Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          L79e6l5urBe7PQLQ9KejkNntUfhcJtB+OIPKxsVcWNI=
Subject key identifier:   C9:6B:D0:36:4A:5F:5F:73:0A:C6:7A:FC:94:13:CB:3A:DC:EE:B4:BC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       40E40112B4DD2CDA9520D8105AC8DD4A4591D83F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137517.roa
Signing time:             Tue 01 Apr 2025 10:01:31 +0000
ROA not before:           Tue 01 Apr 2025 09:56:31 +0000
ROA not after:            Tue 31 Mar 2026 10:01:31 +0000
asID:                     137517
IP address blocks:        45.154.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:e4:01:12:b4:dd:2c:da:95:20:d8:10:5a:c8:dd:4a:45:91:d8:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  1 09:56:31 2025 GMT
            Not After : Mar 31 10:01:31 2026 GMT
        Subject: CN=C96BD0364A5F5F730AC67AFC9413CB3ADCEEB4BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5d:58:cf:bf:ed:53:d4:7a:52:1f:e7:2f:77:
                    42:32:1f:d6:75:fc:1a:ce:fa:87:02:56:fa:df:ce:
                    8c:95:3e:20:11:0e:05:fd:08:70:18:e9:7d:8c:90:
                    54:e6:f9:ab:ec:00:a9:33:91:d3:c0:ca:9f:d0:a7:
                    92:e9:8b:fe:b2:5f:25:23:e7:d0:5b:bb:75:09:b5:
                    74:49:8a:7b:99:5f:a8:a3:12:78:3c:7d:04:96:54:
                    56:aa:8e:19:fb:06:3c:63:b5:3a:24:95:03:71:d1:
                    63:75:e3:0e:66:9a:14:c0:bf:fa:c7:98:08:80:1b:
                    1d:9d:46:6a:00:9a:65:f5:4d:4f:d6:8b:cc:a5:39:
                    12:20:ac:59:e7:bd:d1:a5:8e:fb:ca:c0:5e:c7:98:
                    7d:8f:cc:8f:a4:78:55:e5:7d:b0:89:8f:f1:6d:c8:
                    b2:1e:2f:87:4e:5e:67:7a:51:ca:df:e8:d8:fe:20:
                    7f:10:52:b3:0a:8e:57:fc:26:86:c0:e8:1a:a0:ca:
                    2e:ff:2f:75:35:67:69:52:19:a1:48:e5:83:bd:0a:
                    51:d7:a3:38:a9:ca:32:df:11:cf:8e:7e:b4:dd:18:
                    47:f0:ab:85:d2:22:80:74:79:32:1c:08:5a:11:e9:
                    8a:46:61:79:b8:29:75:d3:12:88:21:12:ec:64:4d:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:6B:D0:36:4A:5F:5F:73:0A:C6:7A:FC:94:13:CB:3A:DC:EE:B4:BC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:9e:68:fa:f4:d0:40:73:6b:65:90:37:43:de:23:82:0d:6e:
         8c:8e:37:45:a4:3e:de:ba:dd:3a:be:46:a0:2f:17:c7:ab:40:
         77:ff:65:1b:c4:04:4b:14:db:cd:20:64:02:9f:af:33:6f:94:
         93:29:3e:bd:d5:d9:75:20:8b:74:56:66:2f:3c:9b:1d:a5:11:
         ef:68:9d:86:d8:8b:d2:15:cc:78:88:e5:a2:19:b8:75:bd:45:
         ed:26:a6:4d:c3:be:49:ef:c5:95:ae:fc:f4:bf:87:9d:af:87:
         fd:a5:e8:cb:d7:1d:47:2e:35:d0:00:48:df:f8:90:70:cc:6d:
         eb:ab:99:61:3b:56:68:a8:22:7e:8f:66:51:4a:32:4e:8a:a1:
         d3:e9:f0:37:98:f6:f2:01:6d:bc:56:36:aa:e8:38:2f:26:bf:
         9f:61:3a:1c:e1:31:6a:c8:ca:e7:0c:a3:2d:9c:cf:d5:6d:7c:
         79:9a:4a:60:6c:e4:21:d4:96:62:1a:94:dc:b5:fb:eb:6a:37:
         60:17:b9:e4:1c:2e:6d:c1:96:63:7d:a2:7b:2b:be:23:27:f4:
         2e:19:9b:72:9b:61:07:63:6f:60:65:b6:3d:e3:52:c6:89:7c:
         d7:24:31:ca:f5:a3:ef:d0:81:61:cd:3c:9f:c0:e7:bc:13:bc:
         6c:d7:aa:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQOQBErTdLNqVINgQWsjdSkWR2D8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MDEwOTU2MzFaFw0yNjAzMzExMDAxMzFaMDMxMTAvBgNV
BAMTKEM5NkJEMDM2NEE1RjVGNzMwQUM2N0FGQzk0MTNDQjNBRENFRUI0QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhXVjPv+1T1HpSH+cvd0IyH9Z1
/BrO+ocCVvrfzoyVPiARDgX9CHAY6X2MkFTm+avsAKkzkdPAyp/Qp5Lpi/6yXyUj
59Bbu3UJtXRJinuZX6ijEng8fQSWVFaqjhn7BjxjtToklQNx0WN14w5mmhTAv/rH
mAiAGx2dRmoAmmX1TU/Wi8ylORIgrFnnvdGljvvKwF7HmH2PzI+keFXlfbCJj/Ft
yLIeL4dOXmd6Ucrf6Nj+IH8QUrMKjlf8JobA6Bqgyi7/L3U1Z2lSGaFI5YO9ClHX
ozipyjLfEc+OfrTdGEfwq4XSIoB0eTIcCFoR6YpGYXm4KXXTEoghEuxkTRI3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyWvQNkpfX3MKxnr8lBPLOtzutLwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpq
MA0GCSqGSIb3DQEBCwUAA4IBAQDEnmj69NBAc2tlkDdD3iOCDW6MjjdFpD7eut06
vkagLxfHq0B3/2UbxARLFNvNIGQCn68zb5STKT691dl1IIt0VmYvPJsdpRHvaJ2G
2IvSFcx4iOWiGbh1vUXtJqZNw75J78WVrvz0v4edr4f9pejL1x1HLjXQAEjf+JBw
zG3rq5lhO1ZoqCJ+j2ZRSjJOiqHT6fA3mPbyAW28Vjaq6DgvJr+fYToc4TFqyMrn
DKMtnM/VbXx5mkpgbOQh1JZiGpTctfvrajdgF7nkHC5twZZjfaJ7K74jJ/QuGZty
m2EHY29gZbY941LGiXzXJDHK9aPv0IFhzTyfwOe8E7xs16os
-----END CERTIFICATE-----