Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          wsg+Xu24Ix+Z123YDGkNyd3gzimb+8pya4YW+nzskk0=
Subject key identifier:   1E:1F:1E:A3:79:4C:51:33:E4:10:FD:2A:73:A2:F2:C2:8E:9E:32:99
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       703D1AC324F37CFE87B71E72D8E724A039575A12
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa
Signing time:             Sat 28 Feb 2026 06:40:48 +0000
ROA not before:           Sat 28 Feb 2026 06:35:48 +0000
ROA not after:            Sat 27 Feb 2027 06:40:48 +0000
asID:                     137235
IP address blocks:        143.14.162.0/24 maxlen: 24
                          162.141.114.0/24 maxlen: 24
                          167.148.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3d:1a:c3:24:f3:7c:fe:87:b7:1e:72:d8:e7:24:a0:39:57:5a:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 28 06:35:48 2026 GMT
            Not After : Feb 27 06:40:48 2027 GMT
        Subject: CN=1E1F1EA3794C5133E410FD2A73A2F2C28E9E3299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:84:2e:a3:8d:1d:8a:0a:91:8a:a6:f1:91:b1:
                    03:08:80:5a:a9:4d:0d:06:b1:e3:c5:da:4d:c6:c4:
                    65:d0:6c:c5:41:a2:5b:c8:7f:be:df:87:74:fe:60:
                    0d:bc:7e:af:f8:e0:29:b8:41:7f:6c:8d:bd:d3:b4:
                    03:5c:8b:6e:45:6a:23:05:1b:3a:d3:bc:7f:db:0f:
                    3c:2f:c3:ae:3e:75:18:09:00:42:7c:14:85:e5:cd:
                    58:ff:b2:7a:53:77:21:5e:dd:4b:a3:c1:9f:ed:9e:
                    e1:2f:e5:f8:75:b1:51:cd:35:b4:a7:6f:8d:64:ff:
                    03:04:73:8f:e4:6b:07:69:bb:62:29:29:3e:7c:7b:
                    37:3f:15:3d:8b:be:6d:b0:d2:be:c6:0c:e9:f5:ff:
                    1e:5e:5c:2f:3f:72:a1:3a:c7:42:d7:c0:e1:d9:8a:
                    2c:d8:83:d4:e2:e6:87:59:91:83:1c:81:c3:27:fb:
                    0a:08:c6:97:12:46:69:2c:b0:48:49:e6:1f:b5:aa:
                    1a:e0:1d:72:a5:f4:a8:12:7e:cd:1a:8c:e5:ec:8d:
                    cb:14:75:e6:9d:43:cb:a4:f2:e5:a7:87:db:ea:2c:
                    3d:77:ec:5e:b6:fe:0f:51:e1:55:9c:2d:16:45:4e:
                    05:18:c4:a3:36:6e:e7:ed:ab:e1:f2:d5:eb:bf:36:
                    01:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:1F:1E:A3:79:4C:51:33:E4:10:FD:2A:73:A2:F2:C2:8E:9E:32:99
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.162.0/24
                  162.141.114.0/24
                  167.148.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f1:c5:91:e1:9f:12:fb:e5:d1:51:6e:38:39:e3:af:e3:74:
         e5:13:ea:70:ad:66:1c:b7:a7:5a:82:70:75:4f:e4:96:a3:66:
         2b:05:eb:48:e7:84:3c:10:24:1f:e9:8b:14:95:66:09:6b:24:
         52:e4:e0:94:20:8f:44:fd:03:5e:21:6f:6e:0b:a4:cf:8a:f5:
         e5:87:81:43:47:ad:85:38:90:7c:fe:41:5f:c2:ef:2d:a2:86:
         84:50:15:22:85:f0:09:02:e2:ff:e3:45:ff:2c:ae:27:5e:d0:
         9e:0f:f5:84:1c:67:28:06:bf:22:5d:0d:e1:b6:7e:9b:2f:51:
         a4:4b:3e:97:03:9b:41:4c:ff:85:15:ca:a2:3b:3d:97:85:11:
         42:33:2d:67:6c:b7:0e:d2:0a:1c:d8:d6:72:2f:a5:2a:d0:82:
         ed:51:a7:71:53:96:af:38:ed:63:67:04:fc:21:ac:3a:a5:9c:
         80:41:ce:9d:99:1d:3e:a9:ea:da:91:7d:0b:2c:c9:5e:48:f1:
         a9:4f:e8:60:e3:89:7b:62:36:01:69:85:22:45:39:69:10:8c:
         72:c8:50:c2:59:59:85:92:4f:be:20:3d:62:b6:97:ac:59:88:
         99:60:27:7d:0d:af:7c:c7:04:c3:9e:30:a2:c7:bd:7f:0b:a9:
         cb:1d:b3:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcD0awyTzfP6Htx5y2OckoDlXWhIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjgwNjM1NDhaFw0yNzAyMjcwNjQwNDhaMDMxMTAvBgNV
BAMTKDFFMUYxRUEzNzk0QzUxMzNFNDEwRkQyQTczQTJGMkMyOEU5RTMyOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrhC6jjR2KCpGKpvGRsQMIgFqp
TQ0GsePF2k3GxGXQbMVBolvIf77fh3T+YA28fq/44Cm4QX9sjb3TtANci25FaiMF
GzrTvH/bDzwvw64+dRgJAEJ8FIXlzVj/snpTdyFe3UujwZ/tnuEv5fh1sVHNNbSn
b41k/wMEc4/kawdpu2IpKT58ezc/FT2Lvm2w0r7GDOn1/x5eXC8/cqE6x0LXwOHZ
iizYg9Ti5odZkYMcgcMn+woIxpcSRmkssEhJ5h+1qhrgHXKl9KgSfs0ajOXsjcsU
deadQ8uk8uWnh9vqLD137F62/g9R4VWcLRZFTgUYxKM2buftq+Hy1eu/NgHpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUHh8eo3lMUTPkEP0qc6Lywo6eMpkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw6i
AwQAoo1yAwQAp5QDMA0GCSqGSIb3DQEBCwUAA4IBAQBp8cWR4Z8S++XRUW44OeOv
43TlE+pwrWYct6dagnB1T+SWo2YrBetI54Q8ECQf6YsUlWYJayRS5OCUII9E/QNe
IW9uC6TPivXlh4FDR62FOJB8/kFfwu8tooaEUBUihfAJAuL/40X/LK4nXtCeD/WE
HGcoBr8iXQ3htn6bL1GkSz6XA5tBTP+FFcqiOz2XhRFCMy1nbLcO0goc2NZyL6Uq
0ILtUadxU5avOO1jZwT8Iaw6pZyAQc6dmR0+qerakX0LLMleSPGpT+hg44l7YjYB
aYUiRTlpEIxyyFDCWVmFkk++ID1itpesWYiZYCd9Da98xwTDnjCix71/C6nLHbM6
-----END CERTIFICATE-----