Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS138217.roa
File:                     AS138217.roa (raw, json)
Hash identifier:          Q5NzHFNP/tsDVbxv2VsAI9ngquPI5QgaWN3eoIhR9hI=
Subject key identifier:   A9:6E:1B:87:86:E8:C2:BF:00:3B:21:27:DD:1B:FE:42:3F:E4:73:CD
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6A966F1D3227CDB1AFEC2B9F9438301811F5B3E0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS138217.roa
Signing time:             Thu 18 Sep 2025 03:46:01 +0000
ROA not before:           Thu 18 Sep 2025 03:41:01 +0000
ROA not after:            Thu 17 Sep 2026 03:46:01 +0000
asID:                     138217
IP address blocks:        178.92.11.0/24 maxlen: 24
                          178.92.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:96:6f:1d:32:27:cd:b1:af:ec:2b:9f:94:38:30:18:11:f5:b3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 18 03:41:01 2025 GMT
            Not After : Sep 17 03:46:01 2026 GMT
        Subject: CN=A96E1B8786E8C2BF003B2127DD1BFE423FE473CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:db:c1:13:c9:fe:4c:53:41:e7:13:83:53:6c:
                    28:23:44:eb:6b:46:61:b2:50:46:a8:c6:90:63:d9:
                    f4:7b:b6:91:01:51:98:d9:26:9c:0d:29:b6:93:8a:
                    33:30:d5:ec:91:c5:80:c3:63:72:c4:01:f4:05:7c:
                    e6:8f:ad:17:19:2d:30:ae:27:a2:2c:32:7b:fe:05:
                    3d:87:ea:be:57:5c:07:8a:35:91:e6:0a:8f:3d:e7:
                    55:72:4d:71:76:99:36:fe:36:62:08:17:17:2d:21:
                    c4:6d:43:c8:4a:d5:da:79:e3:27:b5:68:f2:6b:82:
                    9c:86:21:e8:b3:13:2a:78:77:19:ef:6c:73:3e:8e:
                    58:a5:24:6f:3b:61:bd:95:7d:52:f0:5e:2f:ca:db:
                    36:5a:96:df:00:d3:70:a4:1e:88:cf:a1:6b:28:e5:
                    84:9c:c1:ce:93:26:40:14:29:aa:74:c8:41:ed:c1:
                    47:d2:c6:04:3f:97:ff:98:37:2e:ef:82:54:18:42:
                    3c:8f:f1:11:ed:22:fb:71:a1:42:3c:c9:74:7e:27:
                    bb:f0:f6:71:19:91:56:4e:cb:12:fc:51:d2:49:10:
                    77:90:be:08:59:59:19:fa:b3:99:69:56:39:76:68:
                    ad:71:7b:6a:89:89:03:6f:12:f1:33:a5:37:f7:a0:
                    53:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6E:1B:87:86:E8:C2:BF:00:3B:21:27:DD:1B:FE:42:3F:E4:73:CD
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS138217.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.11.0/24
                  178.92.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:4f:cb:dd:16:ba:00:cd:a3:15:e1:c1:4e:a6:36:a0:f3:58:
         82:f6:b4:0b:40:73:d9:6d:83:dc:1c:2c:a9:94:0f:29:3f:ac:
         b0:03:5f:31:11:0c:0d:e8:3a:46:99:28:48:e7:10:42:4b:a7:
         4f:36:73:c3:18:0d:71:0a:0a:51:10:9d:35:17:95:4d:6e:ad:
         28:15:cd:7e:5f:a3:7d:72:36:4d:d9:3d:83:e0:fa:d2:ac:40:
         75:08:8a:24:8a:3a:70:74:97:23:4b:cc:86:17:b3:ba:17:e4:
         8e:8d:b4:60:52:cc:51:42:44:98:1b:90:e0:fa:d1:09:72:d6:
         e8:d5:2a:4c:f4:48:23:b3:fa:99:c4:93:ab:62:ef:48:f9:04:
         b5:a8:0d:d6:26:42:e4:79:15:d5:d2:c9:ff:d2:fe:e5:2d:67:
         16:01:bd:ad:91:e2:d8:a8:be:8a:70:86:19:dd:c0:1e:e4:52:
         08:be:bc:b9:36:46:15:60:20:2d:02:32:65:26:68:a6:9c:78:
         ca:7d:41:d8:96:1c:99:52:c5:ec:9c:4d:aa:a4:64:37:24:b8:
         2f:be:2e:23:72:4d:27:0f:95:a9:fa:1e:9a:f9:18:93:d2:f1:
         99:d3:30:35:d6:92:47:c8:f0:62:ac:f8:68:45:c3:2f:a4:8e:
         66:47:ed:10
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUapZvHTInzbGv7CuflDgwGBH1s+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MTgwMzQxMDFaFw0yNjA5MTcwMzQ2MDFaMDMxMTAvBgNV
BAMTKEE5NkUxQjg3ODZFOEMyQkYwMDNCMjEyN0REMUJGRTQyM0ZFNDczQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA28ETyf5MU0HnE4NTbCgjROtr
RmGyUEaoxpBj2fR7tpEBUZjZJpwNKbaTijMw1eyRxYDDY3LEAfQFfOaPrRcZLTCu
J6IsMnv+BT2H6r5XXAeKNZHmCo8951VyTXF2mTb+NmIIFxctIcRtQ8hK1dp54ye1
aPJrgpyGIeizEyp4dxnvbHM+jlilJG87Yb2VfVLwXi/K2zZalt8A03CkHojPoWso
5YScwc6TJkAUKap0yEHtwUfSxgQ/l/+YNy7vglQYQjyP8RHtIvtxoUI8yXR+J7vw
9nEZkVZOyxL8UdJJEHeQvghZWRn6s5lpVjl2aK1xe2qJiQNvEvEzpTf3oFNDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUqW4bh4bowr8AOyEn3Rv+Qj/kc80wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM4MjE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAslwL
AwQAslwYMA0GCSqGSIb3DQEBCwUAA4IBAQCBT8vdFroAzaMV4cFOpjag81iC9rQL
QHPZbYPcHCyplA8pP6ywA18xEQwN6DpGmShI5xBCS6dPNnPDGA1xCgpREJ01F5VN
bq0oFc1+X6N9cjZN2T2D4PrSrEB1CIokijpwdJcjS8yGF7O6F+SOjbRgUsxRQkSY
G5Dg+tEJctbo1SpM9Egjs/qZxJOrYu9I+QS1qA3WJkLkeRXV0sn/0v7lLWcWAb2t
keLYqL6KcIYZ3cAe5FIIvry5NkYVYCAtAjJlJmimnHjKfUHYlhyZUsXsnE2qpGQ3
JLgvvi4jck0nD5Wp+h6a+RiT0vGZ0zA11pJHyPBirPhoRcMvpI5mR+0Q
-----END CERTIFICATE-----