Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138156.roa
File:                     AS138156.roa (raw, json)
Hash identifier:          u3Z5tcKiSdu/rmROZ/nFIvC/GINy+tiV2hdiW+HJVpw=
Subject key identifier:   98:53:69:BE:46:AD:2E:E5:01:69:9C:DB:4A:41:6A:B0:B8:09:8A:AE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4E46900EF1FA67705C3E013136E854BED86CA443
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138156.roa
Signing time:             Wed 04 Sep 2024 16:05:20 +0000
ROA not before:           Wed 04 Sep 2024 16:00:20 +0000
ROA not after:            Wed 03 Sep 2025 16:05:20 +0000
asID:                     138156
IP address blocks:        191.96.92.0/24 maxlen: 24
                          191.96.93.0/24 maxlen: 24
                          191.101.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:46:90:0e:f1:fa:67:70:5c:3e:01:31:36:e8:54:be:d8:6c:a4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  4 16:00:20 2024 GMT
            Not After : Sep  3 16:05:20 2025 GMT
        Subject: CN=985369BE46AD2EE501699CDB4A416AB0B8098AAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e2:8b:d1:3a:a6:cc:3b:78:e7:e2:99:e2:d2:
                    3e:fb:61:18:00:cb:79:94:af:38:3a:8f:4d:e8:bc:
                    0d:d9:00:3e:90:d4:62:0c:77:70:c5:7e:79:bd:63:
                    ca:19:1b:c3:7a:76:9b:96:4c:45:6e:55:b5:19:4a:
                    54:e9:7e:fb:82:cd:6c:55:3d:73:8c:dd:8e:34:b3:
                    21:3a:cd:85:8a:03:83:6a:75:a3:06:00:1d:40:bc:
                    74:14:81:95:2d:1c:91:5a:bc:a7:ae:a2:58:3d:e5:
                    22:cd:2e:de:bd:4c:58:cc:86:b8:30:b9:8a:7e:0f:
                    1a:0d:e9:ce:6d:40:69:56:76:68:0c:77:b8:92:b1:
                    ff:9f:b3:b5:aa:d3:64:e6:02:da:d3:ee:de:ac:20:
                    fe:17:da:51:94:43:4b:2a:f1:eb:0b:97:f1:73:8b:
                    28:1d:f8:a8:f3:20:4f:a8:30:fb:59:99:84:b4:c4:
                    fb:78:e8:42:b9:50:16:63:08:6d:21:7b:b3:ca:1e:
                    32:00:98:9e:67:05:bc:c6:78:c9:ea:f6:c1:32:5b:
                    59:93:da:e1:11:48:11:8c:19:fe:f4:77:6d:a2:d4:
                    03:70:9b:16:de:1a:64:26:5a:17:49:06:b1:de:b7:
                    15:f8:0e:49:b2:65:5c:06:3b:c4:bd:0d:06:e6:27:
                    20:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:53:69:BE:46:AD:2E:E5:01:69:9C:DB:4A:41:6A:B0:B8:09:8A:AE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138156.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.92.0/23
                  191.101.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:96:ee:9a:da:e3:a9:60:81:ba:1f:1e:14:0a:65:1c:c9:87:
         99:0d:6d:53:cd:99:81:41:6b:89:14:88:16:f0:19:ad:d9:3b:
         ba:c1:a9:85:d0:88:c7:84:fb:67:11:ed:36:f2:c8:4c:96:b8:
         07:67:5d:d0:5a:25:fe:50:40:47:47:52:d4:b1:ca:3b:e3:11:
         7a:31:32:9a:87:2f:f9:9f:c5:0a:a1:36:0c:7d:4d:ab:4f:38:
         3e:08:cb:5c:98:be:d8:23:d5:cb:8e:07:6a:8e:07:d0:fc:78:
         f8:d8:04:0b:54:f2:ca:49:b3:1c:88:a5:ff:c5:4a:87:d3:2b:
         c7:f6:2d:d6:38:d7:b4:8b:8e:13:e6:a4:f2:d4:23:57:f1:9e:
         32:b0:e0:15:34:f3:25:74:2a:88:e8:cd:5b:36:b6:69:16:ee:
         0f:fd:5a:fe:3c:7c:21:b7:27:e8:b6:b8:24:9f:5b:64:0c:8b:
         a1:27:2d:4b:3e:81:15:3c:80:b9:50:66:70:7a:43:d1:40:a9:
         c8:10:49:1b:fe:8b:0d:e7:6f:42:0b:c7:68:28:4a:47:f9:a1:
         af:b2:88:e4:c0:2a:5d:9c:44:fb:b3:4f:74:df:63:ed:bc:df:
         10:37:48:81:72:2f:35:15:ae:06:77:ca:95:5e:f2:d6:86:9f:
         d1:6d:e9:3b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUTkaQDvH6Z3BcPgExNuhUvthspEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MDQxNjAwMjBaFw0yNTA5MDMxNjA1MjBaMDMxMTAvBgNV
BAMTKDk4NTM2OUJFNDZBRDJFRTUwMTY5OUNEQjRBNDE2QUIwQjgwOThBQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi4ovROqbMO3jn4pni0j77YRgA
y3mUrzg6j03ovA3ZAD6Q1GIMd3DFfnm9Y8oZG8N6dpuWTEVuVbUZSlTpfvuCzWxV
PXOM3Y40syE6zYWKA4NqdaMGAB1AvHQUgZUtHJFavKeuolg95SLNLt69TFjMhrgw
uYp+DxoN6c5tQGlWdmgMd7iSsf+fs7Wq02TmAtrT7t6sIP4X2lGUQ0sq8esLl/Fz
iygd+KjzIE+oMPtZmYS0xPt46EK5UBZjCG0he7PKHjIAmJ5nBbzGeMnq9sEyW1mT
2uERSBGMGf70d22i1ANwmxbeGmQmWhdJBrHetxX4DkmyZVwGO8S9DQbmJyD1AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUmFNpvkatLuUBaZzbSkFqsLgJiq4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM4MTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBv2Bc
AwQCv2XUMA0GCSqGSIb3DQEBCwUAA4IBAQBClu6a2uOpYIG6Hx4UCmUcyYeZDW1T
zZmBQWuJFIgW8Bmt2Tu6wamF0IjHhPtnEe028shMlrgHZ13QWiX+UEBHR1LUsco7
4xF6MTKahy/5n8UKoTYMfU2rTzg+CMtcmL7YI9XLjgdqjgfQ/Hj42AQLVPLKSbMc
iKX/xUqH0yvH9i3WONe0i44T5qTy1CNX8Z4ysOAVNPMldCqI6M1bNrZpFu4P/Vr+
PHwhtyfotrgkn1tkDIuhJy1LPoEVPIC5UGZwekPRQKnIEEkb/osN529CC8doKEpH
+aGvsojkwCpdnET7s09032PtvN8QN0iBci81Fa4Gd8qVXvLWhp/Rbek7
-----END CERTIFICATE-----