Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          f6hI/bpPCYIw6IBBMnjAdp85FrfmRMPfi8hIJ9lLE+k=
Subject key identifier:   8B:D7:D8:B7:C0:F2:0E:58:55:BA:DC:C0:46:8B:0C:42:8C:D0:A8:EE
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       408148D7CA553B2349E1E440E69B6E6A700B7766
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa
Signing time:             Wed 24 Jun 2026 08:49:20 +0000
ROA not before:           Wed 24 Jun 2026 08:44:20 +0000
ROA not after:            Wed 23 Jun 2027 08:49:20 +0000
asID:                     137235
IP address blocks:        95.134.43.0/24 maxlen: 24
                          95.134.141.0/24 maxlen: 24
                          178.95.4.0/24 maxlen: 24
                          178.95.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:81:48:d7:ca:55:3b:23:49:e1:e4:40:e6:9b:6e:6a:70:0b:77:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 24 08:44:20 2026 GMT
            Not After : Jun 23 08:49:20 2027 GMT
        Subject: CN=8BD7D8B7C0F20E5855BADCC0468B0C428CD0A8EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:0a:72:f1:df:33:d4:e8:ff:53:28:be:fe:03:
                    50:7c:0a:9e:b8:4a:dd:dc:58:35:20:d1:f6:8f:ce:
                    24:3c:53:9c:59:77:17:74:95:18:6b:70:e8:96:66:
                    e7:50:26:1b:a4:61:09:bc:e1:af:9c:5b:5a:2b:18:
                    07:e4:7b:3d:d3:5e:1e:e8:ea:97:01:e9:67:7d:fb:
                    48:c8:a9:49:63:1f:55:74:27:18:d5:7a:20:62:38:
                    74:83:22:28:c3:b0:8a:c4:f0:9a:23:62:9a:8c:5d:
                    cf:82:84:40:ca:87:8a:55:cc:30:dc:a3:9c:ba:b7:
                    f0:ef:50:0b:87:dc:2b:8d:50:6c:91:cb:72:ce:ed:
                    2e:e1:fc:7c:e2:ab:f1:a4:8c:03:58:71:7d:8f:2b:
                    fb:07:58:4c:9e:5a:01:dd:d8:d6:b4:97:f4:f4:0e:
                    33:9b:55:ae:0b:78:e2:8f:20:dd:2f:01:11:2b:c9:
                    82:22:b1:e3:97:43:3f:bc:e9:b2:3b:85:ce:3f:18:
                    49:5a:32:4b:52:27:6c:96:f9:ae:86:21:db:47:49:
                    50:77:17:ff:76:c1:de:d4:65:bf:ee:41:b9:69:89:
                    49:6c:02:47:32:44:87:f2:6c:4a:45:da:e1:7c:6a:
                    14:3f:b0:ea:a6:7d:d8:97:e4:69:76:61:e5:ba:e6:
                    ad:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D7:D8:B7:C0:F2:0E:58:55:BA:DC:C0:46:8B:0C:42:8C:D0:A8:EE
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.43.0/24
                  95.134.141.0/24
                  178.95.4.0/24
                  178.95.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:de:28:a3:59:a6:4a:be:37:14:b5:d8:eb:87:7d:71:a1:f3:
         ee:40:06:42:fb:94:1e:d1:7f:c0:de:1e:03:ef:0f:ee:70:3c:
         8b:49:e5:34:c8:82:29:6c:b7:75:32:da:6f:35:74:77:4a:d7:
         4e:ed:51:2e:b2:66:f0:5e:49:c5:a7:05:c3:37:2f:10:6b:c4:
         06:66:9c:76:d8:b3:98:f4:95:79:e8:cb:25:0a:46:fe:2e:ac:
         dd:ec:8b:a3:d6:8a:5e:ac:e7:fa:0c:31:6e:33:5b:a7:a6:52:
         b9:3e:84:4b:20:f2:22:98:ab:e8:4f:75:b2:31:02:18:79:c9:
         3e:61:01:63:a4:37:37:40:20:94:e0:54:4f:7c:6c:fa:fa:e8:
         79:d2:81:6b:36:ef:f7:eb:f6:df:80:11:ac:3b:02:97:f6:db:
         f2:77:88:7e:15:7c:af:5e:95:f2:fe:79:c0:09:6a:f3:f0:a0:
         11:b9:4a:da:d7:75:b3:03:d5:d8:29:f0:83:38:d6:10:9e:b5:
         92:a9:d0:45:b5:0a:96:84:de:8c:5a:0c:de:5a:f3:37:32:8f:
         0c:3a:13:bb:ac:b5:b9:55:5e:fd:3a:1e:7b:1f:52:32:8b:b2:
         ed:af:28:44:7a:c9:30:76:50:f9:b3:07:4c:68:cd:32:a1:1e:
         5e:34:13:71
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUQIFI18pVOyNJ4eRA5ptuanALd2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjQwODQ0MjBaFw0yNzA2MjMwODQ5MjBaMDMxMTAvBgNV
BAMTKDhCRDdEOEI3QzBGMjBFNTg1NUJBRENDMDQ2OEIwQzQyOENEMEE4RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhCnLx3zPU6P9TKL7+A1B8Cp64
St3cWDUg0faPziQ8U5xZdxd0lRhrcOiWZudQJhukYQm84a+cW1orGAfkez3TXh7o
6pcB6Wd9+0jIqUljH1V0JxjVeiBiOHSDIijDsIrE8JojYpqMXc+ChEDKh4pVzDDc
o5y6t/DvUAuH3CuNUGyRy3LO7S7h/Hziq/GkjANYcX2PK/sHWEyeWgHd2Na0l/T0
DjObVa4LeOKPIN0vAREryYIiseOXQz+86bI7hc4/GElaMktSJ2yW+a6GIdtHSVB3
F/92wd7UZb/uQblpiUlsAkcyRIfybEpF2uF8ahQ/sOqmfdiX5Gl2YeW65q2RAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUi9fYt8DyDlhVutzARosMQozQqO4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX4Yr
AwQAX4aNAwQAsl8EAwQAsl/vMA0GCSqGSIb3DQEBCwUAA4IBAQAX3iijWaZKvjcU
tdjrh31xofPuQAZC+5Qe0X/A3h4D7w/ucDyLSeU0yIIpbLd1MtpvNXR3StdO7VEu
smbwXknFpwXDNy8Qa8QGZpx22LOY9JV56MslCkb+Lqzd7Iuj1operOf6DDFuM1un
plK5PoRLIPIimKvoT3WyMQIYeck+YQFjpDc3QCCU4FRPfGz6+uh50oFrNu/36/bf
gBGsOwKX9tvyd4h+FXyvXpXy/nnACWrz8KARuUra13WzA9XYKfCDONYQnrWSqdBF
tQqWhN6MWgzeWvM3Mo8MOhO7rLW5VV79Oh57H1Iyi7LtryhEeskwdlD5swdMaM0y
oR5eNBNx
-----END CERTIFICATE-----
Generated at Fri Jul 17 06:50:43 2026 by rpki-client