Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134289.roa
File:                     AS134289.roa (raw, json)
Hash identifier:          YUwjy5+MSLkHs0KFnBBti3eF3knVgrAzspzOPlhx+v4=
Subject key identifier:   5F:3C:43:6D:A0:D9:4D:8B:52:C3:02:1C:B4:C1:6B:B2:07:D5:BA:73
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6870239282DA189F08F06269DC0E14773821627C
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134289.roa
Signing time:             Mon 22 Jun 2026 18:57:48 +0000
ROA not before:           Mon 22 Jun 2026 18:52:48 +0000
ROA not after:            Mon 21 Jun 2027 18:57:48 +0000
asID:                     134289
IP address blocks:        78.105.118.0/24 maxlen: 24
                          188.220.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 23 Jun 2026 21:14:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:70:23:92:82:da:18:9f:08:f0:62:69:dc:0e:14:77:38:21:62:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 22 18:52:48 2026 GMT
            Not After : Jun 21 18:57:48 2027 GMT
        Subject: CN=5F3C436DA0D94D8B52C3021CB4C16BB207D5BA73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:32:45:6b:59:a2:43:e8:c1:cb:a3:10:96:71:
                    d3:fe:f6:05:a0:6c:11:29:39:08:fb:66:f9:84:23:
                    d9:be:62:66:bd:2e:50:79:2b:1e:bc:92:f4:6c:1c:
                    85:91:15:32:48:3a:b2:10:86:9c:25:92:3a:c9:ea:
                    6a:3d:72:2f:67:c4:9e:97:ab:56:24:4b:33:b9:3b:
                    a7:b6:00:8a:c1:0c:f4:a5:cb:f7:00:6d:91:ee:73:
                    79:2c:50:5f:9a:ba:2c:bb:89:c0:9e:f0:94:26:4c:
                    33:0b:6b:0e:63:a3:98:ae:88:00:57:19:86:49:a7:
                    28:04:63:2a:02:7f:94:ac:18:9c:ee:e5:db:90:d5:
                    11:f4:00:ca:56:05:e0:ea:0b:93:7d:ea:e3:60:81:
                    d1:64:77:8f:ce:f1:d8:00:ce:25:4f:86:35:60:08:
                    19:7d:19:e8:3f:47:cc:8b:22:61:2e:78:cf:86:fd:
                    60:43:9d:e7:60:73:1d:8a:d0:7d:20:5e:3a:ec:cb:
                    b1:69:44:ef:c8:71:66:b0:30:f4:b8:0f:89:42:55:
                    30:c5:ee:e0:0f:79:9b:de:49:33:4b:06:76:7e:15:
                    76:08:33:e7:bd:a0:8b:df:70:4f:72:b9:62:55:0e:
                    a4:4d:6a:c5:6e:6c:c2:45:1c:22:7d:ab:24:4c:8c:
                    87:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3C:43:6D:A0:D9:4D:8B:52:C3:02:1C:B4:C1:6B:B2:07:D5:BA:73
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134289.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.118.0/24
                  188.220.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:e2:fe:f3:4f:77:36:0e:4e:7f:39:55:71:bf:1d:f6:63:31:
         f5:7a:c8:9b:9e:8a:8b:a7:e1:f1:9d:80:49:55:cc:5d:de:d3:
         83:d8:0b:91:12:e2:1b:2b:99:e4:43:d3:15:c3:50:c6:18:4d:
         a8:8f:a7:21:e9:81:5c:36:51:bb:53:21:3b:e5:f6:f5:7d:e8:
         c9:51:e9:39:ea:36:8b:53:60:c4:ca:6d:45:a2:b2:33:c2:9c:
         2e:4a:d7:6a:c5:46:2c:19:61:6f:fe:8e:40:c4:f1:37:fb:d6:
         3e:29:67:c4:df:1c:a3:4f:f1:4a:17:fa:ec:98:ae:b3:ff:6e:
         e7:9a:1a:a3:d7:a3:f8:be:af:13:42:d4:16:a7:ec:2c:00:5c:
         fd:e6:25:ca:83:92:fe:63:9b:6f:a5:c4:d7:40:c0:c4:d9:d5:
         14:f4:fc:70:5f:c5:92:ff:48:a2:47:d7:23:22:af:58:bc:ee:
         f5:01:11:9a:61:1f:9e:11:c0:02:b3:0d:46:0f:2d:7a:24:b6:
         96:63:05:53:c5:dd:4c:89:1a:70:ee:4d:12:0a:ce:5f:e8:c7:
         c7:6b:61:22:26:6f:90:ff:97:1c:a0:e1:7d:df:e7:4d:57:42:
         a3:7e:a1:8a:05:ff:51:d1:75:c5:f8:a3:19:03:00:62:cf:24:
         e6:48:f7:21
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaHAjkoLaGJ8I8GJp3A4UdzghYnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MjIxODUyNDhaFw0yNzA2MjExODU3NDhaMDMxMTAvBgNV
BAMTKDVGM0M0MzZEQTBEOTREOEI1MkMzMDIxQ0I0QzE2QkIyMDdENUJBNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMkVrWaJD6MHLoxCWcdP+9gWg
bBEpOQj7ZvmEI9m+Yma9LlB5Kx68kvRsHIWRFTJIOrIQhpwlkjrJ6mo9ci9nxJ6X
q1YkSzO5O6e2AIrBDPSly/cAbZHuc3ksUF+auiy7icCe8JQmTDMLaw5jo5iuiABX
GYZJpygEYyoCf5SsGJzu5duQ1RH0AMpWBeDqC5N96uNggdFkd4/O8dgAziVPhjVg
CBl9Geg/R8yLImEueM+G/WBDnedgcx2K0H0gXjrsy7FpRO/IcWawMPS4D4lCVTDF
7uAPeZveSTNLBnZ+FXYIM+e9oIvfcE9yuWJVDqRNasVubMJFHCJ9qyRMjIerAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUXzxDbaDZTYtSwwIctMFrsgfVunMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTM0Mjg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATml2
AwQAvNx9MA0GCSqGSIb3DQEBCwUAA4IBAQA74v7zT3c2Dk5/OVVxvx32YzH1esib
noqLp+HxnYBJVcxd3tOD2AuREuIbK5nkQ9MVw1DGGE2oj6ch6YFcNlG7UyE75fb1
fejJUek56jaLU2DEym1ForIzwpwuStdqxUYsGWFv/o5AxPE3+9Y+KWfE3xyjT/FK
F/rsmK6z/27nmhqj16P4vq8TQtQWp+wsAFz95iXKg5L+Y5tvpcTXQMDE2dUU9Pxw
X8WS/0iiR9cjIq9YvO71ARGaYR+eEcACsw1GDy16JLaWYwVTxd1MiRpw7k0SCs5f
6MfHa2EiJm+Q/5ccoOF93+dNV0KjfqGKBf9R0XXF+KMZAwBizyTmSPch
-----END CERTIFICATE-----