Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS132009.roa
File:                     AS132009.roa (raw, json)
Hash identifier:          jgb0ktE8ObrIXiBRMG61zryNYYsZQoE+wuR0lksStXg=
Subject key identifier:   F4:19:87:3C:06:78:D2:12:7A:FA:88:D9:20:64:E3:5E:31:E1:6D:8D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1D4040E6E40EBB3DA1275A315A2AA8B5986DBAA1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS132009.roa
Signing time:             Tue 27 Jan 2026 06:14:16 +0000
ROA not before:           Tue 27 Jan 2026 06:09:16 +0000
ROA not after:            Tue 26 Jan 2027 06:14:16 +0000
asID:                     132009
IP address blocks:        155.117.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:40:40:e6:e4:0e:bb:3d:a1:27:5a:31:5a:2a:a8:b5:98:6d:ba:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 27 06:09:16 2026 GMT
            Not After : Jan 26 06:14:16 2027 GMT
        Subject: CN=F419873C0678D2127AFA88D92064E35E31E16D8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a7:52:d7:8f:aa:5d:c6:ab:3d:58:f2:e0:d1:
                    05:21:96:96:87:b5:d3:5b:01:df:10:2d:f6:48:97:
                    b5:1f:01:fb:35:0e:7d:cc:4c:c5:d3:cf:37:8f:33:
                    9c:69:47:d9:8a:73:e4:3f:f8:39:76:ae:a6:b6:1c:
                    35:1d:6e:4d:28:87:6e:21:22:9c:a7:5d:c4:f5:68:
                    3f:e9:81:d7:b8:53:3c:7e:ca:de:b0:ef:29:6f:60:
                    f6:75:11:e9:27:84:66:4e:3c:c3:6f:fb:29:75:af:
                    84:b4:22:74:90:29:80:f2:cc:c8:31:68:2a:c0:a7:
                    d5:a0:57:5b:2e:86:86:b3:8d:ff:4c:cc:e6:67:3e:
                    ea:24:d0:7f:ff:5a:cc:81:2b:f2:5d:6a:20:17:51:
                    9e:3d:e0:33:8d:69:62:4e:31:4e:8c:0f:a7:59:75:
                    0a:76:17:e9:13:67:39:d5:00:e8:d9:5f:6c:ee:c3:
                    89:59:0f:7e:38:c1:36:9f:fb:3c:d1:a7:2a:b7:f7:
                    27:62:7e:12:cd:66:33:31:58:0a:8f:f1:53:50:00:
                    87:5a:93:57:7f:a4:f2:40:5b:d9:10:d2:90:07:2f:
                    7b:09:f0:f6:ec:b3:2c:d4:13:ac:95:7d:2e:9d:65:
                    6a:43:ce:34:d3:ee:b0:b6:4f:ea:18:36:e1:c4:3a:
                    2b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:19:87:3C:06:78:D2:12:7A:FA:88:D9:20:64:E3:5E:31:E1:6D:8D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS132009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:1e:fe:cf:f8:73:fd:89:95:df:89:61:60:71:8b:c3:7a:4d:
         6e:fb:a6:cd:41:b7:a8:1e:85:44:8d:12:d3:5a:6b:96:b2:0d:
         aa:c3:07:6c:d8:26:e5:87:69:24:90:b8:4f:fe:67:80:3a:b5:
         58:31:3b:92:cd:43:48:6c:9f:d5:6b:94:c6:20:59:84:6d:52:
         03:db:00:cf:f9:80:b2:f6:87:fb:d0:f8:86:e2:d8:e6:26:7c:
         83:a4:7f:2d:ab:56:44:0f:7a:28:0c:4a:5f:f7:1e:fc:d3:ed:
         47:d7:f2:5a:c5:b5:0e:64:5b:71:06:d8:0c:de:b8:f2:3d:57:
         91:9d:b9:8f:66:17:47:0a:ef:03:90:8a:ac:67:e7:01:14:1f:
         b8:a6:2e:c8:06:f4:89:3c:b0:10:88:ff:27:8a:88:1d:44:e3:
         36:07:c0:08:e9:de:b4:47:77:2f:54:e2:49:9d:21:0c:a1:73:
         0d:bd:be:66:4f:19:96:7a:c0:bd:bf:3e:2a:dd:87:69:a3:6e:
         c2:63:bc:fc:9e:75:f0:26:cc:56:2d:99:07:f6:64:ab:39:71:
         a4:b1:2e:b3:e8:ad:57:3b:58:1e:95:8c:cc:8a:2a:f9:17:e3:
         af:13:a1:52:6b:c6:7e:4b:63:e4:83:ff:9d:4f:79:2c:d0:a2:
         7b:03:bd:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHUBA5uQOuz2hJ1oxWiqotZhtuqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMjcwNjA5MTZaFw0yNzAxMjYwNjE0MTZaMDMxMTAvBgNV
BAMTKEY0MTk4NzNDMDY3OEQyMTI3QUZBODhEOTIwNjRFMzVFMzFFMTZEOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0p1LXj6pdxqs9WPLg0QUhlpaH
tdNbAd8QLfZIl7UfAfs1Dn3MTMXTzzePM5xpR9mKc+Q/+Dl2rqa2HDUdbk0oh24h
IpynXcT1aD/pgde4Uzx+yt6w7ylvYPZ1EeknhGZOPMNv+yl1r4S0InSQKYDyzMgx
aCrAp9WgV1suhoazjf9MzOZnPuok0H//WsyBK/JdaiAXUZ494DONaWJOMU6MD6dZ
dQp2F+kTZznVAOjZX2zuw4lZD344wTaf+zzRpyq39ydifhLNZjMxWAqP8VNQAIda
k1d/pPJAW9kQ0pAHL3sJ8PbssyzUE6yVfS6dZWpDzjTT7rC2T+oYNuHEOisBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9BmHPAZ40hJ6+ojZIGTjXjHhbY0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMyMDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm3UC
MA0GCSqGSIb3DQEBCwUAA4IBAQBAHv7P+HP9iZXfiWFgcYvDek1u+6bNQbeoHoVE
jRLTWmuWsg2qwwds2Cblh2kkkLhP/meAOrVYMTuSzUNIbJ/Va5TGIFmEbVID2wDP
+YCy9of70PiG4tjmJnyDpH8tq1ZED3ooDEpf9x780+1H1/JaxbUOZFtxBtgM3rjy
PVeRnbmPZhdHCu8DkIqsZ+cBFB+4pi7IBvSJPLAQiP8niogdROM2B8AI6d60R3cv
VOJJnSEMoXMNvb5mTxmWesC9vz4q3Ydpo27CY7z8nnXwJsxWLZkH9mSrOXGksS6z
6K1XO1gelYzMiir5F+OvE6FSa8Z+S2Pkg/+dT3ks0KJ7A71b
-----END CERTIFICATE-----