Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
File:                     AS38136.roa (raw, json)
Hash identifier:          eua99psT35R7phq5v7c9k/6ehLVMaQEpDpaSX2Fp6Yk=
Subject key identifier:   5D:84:6B:F2:B1:B5:EF:EF:60:D9:07:74:60:7D:A4:C2:8B:C6:40:32
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1635848E749BEF4EAF3C98870CB6FC329DFC4363
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
Signing time:             Mon 18 May 2026 15:15:48 +0000
ROA not before:           Mon 18 May 2026 15:10:48 +0000
ROA not after:            Mon 17 May 2027 15:15:48 +0000
asID:                     38136
IP address blocks:        141.11.42.0/24 maxlen: 24
                          141.11.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:35:84:8e:74:9b:ef:4e:af:3c:98:87:0c:b6:fc:32:9d:fc:43:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 18 15:10:48 2026 GMT
            Not After : May 17 15:15:48 2027 GMT
        Subject: CN=5D846BF2B1B5EFEF60D90774607DA4C28BC64032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:18:17:a6:a5:a5:5a:06:ac:db:93:65:b8:b0:
                    ec:f2:ff:92:bf:7e:af:30:11:82:ca:1e:bb:ab:b1:
                    d2:4f:b4:8b:86:fe:a2:66:fe:b8:89:8c:f7:9a:32:
                    43:a9:23:84:03:9c:8b:f0:f4:49:73:6f:67:69:f5:
                    83:d9:f5:15:47:fc:b8:44:f5:ff:86:a8:66:5a:a1:
                    3f:9e:e7:72:98:70:f5:ca:d5:0b:fb:f0:84:2d:44:
                    1e:dc:1b:65:54:72:9b:da:a5:34:36:74:bf:40:32:
                    5b:d1:fd:0a:24:cb:95:cf:eb:b4:4d:28:4a:54:74:
                    84:79:23:99:c1:0c:50:77:e1:c0:6a:c0:f8:50:d2:
                    7a:85:26:5f:0d:4e:67:5b:8e:41:98:a6:2d:9a:f8:
                    2e:65:e5:1d:f3:a9:19:57:c5:c1:39:17:4c:ce:0a:
                    38:af:5a:33:e1:33:11:ae:60:c5:80:e9:cc:3a:44:
                    60:f4:7a:39:86:18:ab:fe:00:2e:5d:df:83:87:fb:
                    8c:45:2d:7e:7b:3f:30:41:9f:4b:cf:e8:ba:5c:da:
                    6a:c1:d7:3a:2a:24:e3:c2:9a:f3:68:b4:f2:d2:5c:
                    a4:e5:8e:b6:f7:92:92:17:6b:a7:da:50:b2:69:e2:
                    9b:89:fb:64:dd:49:56:e2:df:42:f1:21:68:77:2c:
                    14:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:84:6B:F2:B1:B5:EF:EF:60:D9:07:74:60:7D:A4:C2:8B:C6:40:32
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.42.0/24
                  141.11.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:5e:60:01:9e:eb:c1:e6:a8:a1:21:6d:27:c3:35:1f:1e:de:
         c9:5d:89:62:b7:cc:fe:ce:74:8c:bd:af:b3:1a:1d:a1:50:ea:
         27:61:dc:97:8d:d8:f2:6d:17:16:c2:e9:8e:62:3e:e6:90:7a:
         67:db:e6:c7:15:a7:2e:a9:32:9f:0a:bf:98:bb:4b:ea:94:cb:
         a6:d8:80:cf:41:4d:ff:61:95:d7:1e:08:66:d0:8a:5c:a1:f4:
         d7:f9:b7:d3:81:0b:9c:6a:79:92:10:37:de:f7:1c:b2:1a:33:
         2b:d9:cf:80:b0:82:50:a0:aa:05:cf:49:39:90:ba:3e:01:13:
         ca:5d:29:11:4b:e2:06:a2:3d:75:ff:86:b7:f6:41:35:89:c6:
         1c:3c:7e:ed:55:ed:bb:7d:55:7e:c5:14:16:a5:08:4e:ea:af:
         c4:69:e0:b5:26:33:91:4e:8e:b7:03:ab:a8:f8:be:38:d4:a5:
         5e:06:70:81:c2:9f:7c:26:3b:80:d3:05:fa:ca:f9:94:14:00:
         25:d6:cf:77:2e:9c:9f:6a:f6:8a:ab:24:80:5a:b3:ad:b1:c4:
         2b:99:04:e0:dc:04:87:45:7f:e4:a3:ed:eb:2d:2f:7a:2b:9d:
         6e:2d:29:47:71:19:fc:49:de:67:e8:e3:59:9b:ea:bd:be:c3:
         f1:95:97:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUFjWEjnSb706vPJiHDLb8Mp38Q2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTgxNTEwNDhaFw0yNzA1MTcxNTE1NDhaMDMxMTAvBgNV
BAMTKDVEODQ2QkYyQjFCNUVGRUY2MEQ5MDc3NDYwN0RBNEMyOEJDNjQwMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6GBempaVaBqzbk2W4sOzy/5K/
fq8wEYLKHrursdJPtIuG/qJm/riJjPeaMkOpI4QDnIvw9Elzb2dp9YPZ9RVH/LhE
9f+GqGZaoT+e53KYcPXK1Qv78IQtRB7cG2VUcpvapTQ2dL9AMlvR/Qoky5XP67RN
KEpUdIR5I5nBDFB34cBqwPhQ0nqFJl8NTmdbjkGYpi2a+C5l5R3zqRlXxcE5F0zO
CjivWjPhMxGuYMWA6cw6RGD0ejmGGKv+AC5d34OH+4xFLX57PzBBn0vP6Lpc2mrB
1zoqJOPCmvNotPLSXKTljrb3kpIXa6faULJp4puJ+2TdSVbi30LxIWh3LBQnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUXYRr8rG17+9g2Qd0YH2kwovGQDIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzgxMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCyoD
BACNC38wDQYJKoZIhvcNAQELBQADggEBABdeYAGe68HmqKEhbSfDNR8e3sldiWK3
zP7OdIy9r7MaHaFQ6idh3JeN2PJtFxbC6Y5iPuaQemfb5scVpy6pMp8Kv5i7S+qU
y6bYgM9BTf9hldceCGbQilyh9Nf5t9OBC5xqeZIQN973HLIaMyvZz4CwglCgqgXP
STmQuj4BE8pdKRFL4gaiPXX/hrf2QTWJxhw8fu1V7bt9VX7FFBalCE7qr8Rp4LUm
M5FOjrcDq6j4vjjUpV4GcIHCn3wmO4DTBfrK+ZQUACXWz3cunJ9q9oqrJIBas62x
xCuZBODcBIdFf+Sj7estL3ornW4tKUdxGfxJ3mfo41mb6r2+w/GVl44=
-----END CERTIFICATE-----