Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          c1+N0fIse6xyrvnCmJmOM3rqoSWTtyImrqXHZi13VvA=
Subject key identifier:   20:87:62:04:35:E8:33:14:0F:93:94:4D:75:4C:26:3B:EF:CB:43:5E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2592728B666A8F57EEB17CC56C7EB0EAD149EA34
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa
Signing time:             Fri 14 Feb 2025 08:56:26 +0000
ROA not before:           Fri 14 Feb 2025 08:51:26 +0000
ROA not after:            Fri 13 Feb 2026 08:56:26 +0000
asID:                     137517
IP address blocks:        46.202.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:92:72:8b:66:6a:8f:57:ee:b1:7c:c5:6c:7e:b0:ea:d1:49:ea:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 14 08:51:26 2025 GMT
            Not After : Feb 13 08:56:26 2026 GMT
        Subject: CN=2087620435E833140F93944D754C263BEFCB435E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:90:b7:39:37:df:0c:9f:c5:79:a5:22:b6:4b:
                    71:c9:c7:4c:07:cd:d4:cb:d6:d9:cf:62:74:84:d0:
                    54:8a:9d:8a:eb:6e:ba:c3:6d:06:e6:f2:9c:85:cf:
                    5a:0e:65:89:f7:d6:63:4a:79:4e:c4:eb:db:62:c8:
                    e8:85:f4:82:fd:68:af:79:54:fa:d9:6c:c4:96:cb:
                    16:b6:da:cd:99:27:c9:8c:bb:4a:eb:3e:4f:30:fd:
                    92:20:cd:87:1b:7c:9e:11:bf:0d:df:41:a3:fc:60:
                    f1:e7:f9:44:c9:12:bd:16:15:51:37:e4:a3:0d:9b:
                    20:71:09:97:bf:a0:87:8e:a5:69:eb:bc:71:b6:68:
                    ae:b8:62:96:bb:55:2f:df:9f:16:57:77:f2:39:4c:
                    a3:d4:c7:67:5f:cb:97:85:5f:c8:75:9a:fe:c3:a6:
                    e7:d2:94:01:14:e5:09:47:6c:5c:9d:32:d0:6a:34:
                    60:6d:d4:5d:64:c6:52:77:b0:25:8d:c2:e2:0d:a6:
                    30:7d:63:6f:31:1e:34:a2:96:54:f1:e4:a4:e0:d5:
                    2d:94:57:2e:e0:d1:a5:b6:c1:c5:80:59:61:65:a1:
                    bc:b7:e1:52:7c:0f:58:7e:3f:d2:f9:a6:ad:b6:aa:
                    0c:7d:8b:d8:10:1a:72:4c:8a:e6:a1:7d:96:37:54:
                    37:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:87:62:04:35:E8:33:14:0F:93:94:4D:75:4C:26:3B:EF:CB:43:5E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:fc:41:da:59:28:2b:cc:c5:81:c2:ff:97:e3:63:c4:3b:4b:
         91:56:52:f0:6b:31:b3:dc:03:30:39:59:30:a5:e6:a6:ff:c7:
         32:d5:92:4c:65:b3:40:28:f1:de:dd:fa:31:ae:c3:83:46:5c:
         3b:ac:1e:d4:7e:07:63:04:8b:fc:82:25:27:87:86:e1:f2:f3:
         db:53:e0:d9:eb:bd:f7:b3:51:cf:2b:71:41:d8:ff:50:47:10:
         d5:4f:03:d2:73:69:98:e0:ca:c8:84:93:c4:72:cd:44:74:c8:
         d6:92:2c:27:29:ba:33:73:6b:90:c3:03:8d:85:65:10:d8:6c:
         4f:03:c8:b7:69:fa:4b:49:80:d7:be:cd:08:8a:2b:18:c2:34:
         3c:0e:be:6d:91:d5:e9:7f:36:bc:0e:f5:ac:eb:bf:1d:e8:9d:
         65:a0:8b:3c:5a:1f:fa:8d:6e:e5:1a:d8:32:45:cd:30:ab:c7:
         cf:67:0c:bf:06:1a:30:60:3d:a5:b0:08:ca:01:98:36:c5:e5:
         4d:76:a8:ef:78:21:9b:5c:18:aa:c8:24:b5:5a:e7:27:c1:e3:
         c7:e1:8a:f6:32:4b:85:a1:d3:ef:e0:8a:87:38:e6:62:39:f8:
         27:46:de:46:c3:0f:e7:9c:cb:e6:44:96:06:42:32:3f:49:eb:
         46:5f:70:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJZJyi2Zqj1fusXzFbH6w6tFJ6jQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAyMTQwODUxMjZaFw0yNjAyMTMwODU2MjZaMDMxMTAvBgNV
BAMTKDIwODc2MjA0MzVFODMzMTQwRjkzOTQ0RDc1NEMyNjNCRUZDQjQzNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzkLc5N98Mn8V5pSK2S3HJx0wH
zdTL1tnPYnSE0FSKnYrrbrrDbQbm8pyFz1oOZYn31mNKeU7E69tiyOiF9IL9aK95
VPrZbMSWyxa22s2ZJ8mMu0rrPk8w/ZIgzYcbfJ4Rvw3fQaP8YPHn+UTJEr0WFVE3
5KMNmyBxCZe/oIeOpWnrvHG2aK64Ypa7VS/fnxZXd/I5TKPUx2dfy5eFX8h1mv7D
pufSlAEU5QlHbFydMtBqNGBt1F1kxlJ3sCWNwuINpjB9Y28xHjSillTx5KTg1S2U
Vy7g0aW2wcWAWWFloby34VJ8D1h+P9L5pq22qgx9i9gQGnJMiuahfZY3VDcbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIIdiBDXoMxQPk5RNdUwmO+/LQ14wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsot
MA0GCSqGSIb3DQEBCwUAA4IBAQB+/EHaWSgrzMWBwv+X42PEO0uRVlLwazGz3AMw
OVkwpeam/8cy1ZJMZbNAKPHe3foxrsODRlw7rB7UfgdjBIv8giUnh4bh8vPbU+DZ
6733s1HPK3FB2P9QRxDVTwPSc2mY4MrIhJPEcs1EdMjWkiwnKbozc2uQwwONhWUQ
2GxPA8i3afpLSYDXvs0IiisYwjQ8Dr5tkdXpfza8DvWs678d6J1loIs8Wh/6jW7l
GtgyRc0wq8fPZwy/BhowYD2lsAjKAZg2xeVNdqjveCGbXBiqyCS1WucnwePH4Yr2
MkuFodPv4IqHOOZiOfgnRt5Gww/nnMvmRJYGQjI/SetGX3AK
-----END CERTIFICATE-----