Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS136744.roa
File:                     AS136744.roa (raw, json)
Hash identifier:          AC6WQ1PDbk7uDzM5gdFZ0y3ykWFIZUkQvTjRiBnnbAE=
Subject key identifier:   88:E8:94:E4:B0:70:4F:C3:D7:B2:5C:04:D4:7D:07:C0:6A:D2:2B:C6
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       6891F5B93820359C695232E3C75DAB252996AE30
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS136744.roa
Signing time:             Wed 04 Mar 2026 08:30:27 +0000
ROA not before:           Wed 04 Mar 2026 08:25:27 +0000
ROA not after:            Wed 03 Mar 2027 08:30:27 +0000
asID:                     136744
IP address blocks:        147.125.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Mar 2026 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:91:f5:b9:38:20:35:9c:69:52:32:e3:c7:5d:ab:25:29:96:ae:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:27 2026 GMT
            Not After : Mar  3 08:30:27 2027 GMT
        Subject: CN=88E894E4B0704FC3D7B25C04D47D07C06AD22BC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:46:ba:fe:a1:03:45:94:90:3d:cb:b8:81:f5:
                    ce:cb:14:a6:8e:8b:27:6f:c3:68:36:71:f3:6b:bc:
                    a7:91:9c:a5:dd:be:21:74:eb:92:af:52:80:73:00:
                    61:8e:a0:87:27:13:89:22:25:13:bf:69:91:93:53:
                    c0:52:9e:60:5e:a6:00:f8:81:f1:94:fd:53:cb:72:
                    7e:b9:40:f9:21:87:2e:ce:0e:53:08:dc:67:0e:05:
                    48:1c:6e:f9:b6:a0:ce:c6:99:44:09:d9:62:26:54:
                    f7:1b:b8:1d:1d:ed:34:85:68:a1:f9:a0:3a:85:86:
                    06:27:43:bd:f1:87:bb:50:ba:34:c9:da:89:e2:24:
                    6b:9c:68:6d:62:ee:88:f3:55:c3:04:1e:a7:20:b0:
                    27:21:43:e9:c3:b3:2b:a8:dd:24:1f:57:5b:a8:36:
                    bb:eb:67:7e:01:5e:3e:2e:84:9e:3b:30:c1:d1:3e:
                    da:1c:5f:1a:e3:17:aa:ae:d6:ee:16:a1:4d:10:9d:
                    ac:bc:0b:1d:84:fb:8e:59:b0:f0:ae:d2:f1:f7:36:
                    83:44:03:f5:57:59:55:39:47:82:14:de:87:43:f0:
                    a2:34:97:e1:9d:53:37:a7:b8:a3:3f:be:a6:83:c8:
                    8c:fd:b7:2d:40:86:ad:43:3a:84:3e:f3:df:fd:8c:
                    1a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E8:94:E4:B0:70:4F:C3:D7:B2:5C:04:D4:7D:07:C0:6A:D2:2B:C6
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS136744.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:9c:cd:78:af:81:28:e6:67:65:b9:31:42:aa:83:a4:cd:20:
         34:da:a1:44:4f:27:f5:ec:b4:3a:d1:e5:11:71:8b:29:00:69:
         d2:67:6d:1a:4c:06:e5:14:84:3b:64:f3:59:2a:68:6c:60:50:
         f2:0a:cd:29:b3:9d:de:fa:4b:0b:45:d1:aa:f2:5f:c8:e1:5d:
         01:b5:27:2a:d3:7d:ba:24:ac:1d:b6:59:87:d2:0b:f4:0b:24:
         ad:23:ce:bd:37:92:c1:c6:55:99:d4:4b:db:a0:bb:1b:96:d3:
         ac:e2:aa:1e:fe:69:d5:d6:22:56:d7:23:06:bc:bb:05:aa:ab:
         33:f2:34:8f:18:04:0f:60:a6:0d:05:79:bb:12:88:1b:96:d7:
         16:db:b1:f9:a3:9e:49:e3:c2:54:27:f3:72:68:76:9a:b0:cd:
         31:45:93:e2:dc:2d:44:c2:3c:48:a6:af:f0:0d:6a:b7:fb:62:
         f3:fa:7b:ce:a6:49:0d:46:93:5c:5a:78:bf:7d:f8:a2:87:12:
         fc:b2:54:4c:6d:55:42:a2:6b:4e:19:ca:3a:05:35:40:d6:c9:
         c2:64:56:e8:cc:92:d6:6a:f1:17:80:8a:3d:fe:81:4a:49:44:
         27:07:05:f2:74:b5:5c:7b:f4:c3:9f:b1:78:29:b7:c5:fc:b8:
         e4:bb:85:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaJH1uTggNZxpUjLjx12rJSmWrjAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjdaFw0yNzAzMDMwODMwMjdaMDMxMTAvBgNV
BAMTKDg4RTg5NEU0QjA3MDRGQzNEN0IyNUMwNEQ0N0QwN0MwNkFEMjJCQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoRrr+oQNFlJA9y7iB9c7LFKaO
iydvw2g2cfNrvKeRnKXdviF065KvUoBzAGGOoIcnE4kiJRO/aZGTU8BSnmBepgD4
gfGU/VPLcn65QPkhhy7ODlMI3GcOBUgcbvm2oM7GmUQJ2WImVPcbuB0d7TSFaKH5
oDqFhgYnQ73xh7tQujTJ2oniJGucaG1i7ojzVcMEHqcgsCchQ+nDsyuo3SQfV1uo
NrvrZ34BXj4uhJ47MMHRPtocXxrjF6qu1u4WoU0Qnay8Cx2E+45ZsPCu0vH3NoNE
A/VXWVU5R4IU3odD8KI0l+GdUzenuKM/vqaDyIz9ty1Ahq1DOoQ+89/9jBqlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiOiU5LBwT8PXslwE1H0HwGrSK8YwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMTM2NzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk33Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAFnM14r4Eo5mdluTFCqoOkzSA02qFETyf17LQ6
0eURcYspAGnSZ20aTAblFIQ7ZPNZKmhsYFDyCs0ps53e+ksLRdGq8l/I4V0BtScq
0326JKwdtlmH0gv0CyStI869N5LBxlWZ1EvboLsbltOs4qoe/mnV1iJW1yMGvLsF
qqsz8jSPGAQPYKYNBXm7EogbltcW27H5o55J48JUJ/NyaHaasM0xRZPi3C1EwjxI
pq/wDWq3+2Lz+nvOpkkNRpNcWni/ffiihxL8slRMbVVComtOGco6BTVA1snCZFbo
zJLWavEXgIo9/oFKSUQnBwXydLVce/TDn7F4KbfF/Ljku4V+
-----END CERTIFICATE-----