Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa
File:                     AS136557.roa (raw, json)
Hash identifier:          i0LABWhEHTzWZmVcMg3TBUi9LNj80C7d/zxRxhjxEYk=
Subject key identifier:   B3:FA:F2:56:D9:D2:07:3A:14:A9:10:71:B7:F1:DE:68:70:1A:50:61
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0F71EE9F348A9C995FA2F70E634F1D1DAE415520
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa
Signing time:             Thu 13 Feb 2025 09:09:32 +0000
ROA not before:           Thu 13 Feb 2025 09:04:32 +0000
ROA not after:            Thu 12 Feb 2026 09:09:32 +0000
asID:                     136557
IP address blocks:        91.124.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:71:ee:9f:34:8a:9c:99:5f:a2:f7:0e:63:4f:1d:1d:ae:41:55:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 13 09:04:32 2025 GMT
            Not After : Feb 12 09:09:32 2026 GMT
        Subject: CN=B3FAF256D9D2073A14A91071B7F1DE68701A5061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cc:eb:92:17:f7:be:74:86:72:64:29:e2:a3:
                    b8:df:d1:bc:25:9f:1e:1c:87:c8:49:6b:63:43:6b:
                    a1:a5:c6:21:ec:94:64:45:a5:15:9f:b6:62:a2:5c:
                    54:14:8b:31:1b:5c:10:19:bb:96:1a:e2:18:ce:2f:
                    4c:e6:24:cc:ba:6d:22:08:43:a1:2e:50:b9:0f:fe:
                    60:ce:e9:99:4e:ff:0e:ec:eb:89:98:aa:ce:03:dc:
                    40:98:b1:f1:72:7d:33:09:7a:b0:3b:ed:6c:32:1c:
                    e1:69:d5:c2:de:4a:17:0e:8d:07:41:51:03:2f:5c:
                    2c:2f:3b:c2:1f:69:41:ac:6f:25:61:7c:d5:92:2f:
                    fc:45:d3:f9:4d:be:02:a7:1b:2d:74:4d:01:4b:72:
                    2b:ae:59:6b:4c:f2:e2:5d:42:8d:36:77:ea:b2:58:
                    9a:10:19:95:38:c5:91:5b:71:68:43:16:7e:59:34:
                    05:d5:9b:03:39:ba:a8:0b:dc:75:70:e5:0b:a5:6e:
                    07:02:6d:f9:c5:ba:47:89:53:52:a8:d0:8a:0f:89:
                    2b:2e:26:f1:eb:9b:ac:97:bd:4f:8a:e6:88:cd:71:
                    54:72:76:be:f1:00:82:6e:2c:0d:3e:de:6b:df:94:
                    45:ff:1e:05:08:98:d9:b0:f8:9b:c1:c0:3d:8c:25:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:FA:F2:56:D9:D2:07:3A:14:A9:10:71:B7:F1:DE:68:70:1A:50:61
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:32:21:f2:54:69:b1:a1:93:ab:fc:44:a9:ef:4b:b1:ab:8f:
         cb:59:ed:a6:b1:63:3c:a5:75:4d:3c:d1:86:67:a7:23:ae:e9:
         b5:66:ec:89:50:4c:62:05:a5:b2:b1:f4:0c:94:ec:a0:c0:b0:
         97:77:07:1d:44:87:f6:77:aa:7c:f2:98:c4:d7:ed:e0:bf:c0:
         65:6d:8b:ed:13:8a:54:7e:00:bb:85:96:37:f3:5a:1e:b8:5f:
         5d:a8:25:7e:7e:be:b2:33:f2:d0:0c:e5:e6:4f:40:b7:8a:77:
         9b:03:14:ef:e2:ce:a4:63:bb:5d:7f:15:7c:08:85:41:3e:4d:
         0b:d8:bd:87:75:ce:5e:2e:01:2e:da:4d:d3:37:be:60:4e:b2:
         40:4f:59:55:5e:9d:2c:63:6c:64:6c:be:3a:34:32:2f:01:6b:
         ea:a6:1c:c9:ca:df:71:fb:db:f6:75:c6:a0:04:89:7d:a9:c8:
         e7:d8:6d:16:c9:74:53:1b:8a:74:bb:69:e6:4c:5e:7a:27:ea:
         bc:97:7c:b2:f0:7b:24:b4:01:c8:cb:c9:a4:d1:a8:ef:e6:ed:
         bf:03:77:1c:9d:6e:a9:42:ad:82:4a:cc:f5:90:a3:58:ab:f0:
         b1:4a:7d:65:ec:83:66:19:70:b8:c8:3f:67:5c:f5:63:85:67:
         e0:87:cf:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUD3HunzSKnJlfovcOY08dHa5BVSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAyMTMwOTA0MzJaFw0yNjAyMTIwOTA5MzJaMDMxMTAvBgNV
BAMTKEIzRkFGMjU2RDlEMjA3M0ExNEE5MTA3MUI3RjFERTY4NzAxQTUwNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuzOuSF/e+dIZyZCnio7jf0bwl
nx4ch8hJa2NDa6GlxiHslGRFpRWftmKiXFQUizEbXBAZu5Ya4hjOL0zmJMy6bSII
Q6EuULkP/mDO6ZlO/w7s64mYqs4D3ECYsfFyfTMJerA77WwyHOFp1cLeShcOjQdB
UQMvXCwvO8IfaUGsbyVhfNWSL/xF0/lNvgKnGy10TQFLciuuWWtM8uJdQo02d+qy
WJoQGZU4xZFbcWhDFn5ZNAXVmwM5uqgL3HVw5QulbgcCbfnFukeJU1Ko0IoPiSsu
JvHrm6yXvU+K5ojNcVRydr7xAIJuLA0+3mvflEX/HgUImNmw+JvBwD2MJcedAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUs/ryVtnSBzoUqRBxt/HeaHAaUGEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM2NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3wM
MA0GCSqGSIb3DQEBCwUAA4IBAQBXMiHyVGmxoZOr/ESp70uxq4/LWe2msWM8pXVN
PNGGZ6cjrum1ZuyJUExiBaWysfQMlOygwLCXdwcdRIf2d6p88pjE1+3gv8BlbYvt
E4pUfgC7hZY381oeuF9dqCV+fr6yM/LQDOXmT0C3inebAxTv4s6kY7tdfxV8CIVB
Pk0L2L2Hdc5eLgEu2k3TN75gTrJAT1lVXp0sY2xkbL46NDIvAWvqphzJyt9x+9v2
dcagBIl9qcjn2G0WyXRTG4p0u2nmTF56J+q8l3yy8HsktAHIy8mk0ajv5u2/A3cc
nW6pQq2CSsz1kKNYq/CxSn1l7INmGXC4yD9nXPVjhWfgh88x
-----END CERTIFICATE-----