:59 2024 GMT
            Not After : Jul 10 00:01:59 2025 GMT
        Subject: CN=9E6F9AB7410E7AF9C4DEE35C182F7FB75DF01BB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8b:16:8d:5d:66:dd:d5:04:b6:68:e9:f8:fe:
                    bb:9f:22:6d:3a:79:0c:cc:72:5c:8d:80:74:48:d0:
                    b9:cc:72:1f:03:a5:6b:66:da:15:6e:d7:cc:9a:97:
                    5f:14:4b:0b:57:92:a3:0e:bd:fa:e3:79:c4:f3:c4:
                    56:17:57:be:9e:9b:c0:a6:36:06:a6:4f:aa:4b:61:
                    98:38:a4:cb:e8:51:02:ba:67:e5:24:57:91:38:20:
                    12:26:71:f2:29:2d:4c:ba:9d:19:9b:d5:34:e6:0b:
                    3d:64:f1:d9:71:15:fa:9f:fd:91:a1:e6:b7:11:d3:
                    68:c0:67:6a:d5:54:8b:ad:01:6b:77:2d:13:39:63:
                    c7:d6:37:87:cf:10:a4:4c:92:9c:e3:f4:8f:4c:ad:
                    50:31:5b:c9:a0:24:03:f8:9f:52:c8:e4:c4:30:41:
                    1d:8b:1b:b5:ac:3b:a7:55:53:cd:64:42:bd:ae:40:
                    b1:52:4e:30:28:9c:85:77:ac:75:c8:f5:a6:45:09:
                    fd:57:24:58:89:cd:40:7b:94:58:d0:95:78:21:52:
                    11:bd:30:37:b2:fd:ca:1e:30:b9:a4:3f:4c:6c:76:
                    7b:28:8a:e8:a5:b8:5f:c7:fc:7f:0e:bc:2a:e7:19:
                    2b:0d:fc:7f:9f:75:73:94:88:94:0a:13:e4:ee:b6:
                    54:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:6F:9A:B7:41:0E:7A:F9:C4:DE:E3:5C:18:2F:7F:B7:5D:F0:1B:B1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:cf:6f:d6:94:2f:84:67:e7:9c:8a:ee:58:7f:44:dd:7b:92:
         44:2b:b4:96:94:e8:7d:02:0f:ee:d0:61:a3:f8:c5:92:07:32:
         36:f8:a5:e1:a6:a7:47:51:e2:4d:d0:59:b5:99:10:6d:2e:23:
         38:ff:41:fa:0a:26:73:ca:f1:aa:c2:8b:8c:d0:e7:49:cc:51:
         11:d7:53:89:6b:e9:5b:f4:a1:83:8d:cf:95:d8:45:66:3e:1f:
         03:55:96:e7:98:a0:f6:5f:df:41:8a:c7:c2:04:e3:0f:42:4c:
         f7:5e:dc:c8:ea:59:a4:70:4d:56:a3:b8:e8:0f:b0:3d:26:fb:
         8c:65:6e:c6:d1:dc:75:86:f9:87:72:cd:9c:f8:6b:e8:14:6b:
         d0:e9:3b:de:a1:d6:5a:08:d6:93:0b:36:d0:a8:75:03:59:3f:
         4a:f7:a6:7f:b7:dd:ea:a1:6e:08:f7:8b:4c:5a:73:65:be:4e:
         8d:77:9c:fc:27:64:db:b2:99:f8:70:e9:97:f7:7e:47:ba:97:
         4c:86:c7:ef:2d:df:b9:84:c2:a2:e6:12:ad:ae:a9:5e:57:22:
         b8:d3:22:af:8c:5c:c1:ac:e4:66:d4:81:1e:18:24:e4:77:3a:
         27:b2:5a:f4:ac:2a:67:89:4f:86:c8:62:d4:8d:9d:fe:55:03:
         bf:e3:96:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdqMaLX9tA9WuCnW5ZVYg4nvfGuEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MTAyMzU2NTlaFw0yNTA3MTAwMDAxNTlaMDMxMTAvBgNV
BAMTKDlFNkY5QUI3NDEwRTdBRjlDNERFRTM1QzE4MkY3RkI3NURGMDFCQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAixaNXWbd1QS2aOn4/rufIm06
eQzMclyNgHRI0LnMch8DpWtm2hVu18yal18USwtXkqMOvfrjecTzxFYXV76em8Cm
NgamT6pLYZg4pMvoUQK6Z+UkV5E4IBImcfIpLUy6nRmb1TTmCz1k8dlxFfqf/ZGh
5rcR02jAZ2rVVIutAWt3LRM5Y8fWN4fPEKRMkpzj9I9MrVAxW8mgJAP4n1LI5MQw
QR2LG7WsO6dVU81kQr2uQLFSTjAonIV3rHXI9aZFCf1XJFiJzUB7lFjQlXghUhG9
MDey/coeMLmkP0xsdnsoiuiluF/H/H8OvCrnGSsN/H+fdXOUiJQKE+TutlR1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnm+at0EOevnE3uNcGC9/t13wG7EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcb
MA0GCSqGSIb3DQEBCwUAA4IBAQArz2/WlC+EZ+eciu5Yf0Tde5JEK7SWlOh9Ag/u
0GGj+MWSBzI2+KXhpqdHUeJN0Fm1mRBtLiM4/0H6CiZzyvGqwouM0OdJzFER11OJ
a+lb9KGDjc+V2EVmPh8DVZbnmKD2X99BisfCBOMPQkz3XtzI6lmkcE1Wo7joD7A9
JvuMZW7G0dx1hvmHcs2c+GvoFGvQ6TveodZaCNaTCzbQqHUDWT9K96Z/t93qoW4I
94tMWnNlvk6Nd5z8J2Tbspn4cOmX935HupdMhsfvLd+5hMKi5hKtrqleVyK40yKv
jFzBrORm1IEeGCTkdzonslr0rCpniU+GyGLUjZ3+VQO/45a8
-----END CERTIFICATE-----