Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134494.roa
File:                     AS134494.roa (raw, json)
Hash identifier:          p7+xH+VwWeqowZiHu30dRU41zy5ZV8in5lmNS/s6jLM=
Subject key identifier:   CA:30:FD:61:8C:FE:0F:A7:C2:72:FD:A9:9E:79:E4:91:2D:AF:F1:4B
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7B7E133B3577344F73AABD9278A5F09E65C08C14
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134494.roa
Signing time:             Tue 23 Jun 2026 19:50:11 +0000
ROA not before:           Tue 23 Jun 2026 19:45:11 +0000
ROA not after:            Tue 22 Jun 2027 19:50:11 +0000
asID:                     134494
IP address blocks:        188.220.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:7e:13:3b:35:77:34:4f:73:aa:bd:92:78:a5:f0:9e:65:c0:8c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 23 19:45:11 2026 GMT
            Not After : Jun 22 19:50:11 2027 GMT
        Subject: CN=CA30FD618CFE0FA7C272FDA99E79E4912DAFF14B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:f0:7a:d6:4c:54:47:1c:4e:57:ef:13:0b:54:
                    e8:46:f6:e9:3e:c0:f9:d8:d8:a6:8b:20:3e:b5:21:
                    69:e4:09:22:eb:b9:6b:7e:78:6c:dd:bc:0c:7b:c6:
                    20:7c:b5:66:fc:53:2c:3b:92:57:04:d8:72:bf:fa:
                    9f:6c:ec:a2:1e:1d:e7:78:15:ee:db:af:7e:38:9a:
                    17:f1:73:ab:7b:93:8b:51:5a:3d:39:da:bf:cb:ce:
                    fa:c8:e6:6a:70:c7:bd:6c:0d:8b:d7:cf:ea:4a:e5:
                    e5:60:90:48:55:54:d6:be:d4:fd:05:77:a0:6a:68:
                    b7:a1:6b:56:45:7c:84:c2:5f:d6:02:43:9a:21:87:
                    a7:03:cc:7e:d3:c7:f1:73:8a:bc:19:2e:20:a1:f4:
                    ec:24:c8:66:77:69:4c:5c:17:90:b3:29:30:2a:7d:
                    08:7d:60:a7:29:28:8e:eb:9a:a2:e5:b5:8b:2d:9d:
                    86:93:87:9e:66:7e:4a:4c:a3:33:d0:de:4f:a3:cf:
                    3c:5b:0a:4a:4b:47:e0:55:9d:f6:96:9a:b7:b5:84:
                    e8:3d:7d:35:3e:da:e2:c1:dd:07:46:84:d5:f3:06:
                    da:ec:b1:83:2c:3b:6d:b8:6b:75:f8:3e:ff:94:27:
                    a2:61:0d:18:43:b2:d2:98:fa:15:52:c0:bb:80:54:
                    1e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:30:FD:61:8C:FE:0F:A7:C2:72:FD:A9:9E:79:E4:91:2D:AF:F1:4B
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134494.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:cd:40:6f:17:f6:fa:b4:3a:00:c5:85:5e:86:a8:d9:05:14:
         2e:10:06:97:a5:82:c5:f5:22:a1:51:27:10:42:0b:3f:1c:da:
         32:59:58:79:42:d8:25:0c:e8:e5:a6:38:c6:eb:06:f3:02:36:
         ef:be:c9:d6:fe:c9:18:92:c9:39:89:78:87:14:f7:13:83:5d:
         8a:a7:fb:92:30:69:d7:60:05:8e:84:1d:1d:97:84:4e:a3:8f:
         12:d8:5e:b3:cd:dd:32:6a:81:ce:35:eb:0a:26:2c:97:32:16:
         fe:b2:d2:89:3a:b7:c1:cf:0a:8e:95:6c:14:70:e2:bb:83:d1:
         1c:20:b3:19:56:21:a6:7d:04:2d:f0:6d:f3:b1:a8:c7:ef:4d:
         00:40:1c:61:32:0a:9d:6a:b2:64:49:58:21:78:01:c7:b5:9c:
         40:48:b0:82:47:9b:be:7c:d4:1e:96:6b:89:e0:92:4a:00:24:
         53:27:de:4c:87:a1:60:cf:0f:78:d5:d2:88:da:be:6c:a7:bb:
         69:eb:76:b6:ec:52:5a:11:3f:a4:48:7a:86:ef:16:eb:c5:b9:
         e4:c6:bc:b9:1c:da:0c:8b:21:12:06:0c:94:29:9f:58:0e:1e:
         cf:7c:ea:5e:75:cc:8d:f0:53:9f:37:cd:7e:d8:36:21:e3:c8:
         ea:5b:30:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUe34TOzV3NE9zqr2SeKXwnmXAjBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MjMxOTQ1MTFaFw0yNzA2MjIxOTUwMTFaMDMxMTAvBgNV
BAMTKENBMzBGRDYxOENGRTBGQTdDMjcyRkRBOTlFNzlFNDkxMkRBRkYxNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDy8HrWTFRHHE5X7xMLVOhG9uk+
wPnY2KaLID61IWnkCSLruWt+eGzdvAx7xiB8tWb8Uyw7klcE2HK/+p9s7KIeHed4
Fe7br344mhfxc6t7k4tRWj052r/LzvrI5mpwx71sDYvXz+pK5eVgkEhVVNa+1P0F
d6BqaLeha1ZFfITCX9YCQ5ohh6cDzH7Tx/FzirwZLiCh9OwkyGZ3aUxcF5CzKTAq
fQh9YKcpKI7rmqLltYstnYaTh55mfkpMozPQ3k+jzzxbCkpLR+BVnfaWmre1hOg9
fTU+2uLB3QdGhNXzBtrssYMsO224a3X4Pv+UJ6JhDRhDstKY+hVSwLuAVB6JAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyjD9YYz+D6fCcv2pnnnkkS2v8UswHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTM0NDk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNyQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCmzUBvF/b6tDoAxYVehqjZBRQuEAaXpYLF9SKh
UScQQgs/HNoyWVh5QtglDOjlpjjG6wbzAjbvvsnW/skYksk5iXiHFPcTg12Kp/uS
MGnXYAWOhB0dl4ROo48S2F6zzd0yaoHONesKJiyXMhb+stKJOrfBzwqOlWwUcOK7
g9EcILMZViGmfQQt8G3zsajH700AQBxhMgqdarJkSVgheAHHtZxASLCCR5u+fNQe
lmuJ4JJKACRTJ95Mh6Fgzw941dKI2r5sp7tp63a27FJaET+kSHqG7xbrxbnkxry5
HNoMiyESBgyUKZ9YDh7PfOpedcyN8FOfN81+2DYh48jqWzCY
-----END CERTIFICATE-----