Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201136.roa
File:                     AS201136.roa (raw, json)
Hash identifier:          7LXk8ckY0MRxfbcSZ6b9Yb0lAey3Mma37bT/fh+oLzM=
Subject key identifier:   79:A5:66:F0:58:38:C6:97:AB:45:57:65:86:09:5B:4A:9A:05:86:3A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1D4FDD1B1D4023ACE9569163178C8BB87D51A2CF
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201136.roa
Signing time:             Thu 05 Mar 2026 17:36:49 +0000
ROA not before:           Thu 05 Mar 2026 17:31:49 +0000
ROA not after:            Thu 04 Mar 2027 17:36:49 +0000
asID:                     201136
IP address blocks:        147.78.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:4f:dd:1b:1d:40:23:ac:e9:56:91:63:17:8c:8b:b8:7d:51:a2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  5 17:31:49 2026 GMT
            Not After : Mar  4 17:36:49 2027 GMT
        Subject: CN=79A566F05838C697AB45576586095B4A9A05863A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:79:53:09:4c:74:b8:39:2e:1e:d3:bf:e4:2c:
                    46:c8:70:f0:f1:24:01:3b:f8:5c:b0:68:96:e5:e4:
                    fe:63:21:cd:bc:75:60:91:59:76:30:02:d1:e8:40:
                    5a:b4:e8:cb:c3:7d:ce:ce:1a:55:4b:ed:46:f5:54:
                    0f:a8:74:b3:c3:11:5b:5a:1f:a7:9d:30:b7:09:2c:
                    3b:74:33:01:4d:9d:99:03:9d:21:a8:76:2d:3c:21:
                    cf:b7:e4:ef:79:62:de:f6:02:34:e2:f5:5f:57:ff:
                    a3:25:07:cb:41:ff:73:36:84:ef:fe:4e:1c:10:ac:
                    2f:ca:27:e3:af:94:48:24:fe:06:5e:b3:3e:49:9b:
                    cd:cb:bf:a1:9d:d9:33:55:b2:93:b6:89:e8:12:ef:
                    33:19:ae:09:e6:ec:a3:b9:35:f6:63:f5:51:41:4e:
                    a2:8d:b5:7a:c7:bd:8f:04:06:c4:26:49:08:8d:bd:
                    b1:79:a6:86:ed:0c:c8:9f:5d:89:6d:d0:1e:1e:95:
                    ea:aa:37:57:04:44:13:9a:5e:3c:cc:c0:f0:26:ba:
                    dc:19:ac:02:f7:fd:13:87:6d:e0:f8:c6:c1:f1:1d:
                    b4:1d:97:41:fb:d3:25:62:3a:cb:43:54:62:33:09:
                    f6:aa:d9:94:79:44:9e:b0:ee:6f:d2:64:a2:41:37:
                    8c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:A5:66:F0:58:38:C6:97:AB:45:57:65:86:09:5B:4A:9A:05:86:3A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:91:c9:0c:38:41:6c:df:7a:31:f1:5c:06:6d:76:51:88:bd:
         d9:01:44:8b:27:19:e7:74:d0:65:7c:1f:8a:60:9a:a6:41:5e:
         3a:43:43:a3:25:41:1d:e3:06:c2:75:86:e9:d5:8e:c2:a2:d8:
         e9:4e:66:25:d9:65:85:bc:96:34:62:48:dc:75:35:ad:64:11:
         08:17:e0:8b:e0:c2:71:88:71:6e:d2:df:92:a9:b6:c4:41:d7:
         a2:52:8d:4e:2b:9a:0f:a9:19:05:0b:3f:02:37:39:21:87:81:
         aa:0d:ad:14:47:38:e2:85:40:b1:da:8b:c5:c9:95:6b:79:a5:
         fe:63:07:54:3e:de:b9:e9:ed:93:ed:e4:8b:e7:00:cb:dd:db:
         03:c7:6d:96:55:88:a6:68:5d:f3:d0:d4:01:25:af:00:1c:f8:
         da:f5:ff:2c:1a:95:1f:e4:58:15:a1:0c:28:9d:de:08:a6:c2:
         55:01:f5:13:67:40:04:2d:ef:ee:92:76:20:a1:fb:ae:83:f5:
         98:26:61:35:90:19:d7:df:96:d9:eb:b0:a9:ce:46:e5:0e:6c:
         ad:30:72:35:c6:4a:82:82:f9:a4:b8:2a:98:f9:21:b1:87:68:
         e2:0b:e4:4f:82:b3:d4:04:5d:ee:cf:63:14:4c:78:70:9e:4f:
         ba:38:fc:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHU/dGx1AI6zpVpFjF4yLuH1Ros8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMDUxNzMxNDlaFw0yNzAzMDQxNzM2NDlaMDMxMTAvBgNV
BAMTKDc5QTU2NkYwNTgzOEM2OTdBQjQ1NTc2NTg2MDk1QjRBOUEwNTg2M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDteVMJTHS4OS4e07/kLEbIcPDx
JAE7+FywaJbl5P5jIc28dWCRWXYwAtHoQFq06MvDfc7OGlVL7Ub1VA+odLPDEVta
H6edMLcJLDt0MwFNnZkDnSGodi08Ic+35O95Yt72AjTi9V9X/6MlB8tB/3M2hO/+
ThwQrC/KJ+OvlEgk/gZesz5Jm83Lv6Gd2TNVspO2iegS7zMZrgnm7KO5NfZj9VFB
TqKNtXrHvY8EBsQmSQiNvbF5pobtDMifXYlt0B4eleqqN1cERBOaXjzMwPAmutwZ
rAL3/ROHbeD4xsHxHbQdl0H70yViOstDVGIzCfaq2ZR5RJ6w7m/SZKJBN4yVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeaVm8Fg4xperRVdlhglbSpoFhjowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxMTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk057
MA0GCSqGSIb3DQEBCwUAA4IBAQBTkckMOEFs33ox8VwGbXZRiL3ZAUSLJxnndNBl
fB+KYJqmQV46Q0OjJUEd4wbCdYbp1Y7CotjpTmYl2WWFvJY0YkjcdTWtZBEIF+CL
4MJxiHFu0t+SqbbEQdeiUo1OK5oPqRkFCz8CNzkhh4GqDa0URzjihUCx2ovFyZVr
eaX+YwdUPt656e2T7eSL5wDL3dsDx22WVYimaF3z0NQBJa8AHPja9f8sGpUf5FgV
oQwond4IpsJVAfUTZ0AELe/uknYgofuug/WYJmE1kBnX35bZ67CpzkblDmytMHI1
xkqCgvmkuCqY+SGxh2jiC+RPgrPUBF3uz2MUTHhwnk+6OPwb
-----END CERTIFICATE-----