Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          K3Heo+fab2s931w9iXnnntMDRRRJ2F2uY3vpwhLqWHc=
Subject key identifier:   AD:4F:7D:EB:74:0C:AD:86:F7:69:26:9D:D2:E3:9F:19:1D:FA:E2:98
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2F59D084646974A7C30E5415D9CE035BE5E3B590
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
Signing time:             Fri 07 Mar 2025 03:10:27 +0000
ROA not before:           Fri 07 Mar 2025 03:05:27 +0000
ROA not after:            Fri 06 Mar 2026 03:10:27 +0000
asID:                     138195
IP address blocks:        96.62.71.0/24 maxlen: 24
                          146.103.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:59:d0:84:64:69:74:a7:c3:0e:54:15:d9:ce:03:5b:e5:e3:b5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  7 03:05:27 2025 GMT
            Not After : Mar  6 03:10:27 2026 GMT
        Subject: CN=AD4F7DEB740CAD86F769269DD2E39F191DFAE298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ca:2d:d5:93:6e:ba:d9:24:d4:cd:b4:da:76:
                    eb:b8:7f:eb:09:33:24:c1:55:f1:13:7f:e4:13:d2:
                    19:eb:04:e2:8a:a0:74:ff:86:5a:62:99:b9:45:7c:
                    50:c9:04:a5:83:43:c2:bd:91:d2:6d:9c:c0:b4:a8:
                    92:c4:8e:e4:74:6d:22:ef:95:be:76:48:4d:b1:a7:
                    78:2d:78:16:c6:84:8c:a8:12:be:07:58:9c:27:ef:
                    bb:d7:a9:83:bd:27:e3:3c:e1:29:48:da:c4:a8:0b:
                    b7:03:1f:7d:3e:6d:25:b7:4f:97:b6:70:9f:8b:fc:
                    69:c8:7a:63:fe:e6:2f:21:9a:f2:51:94:1e:60:05:
                    89:aa:13:3b:a1:74:eb:fb:10:7d:c3:c0:72:58:85:
                    ce:ac:28:e7:55:12:26:46:77:7e:aa:ac:b0:ea:b4:
                    0e:b2:ae:fb:a7:f5:84:dd:a7:66:35:6b:5c:16:e5:
                    0a:73:9d:aa:5b:18:88:a8:03:ae:33:b5:9c:63:11:
                    08:fe:96:2b:ef:d3:f6:6e:e0:7e:9d:12:4a:1d:4d:
                    07:fa:1a:ca:06:57:20:2b:b5:c9:eb:10:1d:c1:0f:
                    a2:76:89:9e:5c:b4:ea:15:60:07:52:a7:f1:c5:53:
                    ad:a2:68:90:ac:d8:4a:c6:55:cb:92:c2:12:05:e7:
                    45:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:4F:7D:EB:74:0C:AD:86:F7:69:26:9D:D2:E3:9F:19:1D:FA:E2:98
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.71.0/24
                  146.103.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ad:59:33:52:a4:c0:de:f3:c2:6c:ae:25:99:ab:1a:62:f0:
         e8:e9:8b:47:22:d3:7e:d8:ee:a3:c4:49:8e:8a:b6:88:35:23:
         1d:ac:f4:8c:aa:c6:92:5a:39:52:15:2f:63:de:71:4b:70:1a:
         18:9e:57:eb:19:87:67:e7:a9:a4:49:f7:58:21:76:76:9e:57:
         d0:f9:6a:d5:31:ea:7b:bc:97:11:5e:ad:b1:e1:6c:6b:e4:43:
         59:65:21:86:0c:68:c6:55:6d:8d:83:5d:02:29:e0:29:3b:12:
         e5:b1:81:20:4f:0c:d4:ec:cb:75:bb:21:1e:39:ce:89:04:3a:
         88:24:5c:78:b9:07:29:fa:e5:80:65:69:49:72:95:61:53:ef:
         09:22:3a:40:13:ae:68:9a:ac:73:b4:50:eb:97:9d:88:b4:bd:
         2a:e6:2c:f8:b3:0f:19:29:9e:cc:6f:78:f8:98:4d:26:da:f8:
         78:1d:e5:06:1e:ec:54:90:b5:d0:74:f7:90:6d:0a:8a:28:6a:
         fe:a8:10:27:ae:37:24:51:46:0b:e1:6d:34:b1:1e:56:26:58:
         d2:97:89:fe:4e:8b:3d:64:9d:b7:91:fe:e1:8f:92:14:a3:50:
         9d:3b:56:38:17:01:7f:e0:23:9e:b3:84:38:60:cc:32:b6:12:
         19:a7:69:20
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUL1nQhGRpdKfDDlQV2c4DW+XjtZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMDcwMzA1MjdaFw0yNjAzMDYwMzEwMjdaMDMxMTAvBgNV
BAMTKEFENEY3REVCNzQwQ0FEODZGNzY5MjY5REQyRTM5RjE5MURGQUUyOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6yi3Vk2662STUzbTaduu4f+sJ
MyTBVfETf+QT0hnrBOKKoHT/hlpimblFfFDJBKWDQ8K9kdJtnMC0qJLEjuR0bSLv
lb52SE2xp3gteBbGhIyoEr4HWJwn77vXqYO9J+M84SlI2sSoC7cDH30+bSW3T5e2
cJ+L/GnIemP+5i8hmvJRlB5gBYmqEzuhdOv7EH3DwHJYhc6sKOdVEiZGd36qrLDq
tA6yrvun9YTdp2Y1a1wW5QpznapbGIioA64ztZxjEQj+livv0/Zu4H6dEkodTQf6
GsoGVyArtcnrEB3BD6J2iZ5ctOoVYAdSp/HFU62iaJCs2ErGVcuSwhIF50VbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUrU9963QMrYb3aSad0uOfGR364pgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAYD5H
AwQAkmcbMA0GCSqGSIb3DQEBCwUAA4IBAQB4rVkzUqTA3vPCbK4lmasaYvDo6YtH
ItN+2O6jxEmOiraINSMdrPSMqsaSWjlSFS9j3nFLcBoYnlfrGYdn56mkSfdYIXZ2
nlfQ+WrVMep7vJcRXq2x4Wxr5ENZZSGGDGjGVW2Ng10CKeApOxLlsYEgTwzU7Mt1
uyEeOc6JBDqIJFx4uQcp+uWAZWlJcpVhU+8JIjpAE65omqxztFDrl52ItL0q5iz4
sw8ZKZ7Mb3j4mE0m2vh4HeUGHuxUkLXQdPeQbQqKKGr+qBAnrjckUUYL4W00sR5W
JljSl4n+Tos9ZJ23kf7hj5IUo1CdO1Y4FwF/4COes4Q4YMwythIZp2kg
-----END CERTIFICATE-----