Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
File:                     AS139648.roa (raw, json)
Hash identifier:          4xnr3ijQpKh7nDt+t86FybVCc2AJzP7HZN8Pg4It+CM=
Subject key identifier:   0F:72:EB:21:87:FE:52:85:FB:FA:DC:06:10:60:20:6E:3D:05:A2:FE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       69718FA6656BCBD4C21AC53D82E427D5BE28D572
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
Signing time:             Fri 29 May 2026 01:47:17 +0000
ROA not before:           Fri 29 May 2026 01:42:17 +0000
ROA not after:            Fri 28 May 2027 01:47:17 +0000
asID:                     139648
IP address blocks:        141.11.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 11:28:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:71:8f:a6:65:6b:cb:d4:c2:1a:c5:3d:82:e4:27:d5:be:28:d5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 29 01:42:17 2026 GMT
            Not After : May 28 01:47:17 2027 GMT
        Subject: CN=0F72EB2187FE5285FBFADC061060206E3D05A2FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:06:f5:6d:c7:b9:0a:14:d2:03:7d:d5:de:a5:
                    12:ea:24:3e:d1:73:68:76:60:4f:34:10:04:6d:b4:
                    bc:55:2c:5c:d9:3f:9f:28:2e:ed:04:a9:ba:e5:58:
                    8b:7d:1c:0d:a5:26:c3:25:17:e6:58:aa:4b:63:7b:
                    e7:78:d3:51:29:09:5d:3a:e0:c3:1e:eb:6c:90:91:
                    e4:39:27:ea:6c:b4:8f:a0:28:12:81:4b:69:0d:f4:
                    97:9b:d6:e3:74:cf:79:5d:9d:dd:47:a8:9c:18:b8:
                    12:dc:a4:c2:51:46:2e:4d:4a:18:8c:6f:47:0f:ec:
                    02:8c:84:c3:0a:c3:b8:fd:68:e6:27:91:cf:e4:6d:
                    2d:7a:93:a2:f3:12:9c:cb:9f:8b:4c:7f:44:0b:07:
                    1c:55:e3:76:43:fe:b6:0a:4f:89:1f:9c:f5:b6:2f:
                    93:8f:69:46:4a:2b:bb:70:72:b5:3c:40:fd:d0:c8:
                    4a:e0:35:13:d4:1c:22:ce:f7:59:6e:ce:b3:6f:13:
                    26:ae:84:86:d0:69:1e:e5:2f:1e:f5:4e:32:99:10:
                    49:44:52:e9:d5:34:a9:6a:58:e7:df:6b:86:08:6b:
                    03:a3:d0:09:08:c9:7b:47:d4:45:bc:ba:d1:77:6a:
                    ba:f5:a1:ac:d4:19:fc:c0:86:10:8d:f2:bb:0a:23:
                    f3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:72:EB:21:87:FE:52:85:FB:FA:DC:06:10:60:20:6E:3D:05:A2:FE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:0f:2f:7c:8d:18:75:27:a6:68:00:a6:43:dd:19:3e:e5:57:
         9f:f4:ac:05:13:94:6c:f7:e7:4b:d2:10:e1:f5:74:3e:69:8e:
         a5:57:27:50:db:82:09:49:e5:66:66:10:f6:8e:56:00:c8:49:
         60:02:75:f1:34:15:19:8c:57:8f:a9:9f:b1:d0:7d:1f:d6:60:
         60:c6:22:0c:36:89:06:c9:3d:34:f6:fb:e1:df:2c:d8:2d:12:
         a7:53:e5:36:e2:a3:b4:fe:49:4c:32:de:e4:43:5a:6f:36:bf:
         45:25:b2:9d:90:f2:ba:6a:34:ac:25:16:16:5b:c7:35:97:2d:
         c4:15:02:4d:52:ea:a1:d5:ad:b9:7e:f9:a2:ab:c5:37:36:24:
         7e:f6:3f:6d:34:cb:5c:47:b8:07:a5:4e:b9:3f:0b:f6:47:b3:
         7e:49:1a:76:ca:8c:cc:5c:87:53:f0:6c:68:46:5f:87:17:74:
         b9:2d:c1:44:9f:26:81:74:e8:09:ae:8d:85:ae:51:fa:68:8d:
         a4:c4:92:50:36:1c:86:8e:c3:8a:79:b6:93:16:ea:7d:6f:cc:
         53:e1:59:3a:db:d4:b8:b7:d2:e9:12:2e:d8:cc:ab:fc:9f:87:
         06:b7:99:8f:d3:bb:25:be:f8:63:99:fb:f3:03:cc:d8:8b:4e:
         2c:a3:9f:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaXGPpmVry9TCGsU9guQn1b4o1XIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MjkwMTQyMTdaFw0yNzA1MjgwMTQ3MTdaMDMxMTAvBgNV
BAMTKDBGNzJFQjIxODdGRTUyODVGQkZBREMwNjEwNjAyMDZFM0QwNUEyRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8BvVtx7kKFNIDfdXepRLqJD7R
c2h2YE80EARttLxVLFzZP58oLu0EqbrlWIt9HA2lJsMlF+ZYqktje+d401EpCV06
4MMe62yQkeQ5J+pstI+gKBKBS2kN9Jeb1uN0z3ldnd1HqJwYuBLcpMJRRi5NShiM
b0cP7AKMhMMKw7j9aOYnkc/kbS16k6LzEpzLn4tMf0QLBxxV43ZD/rYKT4kfnPW2
L5OPaUZKK7twcrU8QP3QyErgNRPUHCLO91luzrNvEyauhIbQaR7lLx71TjKZEElE
UunVNKlqWOffa4YIawOj0AkIyXtH1EW8utF3arr1oazUGfzAhhCN8rsKI/OzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUD3LrIYf+UoX7+twGEGAgbj0Fov4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM5NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvC
MA0GCSqGSIb3DQEBCwUAA4IBAQAeDy98jRh1J6ZoAKZD3Rk+5Vef9KwFE5Rs9+dL
0hDh9XQ+aY6lVydQ24IJSeVmZhD2jlYAyElgAnXxNBUZjFePqZ+x0H0f1mBgxiIM
NokGyT009vvh3yzYLRKnU+U24qO0/klMMt7kQ1pvNr9FJbKdkPK6ajSsJRYWW8c1
ly3EFQJNUuqh1a25fvmiq8U3NiR+9j9tNMtcR7gHpU65Pwv2R7N+SRp2yozMXIdT
8GxoRl+HF3S5LcFEnyaBdOgJro2FrlH6aI2kxJJQNhyGjsOKebaTFup9b8xT4Vk6
29S4t9LpEi7YzKv8n4cGt5mP07slvvhjmfvzA8zYi04so59f
-----END CERTIFICATE-----