Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138888.roa
File:                     AS138888.roa (raw, json)
Hash identifier:          vlfD3g4fgGLC673H71W9MiE/nEKKHEcWNiBJRWIY74E=
Subject key identifier:   E0:BD:9E:33:FA:F0:7B:1D:A0:17:2D:EF:A2:59:7D:13:C7:BB:95:5B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3773B1EDCBAF99C55EC7BA4C59138AC1F03294D6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138888.roa
Signing time:             Wed 27 Aug 2025 09:58:55 +0000
ROA not before:           Wed 27 Aug 2025 09:53:55 +0000
ROA not after:            Wed 26 Aug 2026 09:58:55 +0000
asID:                     138888
IP address blocks:        143.14.76.0/22 maxlen: 24
                          143.14.80.0/22 maxlen: 24
                          143.14.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:73:b1:ed:cb:af:99:c5:5e:c7:ba:4c:59:13:8a:c1:f0:32:94:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 27 09:53:55 2025 GMT
            Not After : Aug 26 09:58:55 2026 GMT
        Subject: CN=E0BD9E33FAF07B1DA0172DEFA2597D13C7BB955B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bb:03:98:40:df:27:49:d0:46:c3:e8:d7:d2:
                    c7:04:06:88:2e:f1:e1:af:b6:e5:78:ec:bb:89:5e:
                    a7:e8:36:74:b9:b0:78:3c:ea:3d:07:bd:8f:2b:f9:
                    60:ac:20:3d:ac:db:f7:cd:bb:20:9d:c8:34:e7:9e:
                    79:cc:c3:38:e6:18:1c:d0:b1:6a:68:be:bc:6f:f5:
                    ce:03:16:00:ef:c5:a1:5a:36:c1:3b:4d:be:2c:08:
                    5c:e7:2f:1a:40:4d:12:26:84:71:0a:68:ed:2e:a7:
                    fc:06:b4:de:dd:41:2e:78:1d:ee:d9:12:ae:71:eb:
                    a9:74:48:0f:17:81:54:a8:6b:30:df:c2:17:b0:35:
                    fd:16:e8:81:89:12:e1:0c:fe:ac:8f:75:96:7a:7b:
                    07:bf:55:b7:6d:60:d1:75:53:25:d6:87:d6:98:18:
                    da:12:e5:f6:a5:96:f5:3c:19:d1:84:f8:b0:7d:1f:
                    a0:66:98:5a:f3:7a:5e:fa:bb:84:44:2a:5d:e7:f1:
                    4d:1d:7e:ec:d0:09:be:e7:63:71:72:42:f1:3c:b5:
                    1b:26:9f:a0:d7:27:98:90:c2:a8:f3:f3:82:1a:c9:
                    5f:e6:ea:ea:9b:8f:9b:bc:69:e3:15:ac:a7:7f:ac:
                    7f:ac:78:5f:a6:05:a5:71:ac:8a:6b:4a:b3:59:b2:
                    54:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BD:9E:33:FA:F0:7B:1D:A0:17:2D:EF:A2:59:7D:13:C7:BB:95:5B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.76.0-143.14.83.255
                  143.14.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:21:a2:e7:1a:4e:69:f5:61:f2:8a:bf:ad:47:8f:ae:c8:6d:
         fd:1b:62:cf:be:6b:aa:f2:5d:35:ba:c9:cf:c1:74:14:db:09:
         53:46:fa:b4:e5:e9:20:39:ec:5a:33:f5:97:3c:d6:b0:67:48:
         46:96:50:e2:97:15:7e:a9:e0:21:9b:a8:2e:83:d3:f8:11:10:
         ce:61:d5:60:93:b4:0a:06:4d:6f:8b:c6:0e:d8:f6:05:69:eb:
         d5:2b:23:98:01:12:4f:48:06:52:53:cd:c1:1e:5a:ef:3a:17:
         1c:77:cd:10:62:66:62:c5:57:f7:a1:cc:20:cd:7c:9a:12:d0:
         25:33:bb:0f:1e:a3:f9:ce:d9:f9:87:ad:0d:76:af:11:3d:4d:
         8b:c4:98:2b:8d:61:26:13:d2:7a:c5:76:b4:05:df:3b:11:b5:
         71:f3:59:dc:77:92:6a:45:80:79:d0:e2:a6:8d:e9:5e:fa:ab:
         61:87:49:37:64:80:e8:85:da:c9:35:51:78:12:1c:f3:7a:eb:
         89:78:7a:e0:9a:59:82:d8:83:97:7a:84:9f:6f:2f:9f:66:e1:
         d0:63:79:92:a9:03:ae:7e:36:b7:a2:53:f3:08:e4:c8:38:d1:
         79:e2:d9:44:40:0b:a7:d9:67:bc:ce:fd:4a:1d:69:31:09:fa:
         17:2c:ee:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUN3Ox7cuvmcVex7pMWROKwfAylNYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjcwOTUzNTVaFw0yNjA4MjYwOTU4NTVaMDMxMTAvBgNV
BAMTKEUwQkQ5RTMzRkFGMDdCMURBMDE3MkRFRkEyNTk3RDEzQzdCQjk1NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXuwOYQN8nSdBGw+jX0scEBogu
8eGvtuV47LuJXqfoNnS5sHg86j0HvY8r+WCsID2s2/fNuyCdyDTnnnnMwzjmGBzQ
sWpovrxv9c4DFgDvxaFaNsE7Tb4sCFznLxpATRImhHEKaO0up/wGtN7dQS54He7Z
Eq5x66l0SA8XgVSoazDfwhewNf0W6IGJEuEM/qyPdZZ6ewe/VbdtYNF1UyXWh9aY
GNoS5fallvU8GdGE+LB9H6BmmFrzel76u4REKl3n8U0dfuzQCb7nY3FyQvE8tRsm
n6DXJ5iQwqjz84IayV/m6uqbj5u8aeMVrKd/rH+seF+mBaVxrIprSrNZslRBAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQU4L2eM/rwex2gFy3voll9E8e7lVswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4ODg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAKP
DkwDBAKPDlADBAKPDmgwDQYJKoZIhvcNAQELBQADggEBAIshoucaTmn1YfKKv61H
j67Ibf0bYs++a6ryXTW6yc/BdBTbCVNG+rTl6SA57Foz9Zc81rBnSEaWUOKXFX6p
4CGbqC6D0/gREM5h1WCTtAoGTW+Lxg7Y9gVp69UrI5gBEk9IBlJTzcEeWu86Fxx3
zRBiZmLFV/ehzCDNfJoS0CUzuw8eo/nO2fmHrQ12rxE9TYvEmCuNYSYT0nrFdrQF
3zsRtXHzWdx3kmpFgHnQ4qaN6V76q2GHSTdkgOiF2sk1UXgSHPN664l4euCaWYLY
g5d6hJ9vL59m4dBjeZKpA65+NreiU/MI5Mg40Xni2URAC6fZZ7zO/UodaTEJ+hcs
7ig=
-----END CERTIFICATE-----