Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa
File:                     AS136744.roa (raw, json)
Hash identifier:          dRSXEXDmgrW4Q4YV2SY6qfaLWdKtxssAQ+5aI3JHSeg=
Subject key identifier:   C3:86:40:0F:CD:FD:86:E7:7A:9A:88:B7:C1:2E:AB:54:FF:86:3E:D6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4677A1AE096F166C1DE6BBF345C192678BAF861E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa
Signing time:             Fri 05 Sep 2025 09:50:11 +0000
ROA not before:           Fri 05 Sep 2025 09:45:11 +0000
ROA not after:            Fri 04 Sep 2026 09:50:11 +0000
asID:                     136744
IP address blocks:        85.208.72.0/24 maxlen: 24
                          193.58.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:77:a1:ae:09:6f:16:6c:1d:e6:bb:f3:45:c1:92:67:8b:af:86:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  5 09:45:11 2025 GMT
            Not After : Sep  4 09:50:11 2026 GMT
        Subject: CN=C386400FCDFD86E77A9A88B7C12EAB54FF863ED6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8f:2c:0c:cf:0c:32:55:da:0e:a0:32:8b:5f:
                    2f:26:cd:20:f2:c4:7c:7a:50:28:e2:5b:bc:b8:21:
                    26:60:97:57:e8:1e:99:33:b6:1b:98:24:ed:bc:d5:
                    40:47:2e:67:8f:53:86:df:35:13:58:95:1d:ab:e3:
                    b7:70:b9:55:e4:21:ca:4a:f8:d5:4c:18:46:1c:17:
                    54:0a:82:de:07:1f:9c:47:d0:60:12:cb:47:f2:cd:
                    15:3a:77:e7:3c:74:7e:0f:f0:be:73:61:e8:87:2d:
                    36:38:de:7c:cb:17:b2:0a:79:75:cb:75:bd:1a:be:
                    54:1b:68:b6:4e:6d:28:a2:76:e6:db:3d:e5:3a:a0:
                    b8:a9:2e:65:8c:64:78:4c:d3:53:82:c9:33:99:b8:
                    a4:e0:64:59:67:ea:3f:76:34:17:b4:7d:55:66:70:
                    2b:a5:0e:63:5a:8c:5c:45:64:d8:84:f1:05:78:f4:
                    09:72:71:c1:83:68:6f:30:50:5a:6e:69:fc:7c:f4:
                    54:10:19:c4:f8:0b:16:40:de:22:e2:cc:41:45:b3:
                    07:39:47:01:61:c4:4e:52:4f:be:dc:9a:0b:a8:5f:
                    86:7b:5e:d3:64:22:37:1a:3c:b0:69:9b:0b:03:6c:
                    d7:4c:77:f0:a3:f1:f8:b2:32:b9:d2:42:df:94:65:
                    e6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:86:40:0F:CD:FD:86:E7:7A:9A:88:B7:C1:2E:AB:54:FF:86:3E:D6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.72.0/24
                  193.58.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:b6:30:66:7b:e3:95:7f:8c:52:03:5d:8d:12:9c:ce:57:79:
         6a:9b:f4:2f:75:2b:7b:41:b1:29:71:ce:8e:5d:c2:15:eb:67:
         28:c8:14:15:c1:80:28:81:1d:03:13:1a:6e:a7:e0:da:ad:d4:
         76:d1:4b:b5:d9:a5:ed:c5:24:c8:23:db:6c:a6:bd:6a:5c:58:
         8f:3a:f8:9c:e6:b7:1c:3a:7e:85:14:1d:d5:3e:77:46:27:74:
         00:57:33:2c:9c:5a:5e:20:26:73:21:6f:30:f1:d0:62:0f:91:
         8e:d1:96:d8:93:a5:17:74:7c:cc:b1:44:b0:5f:d5:97:e1:ac:
         03:e5:8d:fb:37:fa:85:80:92:aa:1a:df:80:01:79:75:a9:d0:
         c5:ce:3b:2d:31:14:6c:93:8a:16:d1:a1:1b:a5:70:86:90:e6:
         2e:3c:60:ff:60:6b:5b:65:62:c6:28:a0:82:7c:c4:7e:d8:dd:
         05:7f:9a:81:a1:cb:07:36:22:36:a8:9e:72:99:5c:5b:71:ba:
         6e:f8:93:8e:71:11:7d:dc:93:80:79:6c:32:61:fd:12:7b:36:
         31:39:ce:66:b6:03:3c:0f:53:8c:66:5e:d4:b2:ca:2d:08:79:
         1a:92:b7:65:c5:c0:ac:4a:fb:a6:69:4f:ad:ff:d6:b4:2f:1d:
         52:ca:62:b1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURnehrglvFmwd5rvzRcGSZ4uvhh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDUwOTQ1MTFaFw0yNjA5MDQwOTUwMTFaMDMxMTAvBgNV
BAMTKEMzODY0MDBGQ0RGRDg2RTc3QTlBODhCN0MxMkVBQjU0RkY4NjNFRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBjywMzwwyVdoOoDKLXy8mzSDy
xHx6UCjiW7y4ISZgl1foHpkzthuYJO281UBHLmePU4bfNRNYlR2r47dwuVXkIcpK
+NVMGEYcF1QKgt4HH5xH0GASy0fyzRU6d+c8dH4P8L5zYeiHLTY43nzLF7IKeXXL
db0avlQbaLZObSiidubbPeU6oLipLmWMZHhM01OCyTOZuKTgZFln6j92NBe0fVVm
cCulDmNajFxFZNiE8QV49AlyccGDaG8wUFpuafx89FQQGcT4CxZA3iLizEFFswc5
RwFhxE5ST77cmguoX4Z7XtNkIjcaPLBpmwsDbNdMd/Cj8fiyMrnSQt+UZeblAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUw4ZAD839hud6moi3wS6rVP+GPtYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM2NzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVdBI
AwQAwTpqMA0GCSqGSIb3DQEBCwUAA4IBAQCmtjBme+OVf4xSA12NEpzOV3lqm/Qv
dSt7QbEpcc6OXcIV62coyBQVwYAogR0DExpup+DardR20Uu12aXtxSTII9tspr1q
XFiPOvic5rccOn6FFB3VPndGJ3QAVzMsnFpeICZzIW8w8dBiD5GO0ZbYk6UXdHzM
sUSwX9WX4awD5Y37N/qFgJKqGt+AAXl1qdDFzjstMRRsk4oW0aEbpXCGkOYuPGD/
YGtbZWLGKKCCfMR+2N0Ff5qBocsHNiI2qJ5ymVxbcbpu+JOOcRF93JOAeWwyYf0S
ezYxOc5mtgM8D1OMZl7UssotCHkakrdlxcCsSvumaU+t/9a0Lx1SymKx
-----END CERTIFICATE-----