Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137000.roa
File:                     AS137000.roa (raw, json)
Hash identifier:          06sFosIE/g79QzFqRbNrk0o3mE0l75a2sQeDGvDuCeo=
Subject key identifier:   F4:A8:52:63:90:1B:CA:F9:DB:14:53:EC:C1:55:51:2B:96:C7:90:90
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0F0D60B1D5514B7CC76561D8796998A91C7F653E
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137000.roa
Signing time:             Wed 03 Jun 2026 15:11:35 +0000
ROA not before:           Wed 03 Jun 2026 15:06:35 +0000
ROA not after:            Wed 02 Jun 2027 15:11:35 +0000
asID:                     137000
IP address blocks:        178.93.82.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 13:19:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:0d:60:b1:d5:51:4b:7c:c7:65:61:d8:79:69:98:a9:1c:7f:65:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  3 15:06:35 2026 GMT
            Not After : Jun  2 15:11:35 2027 GMT
        Subject: CN=F4A85263901BCAF9DB1453ECC155512B96C79090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c3:c7:a8:9e:a4:ab:4c:61:a5:16:ec:8b:f7:
                    3d:42:e0:a0:97:de:72:6d:5f:70:0c:5f:5d:f9:09:
                    51:f2:eb:17:9c:62:5a:07:eb:41:16:0d:3d:37:e6:
                    c9:9d:8a:fc:82:9d:fc:26:34:e0:f4:4f:5b:00:ba:
                    52:13:ea:31:cc:47:fd:c4:62:a3:01:6b:f3:39:f8:
                    28:83:50:07:42:12:19:65:c2:4b:fc:35:39:08:59:
                    ea:c9:e6:ae:83:5e:a9:41:85:db:66:2f:8d:db:68:
                    d4:9c:b9:bc:ea:45:b5:5c:09:84:0e:20:eb:9d:d8:
                    ca:3e:b7:90:1c:84:ae:10:01:bc:31:65:3e:37:54:
                    ee:e9:23:2c:17:51:8d:2e:1e:f3:d6:fb:82:51:11:
                    b5:6d:3d:1a:17:72:9c:9b:24:1f:a2:0a:71:2d:a1:
                    4e:6a:6d:c5:97:8b:c7:a0:50:64:79:b6:c2:39:c2:
                    44:01:e5:db:e7:85:81:1c:85:af:be:cb:44:e2:9b:
                    d5:d0:cd:34:e6:e8:c1:21:4e:fb:da:f1:67:ef:f2:
                    39:1f:b7:11:67:0a:c9:f4:8e:47:f7:d8:3b:1e:26:
                    47:88:b1:7c:98:8c:a1:3a:37:ff:6f:99:17:15:71:
                    54:17:d9:e7:ef:8c:1e:d4:26:b6:d9:2b:33:e3:6e:
                    33:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A8:52:63:90:1B:CA:F9:DB:14:53:EC:C1:55:51:2B:96:C7:90:90
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137000.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:3f:7a:63:8c:4f:ab:dc:d6:e6:28:11:02:27:30:b7:f3:2f:
         ad:d7:4c:bd:cf:d1:73:f4:c2:01:9e:f1:c3:c1:56:fa:af:34:
         ae:ed:18:7f:fb:f5:da:14:7f:f6:64:63:09:c0:a8:db:79:74:
         d3:89:56:d3:13:5b:9c:6c:a6:c3:e3:bb:cf:63:be:01:a3:64:
         f6:8d:3b:30:74:89:c1:82:70:19:17:18:49:19:0a:87:04:49:
         a7:de:3d:ef:b5:bc:03:69:c6:75:24:49:2d:c1:8f:6e:4f:97:
         a1:16:76:9c:4f:ea:45:d4:c8:09:12:d1:cd:58:39:5a:b1:53:
         94:e7:0d:5a:63:fb:c3:90:ab:59:1a:9a:6f:58:ef:e6:04:5c:
         be:52:78:46:90:28:a3:22:8f:21:49:25:aa:c2:4b:5c:1b:84:
         55:3e:c1:b0:7c:f4:6c:d2:97:cb:1b:80:ac:8d:66:0e:e6:ae:
         f8:b8:c2:ea:b5:32:fc:cb:56:a2:a9:44:3f:8f:ba:f1:de:ea:
         ab:c3:9e:c4:78:cd:e0:ff:0b:b0:34:e9:91:9a:55:52:c1:91:
         10:66:78:8d:9d:22:64:98:83:e2:cb:2a:fc:3e:1f:8e:1c:8b:
         9f:22:92:cb:7f:09:a8:1d:de:bd:00:98:9c:44:4d:7d:83:82:
         18:1c:41:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDw1gsdVRS3zHZWHYeWmYqRx/ZT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDMxNTA2MzVaFw0yNzA2MDIxNTExMzVaMDMxMTAvBgNV
BAMTKEY0QTg1MjYzOTAxQkNBRjlEQjE0NTNFQ0MxNTU1MTJCOTZDNzkwOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzw8eonqSrTGGlFuyL9z1C4KCX
3nJtX3AMX135CVHy6xecYloH60EWDT035smdivyCnfwmNOD0T1sAulIT6jHMR/3E
YqMBa/M5+CiDUAdCEhllwkv8NTkIWerJ5q6DXqlBhdtmL43baNScubzqRbVcCYQO
IOud2Mo+t5AchK4QAbwxZT43VO7pIywXUY0uHvPW+4JREbVtPRoXcpybJB+iCnEt
oU5qbcWXi8egUGR5tsI5wkQB5dvnhYEcha++y0Tim9XQzTTm6MEhTvva8Wfv8jkf
txFnCsn0jkf32DseJkeIsXyYjKE6N/9vmRcVcVQX2efvjB7UJrbZKzPjbjMHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9KhSY5AbyvnbFFPswVVRK5bHkJAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3MDAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsl1S
MA0GCSqGSIb3DQEBCwUAA4IBAQBjP3pjjE+r3NbmKBECJzC38y+t10y9z9Fz9MIB
nvHDwVb6rzSu7Rh/+/XaFH/2ZGMJwKjbeXTTiVbTE1ucbKbD47vPY74Bo2T2jTsw
dInBgnAZFxhJGQqHBEmn3j3vtbwDacZ1JEktwY9uT5ehFnacT+pF1MgJEtHNWDla
sVOU5w1aY/vDkKtZGppvWO/mBFy+UnhGkCijIo8hSSWqwktcG4RVPsGwfPRs0pfL
G4CsjWYO5q74uMLqtTL8y1aiqUQ/j7rx3uqrw57EeM3g/wuwNOmRmlVSwZEQZniN
nSJkmIPiyyr8Ph+OHIufIpLLfwmoHd69AJicRE19g4IYHEFP
-----END CERTIFICATE-----