Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS136379.roa
File:                     AS136379.roa (raw, json)
Hash identifier:          MA4aVIMss05VR7D2LZUenNSPkbbQYZuWV6EsM81XK4I=
Subject key identifier:   19:98:B1:B5:82:F1:F5:E2:4D:D2:A3:0C:75:3D:5A:A6:72:47:A0:26
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       152C0A6DF609BECFCE5E35FB8704AA0CD6177A7C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS136379.roa
Signing time:             Sun 03 Aug 2025 13:18:02 +0000
ROA not before:           Sun 03 Aug 2025 13:13:02 +0000
ROA not after:            Sun 02 Aug 2026 13:18:02 +0000
asID:                     136379
IP address blocks:        143.14.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2c:0a:6d:f6:09:be:cf:ce:5e:35:fb:87:04:aa:0c:d6:17:7a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  3 13:13:02 2025 GMT
            Not After : Aug  2 13:18:02 2026 GMT
        Subject: CN=1998B1B582F1F5E24DD2A30C753D5AA67247A026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0d:f2:11:71:bb:93:8a:67:8b:33:ed:61:2e:
                    d6:c5:7f:4f:9c:c1:89:33:99:42:12:0e:ff:40:26:
                    65:3e:eb:72:8b:01:2f:fa:7f:08:0c:ba:d4:4a:b4:
                    70:d8:0b:43:4c:d8:7c:75:a5:d1:8a:19:3c:d9:4a:
                    8c:47:df:28:79:9f:c2:2d:0f:fa:3c:d4:b7:bf:59:
                    d1:0e:df:a1:30:5b:54:39:5c:99:77:1c:c9:79:32:
                    9f:68:46:08:85:f4:06:bf:ff:88:41:05:25:90:b5:
                    01:70:ef:f6:3a:50:12:ce:3c:c8:d5:27:ba:18:40:
                    bc:da:cd:1b:30:61:29:49:77:61:87:15:6d:e9:a6:
                    4d:81:85:0b:3e:80:42:90:cf:13:c5:9f:73:c6:91:
                    15:7a:c3:dc:ba:44:58:bf:25:79:ce:cd:25:d5:71:
                    2e:fc:f2:5a:a2:13:87:09:32:5e:4b:05:3e:b7:1e:
                    c1:50:12:70:86:d9:46:9e:69:be:ab:70:5f:d1:d6:
                    f7:2b:78:5c:5d:a0:9d:d1:dd:e6:3f:bd:82:0f:99:
                    b8:51:4d:99:50:fc:bd:38:cd:6c:6d:57:8a:e4:d5:
                    f0:84:d1:b6:68:00:6d:96:7d:91:60:fc:b2:45:fc:
                    f8:7d:d3:69:37:08:09:48:ea:86:c0:e1:68:5e:c9:
                    24:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:98:B1:B5:82:F1:F5:E2:4D:D2:A3:0C:75:3D:5A:A6:72:47:A0:26
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS136379.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:58:2a:45:cf:52:8d:fb:c2:94:94:4c:be:dd:83:74:b4:d8:
         94:27:f1:6c:39:bf:b0:39:d0:ef:67:ab:81:7b:4c:8b:0a:c6:
         3c:ff:58:02:46:08:6a:47:e6:c6:ac:d4:6f:79:89:75:c9:04:
         03:03:e4:f0:3e:e4:df:d1:23:73:ad:8b:36:8e:b8:e3:9b:57:
         51:eb:fb:48:9e:a5:66:6c:55:a4:58:30:11:f3:50:ca:50:77:
         36:09:c0:39:b6:ea:53:99:e2:41:87:fe:81:bd:75:4d:81:d5:
         7b:ce:cc:72:b4:11:4a:3a:a2:34:65:10:16:94:bd:0f:98:70:
         46:41:a9:12:bb:fa:19:4a:95:cf:16:3c:dd:05:89:1c:ad:c5:
         75:03:ba:64:cc:20:18:4c:6f:21:80:6d:c0:94:bf:b0:b9:37:
         0d:c9:db:d0:2e:6c:34:41:3d:f8:9f:e5:91:c5:86:75:c8:22:
         93:8e:04:c4:14:f0:99:e1:cc:4e:be:8b:74:f3:be:5e:b6:de:
         33:ee:bb:19:d3:0d:63:7b:ed:35:d2:e0:42:47:66:1d:b0:e8:
         bb:71:54:18:40:78:92:b0:1f:09:a0:cc:22:9a:a2:f6:0d:c2:
         1b:96:8b:c2:35:35:de:f7:e7:da:f4:d4:5a:9f:db:12:40:7d:
         f7:28:d3:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFSwKbfYJvs/OXjX7hwSqDNYXenwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDMxMzEzMDJaFw0yNjA4MDIxMzE4MDJaMDMxMTAvBgNV
BAMTKDE5OThCMUI1ODJGMUY1RTI0REQyQTMwQzc1M0Q1QUE2NzI0N0EwMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClDfIRcbuTimeLM+1hLtbFf0+c
wYkzmUISDv9AJmU+63KLAS/6fwgMutRKtHDYC0NM2Hx1pdGKGTzZSoxH3yh5n8It
D/o81Le/WdEO36EwW1Q5XJl3HMl5Mp9oRgiF9Aa//4hBBSWQtQFw7/Y6UBLOPMjV
J7oYQLzazRswYSlJd2GHFW3ppk2BhQs+gEKQzxPFn3PGkRV6w9y6RFi/JXnOzSXV
cS788lqiE4cJMl5LBT63HsFQEnCG2Uaeab6rcF/R1vcreFxdoJ3R3eY/vYIPmbhR
TZlQ/L04zWxtV4rk1fCE0bZoAG2WfZFg/LJF/Ph902k3CAlI6obA4WheySRHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGZixtYLx9eJN0qMMdT1apnJHoCYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM2Mzc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4D
MA0GCSqGSIb3DQEBCwUAA4IBAQC7WCpFz1KN+8KUlEy+3YN0tNiUJ/FsOb+wOdDv
Z6uBe0yLCsY8/1gCRghqR+bGrNRveYl1yQQDA+TwPuTf0SNzrYs2jrjjm1dR6/tI
nqVmbFWkWDAR81DKUHc2CcA5tupTmeJBh/6BvXVNgdV7zsxytBFKOqI0ZRAWlL0P
mHBGQakSu/oZSpXPFjzdBYkcrcV1A7pkzCAYTG8hgG3AlL+wuTcNydvQLmw0QT34
n+WRxYZ1yCKTjgTEFPCZ4cxOvot0875ett4z7rsZ0w1je+010uBCR2YdsOi7cVQY
QHiSsB8JoMwimqL2DcIblovCNTXe9+fa9NRan9sSQH33KNMJ
-----END CERTIFICATE-----