Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          ubEhJkuYumFR/TUJFhn3ZllO+nPmJ2E3z++8VwNLPeU=
Subject key identifier:   A0:FD:59:BF:49:CD:0A:A1:C8:67:9C:71:13:F1:FE:06:A5:6D:6D:40
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7229ABF7F988D37E9EEFD79443CDFE9DF80CA1A8
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
Signing time:             Sun 23 Feb 2025 11:11:08 +0000
ROA not before:           Sun 23 Feb 2025 11:06:08 +0000
ROA not after:            Sun 22 Feb 2026 11:11:08 +0000
asID:                     138195
IP address blocks:        193.142.6.0/24 maxlen: 24
                          193.176.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:29:ab:f7:f9:88:d3:7e:9e:ef:d7:94:43:cd:fe:9d:f8:0c:a1:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 23 11:06:08 2025 GMT
            Not After : Feb 22 11:11:08 2026 GMT
        Subject: CN=A0FD59BF49CD0AA1C8679C7113F1FE06A56D6D40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:17:b7:3a:8a:45:3c:fa:f2:67:3e:6f:81:44:
                    b0:76:78:e4:50:71:73:9a:d9:c3:37:c5:be:7f:8f:
                    f9:5f:f9:19:77:1d:a6:f2:44:3b:b2:2d:74:97:a3:
                    39:c5:e5:3c:25:d9:84:95:4c:67:46:5c:67:b2:08:
                    55:3f:66:f1:20:1c:58:98:9d:54:86:53:68:12:22:
                    02:f1:d8:f5:7e:38:cc:a3:2c:28:7f:22:5b:46:de:
                    68:0e:4f:10:6b:ba:17:82:82:13:c2:e8:ad:72:bb:
                    4f:ab:6d:35:22:b0:27:a8:0c:5b:ec:c9:07:bb:cb:
                    31:fd:71:c8:bd:e7:2f:ac:fe:76:e4:31:81:52:c9:
                    86:99:cd:d8:35:45:03:a8:93:0d:c3:95:f3:ef:4a:
                    98:db:c0:54:9a:8a:d1:c8:03:1c:08:cf:b6:73:cd:
                    52:f0:4a:c3:04:19:fc:9e:9a:7e:f5:56:50:7a:9c:
                    3d:f1:0e:ac:78:6c:e8:aa:5b:91:69:55:ac:75:aa:
                    2a:f4:8d:d3:49:c4:92:65:15:ff:39:a3:70:1e:06:
                    ae:13:8b:67:4f:cc:ca:47:a5:18:56:cb:18:4f:ed:
                    e3:89:26:88:75:7a:6e:91:f9:04:83:48:d4:42:2f:
                    bb:e1:79:ba:b3:48:1c:7a:a8:6e:a2:79:f7:3b:41:
                    28:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FD:59:BF:49:CD:0A:A1:C8:67:9C:71:13:F1:FE:06:A5:6D:6D:40
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.6.0/24
                  193.176.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:2a:b7:aa:b5:f0:ea:6d:e3:14:5c:45:f2:0f:f9:09:25:ce:
         1c:7d:1e:cd:30:9c:b6:c9:9b:0b:62:1a:a9:fb:d6:0a:09:3a:
         76:01:85:fd:a0:70:27:b9:4e:8b:2e:4d:fd:b2:02:88:e5:a6:
         b6:0f:0a:e3:16:f2:a2:11:43:20:d0:03:81:4c:2b:38:f3:7d:
         dd:8d:15:4a:db:51:63:de:28:66:2d:b0:27:b0:33:71:9c:1d:
         0a:d1:84:a4:10:a0:a7:e2:c3:12:00:e2:fd:58:46:67:d8:d8:
         8e:b1:53:29:0d:12:dc:49:7e:e3:f5:c0:22:e3:d2:e9:e5:0f:
         29:f5:90:11:60:e9:9b:25:c3:96:64:9b:29:3a:5b:7c:d3:08:
         12:88:00:b9:50:18:ad:c0:5c:b1:3b:42:43:6d:1b:20:75:8e:
         42:c9:6d:9b:0d:bc:2e:a2:97:8a:a5:6f:74:67:72:c9:5e:6a:
         12:48:4c:fd:b7:1e:c5:2d:03:0f:82:c2:58:ea:33:a2:1d:46:
         9b:cd:cc:50:7e:e8:a0:61:2e:4f:e6:fb:cf:be:33:81:d1:2a:
         d3:87:b8:b3:32:05:63:25:ef:d2:55:42:b9:65:13:51:e8:72:
         6e:25:4e:e8:40:fc:f8:78:bb:fb:71:27:93:74:0d:e8:80:a5:
         0f:be:ca:0a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcimr9/mI036e79eUQ83+nfgMoagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAyMjMxMTA2MDhaFw0yNjAyMjIxMTExMDhaMDMxMTAvBgNV
BAMTKEEwRkQ1OUJGNDlDRDBBQTFDODY3OUM3MTEzRjFGRTA2QTU2RDZENDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrF7c6ikU8+vJnPm+BRLB2eORQ
cXOa2cM3xb5/j/lf+Rl3HabyRDuyLXSXoznF5Twl2YSVTGdGXGeyCFU/ZvEgHFiY
nVSGU2gSIgLx2PV+OMyjLCh/IltG3mgOTxBruheCghPC6K1yu0+rbTUisCeoDFvs
yQe7yzH9cci95y+s/nbkMYFSyYaZzdg1RQOokw3DlfPvSpjbwFSaitHIAxwIz7Zz
zVLwSsMEGfyemn71VlB6nD3xDqx4bOiqW5FpVax1qir0jdNJxJJlFf85o3AeBq4T
i2dPzMpHpRhWyxhP7eOJJoh1em6R+QSDSNRCL7vhebqzSBx6qG6iefc7QSitAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUoP1Zv0nNCqHIZ5xxE/H+BqVtbUAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwY4G
AwQAwbA2MA0GCSqGSIb3DQEBCwUAA4IBAQAoKreqtfDqbeMUXEXyD/kJJc4cfR7N
MJy2yZsLYhqp+9YKCTp2AYX9oHAnuU6LLk39sgKI5aa2DwrjFvKiEUMg0AOBTCs4
833djRVK21Fj3ihmLbAnsDNxnB0K0YSkEKCn4sMSAOL9WEZn2NiOsVMpDRLcSX7j
9cAi49Lp5Q8p9ZARYOmbJcOWZJspOlt80wgSiAC5UBitwFyxO0JDbRsgdY5CyW2b
DbwuopeKpW90Z3LJXmoSSEz9tx7FLQMPgsJY6jOiHUabzcxQfuigYS5P5vvPvjOB
0SrTh7izMgVjJe/SVUK5ZRNR6HJuJU7oQPz4eLv7cSeTdA3ogKUPvsoK
-----END CERTIFICATE-----