Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135636.roa
File:                     AS135636.roa (raw, json)
Hash identifier:          22Ct4GZYpcVZs0fvYdOCkXBKVPB667KZfKTrd0Fsn9w=
Subject key identifier:   93:29:4F:C0:0B:3C:4D:E5:A6:EB:74:7E:2F:CC:83:FF:22:11:3C:7A
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7018C8A55745FA297E671628BD3D730AF99A2C6A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135636.roa
Signing time:             Mon 29 Sep 2025 14:11:31 +0000
ROA not before:           Mon 29 Sep 2025 14:06:31 +0000
ROA not after:            Mon 28 Sep 2026 14:11:31 +0000
asID:                     135636
IP address blocks:        178.92.64.0/24 maxlen: 24
                          178.93.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:18:c8:a5:57:45:fa:29:7e:67:16:28:bd:3d:73:0a:f9:9a:2c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 29 14:06:31 2025 GMT
            Not After : Sep 28 14:11:31 2026 GMT
        Subject: CN=93294FC00B3C4DE5A6EB747E2FCC83FF22113C7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a6:b0:74:fd:42:4a:a2:01:1e:d8:e3:a6:aa:
                    0e:6e:c8:e8:ed:94:ac:33:f0:c8:84:f5:31:38:45:
                    48:79:6d:65:e5:a3:91:b9:9d:c3:42:bb:04:d0:26:
                    6a:45:dd:5e:50:dc:8a:eb:b6:cb:2b:76:2e:5e:03:
                    13:dc:5d:61:69:49:af:23:9a:c4:4c:68:7d:b9:6d:
                    ae:4f:c5:a1:a5:20:96:bc:1c:c2:61:55:44:ba:1e:
                    14:8a:4d:cb:8d:73:f3:a2:e5:77:e7:92:07:71:ea:
                    5b:cb:c6:8c:ba:65:a6:d4:77:79:81:24:d6:64:24:
                    5b:55:c1:17:ab:28:57:0b:5c:67:4f:1f:0d:2b:b3:
                    01:05:2a:54:58:3a:70:01:0e:37:bd:cf:73:d3:15:
                    23:b6:a4:85:8d:01:95:96:d0:ae:25:ab:a0:1c:c2:
                    20:67:65:aa:fe:b0:5e:6f:8d:14:04:f4:f6:4d:db:
                    df:03:da:49:65:b6:23:79:bc:c2:26:9b:34:81:c8:
                    d9:b4:95:b8:01:e5:63:e8:2e:50:92:4c:2a:ea:8e:
                    47:56:75:e0:04:1f:99:59:31:be:a5:e8:b3:3b:8c:
                    40:22:8a:e6:cb:3d:34:88:9a:0b:20:d4:16:77:34:
                    ec:9b:7e:eb:05:6a:ce:e0:18:ae:d0:18:4c:8b:c1:
                    0e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:29:4F:C0:0B:3C:4D:E5:A6:EB:74:7E:2F:CC:83:FF:22:11:3C:7A
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.64.0/24
                  178.93.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e5:c7:28:60:d6:4c:0b:f1:39:83:8f:b5:7f:40:47:dd:0f:
         f7:c9:9c:d9:82:23:77:16:fc:87:dc:65:8c:3b:45:f2:b3:5b:
         91:ab:ee:ed:92:93:e1:f8:f6:56:02:d2:02:04:af:76:9d:a5:
         dd:2d:41:66:af:bc:5d:95:03:e2:e1:bd:66:c9:d6:c5:88:99:
         f3:9b:f0:44:11:10:ee:fa:cd:1e:20:11:1f:08:0a:eb:b3:af:
         10:01:fe:dd:f9:e9:34:cf:c3:30:7e:cd:fe:27:c7:5c:cb:d9:
         01:84:82:9f:aa:71:82:7f:e5:84:2a:52:17:81:98:9c:ac:4c:
         29:17:d0:6e:5c:84:8b:6e:c8:92:16:12:db:5a:4c:19:72:e9:
         20:ea:62:81:46:0d:7b:a8:ec:0d:40:88:d4:59:4f:a7:30:1b:
         e8:db:81:97:23:a2:6f:c5:4d:f9:9f:a1:0a:8e:8e:e7:68:d8:
         5e:d7:70:9c:87:c6:36:98:62:32:c3:46:e4:14:7f:56:07:84:
         05:88:eb:00:77:32:f6:74:42:b0:e2:cf:c1:1a:74:63:d4:0b:
         6e:1f:de:71:0a:11:38:32:35:65:c5:95:50:6a:eb:fe:25:1a:
         2b:8d:f6:f1:e6:8f:92:26:f5:d7:a4:8a:dc:f1:25:c8:36:06:
         01:f0:ab:2f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcBjIpVdF+il+ZxYovT1zCvmaLGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MjkxNDA2MzFaFw0yNjA5MjgxNDExMzFaMDMxMTAvBgNV
BAMTKDkzMjk0RkMwMEIzQzRERTVBNkVCNzQ3RTJGQ0M4M0ZGMjIxMTNDN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7prB0/UJKogEe2OOmqg5uyOjt
lKwz8MiE9TE4RUh5bWXlo5G5ncNCuwTQJmpF3V5Q3Irrtssrdi5eAxPcXWFpSa8j
msRMaH25ba5PxaGlIJa8HMJhVUS6HhSKTcuNc/Oi5Xfnkgdx6lvLxoy6ZabUd3mB
JNZkJFtVwRerKFcLXGdPHw0rswEFKlRYOnABDje9z3PTFSO2pIWNAZWW0K4lq6Ac
wiBnZar+sF5vjRQE9PZN298D2klltiN5vMImmzSByNm0lbgB5WPoLlCSTCrqjkdW
deAEH5lZMb6l6LM7jEAiiubLPTSImgsg1BZ3NOybfusFas7gGK7QGEyLwQ6DAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUkylPwAs8TeWm63R+L8yD/yIRPHowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM1NjM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAslxA
AwQAsl0VMA0GCSqGSIb3DQEBCwUAA4IBAQA35ccoYNZMC/E5g4+1f0BH3Q/3yZzZ
giN3FvyH3GWMO0Xys1uRq+7tkpPh+PZWAtICBK92naXdLUFmr7xdlQPi4b1mydbF
iJnzm/BEERDu+s0eIBEfCArrs68QAf7d+ek0z8Mwfs3+J8dcy9kBhIKfqnGCf+WE
KlIXgZicrEwpF9BuXISLbsiSFhLbWkwZcukg6mKBRg17qOwNQIjUWU+nMBvo24GX
I6JvxU35n6EKjo7naNhe13Cch8Y2mGIyw0bkFH9WB4QFiOsAdzL2dEKw4s/BGnRj
1AtuH95xChE4MjVlxZVQauv+JRorjfbx5o+SJvXXpIrc8SXINgYB8Ksv
-----END CERTIFICATE-----