Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS134289.roa
File:                     AS134289.roa (raw, json)
Hash identifier:          ZsF4WzHrooHeoxW/iEwD/j/R8uNLVe4mWsMxz7mK0lo=
Subject key identifier:   FA:66:F8:E1:DF:8F:A5:2A:1B:6F:54:42:C4:45:14:EB:56:46:29:8F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       474E73548B249894ED06D8E17657211C9591E820
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS134289.roa
Signing time:             Mon 22 Jun 2026 19:06:17 +0000
ROA not before:           Mon 22 Jun 2026 19:01:17 +0000
ROA not after:            Mon 21 Jun 2027 19:06:17 +0000
asID:                     134289
IP address blocks:        46.202.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 23 Jun 2026 20:50:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4e:73:54:8b:24:98:94:ed:06:d8:e1:76:57:21:1c:95:91:e8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 22 19:01:17 2026 GMT
            Not After : Jun 21 19:06:17 2027 GMT
        Subject: CN=FA66F8E1DF8FA52A1B6F5442C44514EB5646298F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c3:e9:31:3a:e9:89:44:2b:48:91:88:2a:b3:
                    ef:cb:b2:13:03:92:79:f6:d7:56:5d:b1:6f:f0:17:
                    da:7e:c1:73:5f:90:a7:65:0b:d1:7e:7a:f6:9c:dd:
                    ca:af:74:36:92:06:d7:6b:a2:94:6f:71:53:84:c7:
                    6a:75:b6:db:1c:af:5f:92:0a:c0:00:e2:5e:c7:0f:
                    35:aa:48:ac:d3:47:58:2b:91:88:f6:25:83:97:11:
                    41:aa:4d:0d:0a:76:81:43:63:67:2f:66:a7:74:87:
                    99:d5:eb:f9:52:f7:f1:3f:2d:b1:fd:4a:17:d8:61:
                    34:32:c1:46:6f:40:c5:cf:e4:b5:ac:36:aa:4b:4a:
                    ca:79:1a:04:f0:b7:ad:73:70:27:ee:2d:ba:03:e8:
                    6a:96:43:bf:a5:2e:8e:96:81:1f:b0:a5:98:0f:b0:
                    48:cf:ac:ac:61:98:b5:41:8f:34:97:7e:f2:08:59:
                    8a:32:c7:98:84:02:9b:9c:01:eb:ec:cc:26:1d:3a:
                    13:58:f0:49:b1:ca:de:2d:e3:21:4e:db:48:40:97:
                    12:41:29:7a:ea:6b:3f:fb:73:20:1d:d6:ef:0c:91:
                    bf:05:7f:00:33:51:de:00:d0:3f:e1:5e:6d:1e:b7:
                    6d:8f:ab:c8:b2:05:4e:5f:b8:77:de:75:90:dd:2e:
                    61:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:66:F8:E1:DF:8F:A5:2A:1B:6F:54:42:C4:45:14:EB:56:46:29:8F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS134289.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:15:d0:1b:2f:d4:25:c1:4b:90:52:c3:20:a5:a8:57:69:e2:
         a9:19:d4:8b:17:89:a2:7b:8c:0a:a3:f9:6c:21:2a:65:b6:ff:
         1a:9c:d9:5c:f5:be:ec:57:94:24:75:28:53:3c:7a:6b:12:4b:
         14:f9:33:b6:df:36:cb:f8:83:8b:4b:8a:46:61:4f:37:fe:b2:
         32:dc:91:cd:58:3e:7f:70:a8:d6:7f:3e:eb:d3:6d:64:72:ba:
         f5:d4:f3:5d:7f:35:60:b5:59:d5:4f:db:84:6a:ee:3b:d2:57:
         be:cd:17:51:af:37:e6:09:b5:50:b6:fb:66:a8:4c:ae:be:8a:
         3e:69:a7:ea:18:98:7b:de:95:e6:2a:6f:cf:aa:6a:d7:b2:08:
         31:cd:db:45:c5:32:2e:98:8c:03:5e:01:0c:8a:05:82:94:18:
         06:b8:d0:08:90:6b:f7:9e:47:74:a6:e2:20:e3:30:0b:63:4a:
         6c:49:91:ef:53:90:1b:00:ab:00:bf:a6:1b:65:b4:99:02:f8:
         4c:68:d5:35:b5:9b:89:94:b9:06:68:42:8a:c7:12:9d:52:be:
         e5:2a:ea:0e:8c:06:5c:4d:de:fc:71:7e:60:bf:60:cb:fd:6a:
         e2:98:50:98:bd:83:fc:f6:0a:ee:eb:69:df:44:68:ea:fa:33:
         7c:1d:6a:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUR05zVIskmJTtBtjhdlchHJWR6CAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjIxOTAxMTdaFw0yNzA2MjExOTA2MTdaMDMxMTAvBgNV
BAMTKEZBNjZGOEUxREY4RkE1MkExQjZGNTQ0MkM0NDUxNEVCNTY0NjI5OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSw+kxOumJRCtIkYgqs+/LshMD
knn211ZdsW/wF9p+wXNfkKdlC9F+evac3cqvdDaSBtdropRvcVOEx2p1ttscr1+S
CsAA4l7HDzWqSKzTR1grkYj2JYOXEUGqTQ0KdoFDY2cvZqd0h5nV6/lS9/E/LbH9
ShfYYTQywUZvQMXP5LWsNqpLSsp5GgTwt61zcCfuLboD6GqWQ7+lLo6WgR+wpZgP
sEjPrKxhmLVBjzSXfvIIWYoyx5iEApucAevszCYdOhNY8Emxyt4t4yFO20hAlxJB
KXrqaz/7cyAd1u8Mkb8FfwAzUd4A0D/hXm0et22Pq8iyBU5fuHfedZDdLmGBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+mb44d+PpSobb1RCxEUU61ZGKY8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM0Mjg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALspG
MA0GCSqGSIb3DQEBCwUAA4IBAQCDFdAbL9QlwUuQUsMgpahXaeKpGdSLF4mie4wK
o/lsISpltv8anNlc9b7sV5QkdShTPHprEksU+TO23zbL+IOLS4pGYU83/rIy3JHN
WD5/cKjWfz7r021kcrr11PNdfzVgtVnVT9uEau470le+zRdRrzfmCbVQtvtmqEyu
voo+aafqGJh73pXmKm/PqmrXsggxzdtFxTIumIwDXgEMigWClBgGuNAIkGv3nkd0
puIg4zALY0psSZHvU5AbAKsAv6YbZbSZAvhMaNU1tZuJlLkGaEKKxxKdUr7lKuoO
jAZcTd78cX5gv2DL/WrimFCYvYP89gru62nfRGjq+jN8HWot
-----END CERTIFICATE-----