Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          /fLipf09HdJpHrPaJaYwQCQ6VrKy46mLhdrPdfc+M6Y=
Subject key identifier:   BE:F3:F6:31:F8:B1:96:34:0A:B8:06:E1:56:E9:87:B8:09:37:81:4A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3E14B7ABB008ABFDF6E4521E422A4F8A9052E328
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
Signing time:             Tue 10 Jun 2025 06:52:06 +0000
ROA not before:           Tue 10 Jun 2025 06:47:06 +0000
ROA not after:            Tue 09 Jun 2026 06:52:06 +0000
asID:                     138195
IP address blocks:        143.14.143.0/24 maxlen: 24
                          146.103.27.0/24 maxlen: 24
                          155.117.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 14:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:14:b7:ab:b0:08:ab:fd:f6:e4:52:1e:42:2a:4f:8a:90:52:e3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 10 06:47:06 2025 GMT
            Not After : Jun  9 06:52:06 2026 GMT
        Subject: CN=BEF3F631F8B196340AB806E156E987B80937814A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4a:83:1e:aa:84:63:3d:a5:b7:d2:10:02:d3:
                    36:9f:f7:72:92:86:f4:1a:4e:62:87:f5:b5:d8:41:
                    38:e6:dc:77:e3:89:83:54:50:1f:80:be:44:91:d9:
                    0a:3e:09:e8:65:4a:9e:e4:29:6d:1c:27:45:52:5a:
                    7a:4f:3f:ca:92:05:ef:18:3d:b6:c2:44:86:d1:b5:
                    ee:9f:c9:3f:c8:f0:36:1e:b5:d4:bd:1d:b0:3c:60:
                    e1:4b:ca:54:42:b6:7a:9e:6d:1e:c8:ff:ba:48:cf:
                    57:cf:7a:f3:3a:bc:a3:1d:cd:67:d0:60:23:34:a4:
                    55:56:67:f0:94:7b:96:33:9f:26:00:31:80:57:4e:
                    ad:82:60:e8:69:21:ff:3a:97:b6:1d:e1:5a:7f:2e:
                    c7:fc:6b:b3:40:9e:4f:58:c9:59:88:a3:45:95:80:
                    2f:92:12:ec:8c:7a:01:32:ae:6c:8f:f6:e6:af:fb:
                    cc:f2:cf:df:49:43:19:ba:07:3c:ed:0e:0a:a6:fb:
                    28:21:a8:27:06:b7:ca:c4:f1:cc:d4:af:38:5b:26:
                    e3:00:e3:f1:82:0d:f3:57:93:84:84:43:e5:72:1a:
                    c3:25:7a:4a:59:bb:56:9b:c4:79:9e:84:08:af:2c:
                    b3:77:da:99:82:6d:2d:85:7c:7f:a6:25:98:ae:c6:
                    1a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F3:F6:31:F8:B1:96:34:0A:B8:06:E1:56:E9:87:B8:09:37:81:4A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.143.0/24
                  146.103.27.0/24
                  155.117.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:8a:2a:dc:76:99:e6:b3:ef:8c:99:aa:1d:28:42:c5:b6:06:
         89:7b:88:63:d8:df:c7:a9:27:5e:99:05:e4:a7:0e:5f:37:82:
         93:b2:5e:2c:f6:5b:96:e4:fd:f9:65:4d:5a:86:14:26:4c:90:
         7c:15:9e:0f:6b:55:c0:21:21:16:60:43:9b:3b:a4:fc:96:31:
         92:b4:02:e4:bf:da:f6:52:7d:67:3a:2c:bd:e4:ad:5f:f7:c3:
         28:2f:32:da:c0:16:68:59:98:eb:1b:c6:dd:c5:fb:d3:af:cd:
         46:6b:d5:00:a4:cb:a6:4e:79:be:89:91:b0:21:1c:99:48:47:
         5f:89:10:ff:7c:5f:26:37:2d:e0:14:f5:34:9e:a3:a0:a3:c8:
         63:d7:1b:27:0b:64:6b:72:15:77:2b:9a:b4:be:d7:7e:be:d4:
         49:7d:3a:8a:7d:2a:13:8e:dd:25:b6:b7:e9:67:d7:de:3d:d8:
         10:02:8e:e2:5a:80:43:1b:02:ee:ae:cd:3c:ab:9a:64:83:94:
         6e:5e:b4:7a:9c:45:5d:e9:48:b2:94:23:bd:9b:1a:a0:e6:04:
         b5:e2:aa:e3:17:f4:d1:91:a3:7f:99:87:57:43:6e:bb:29:bd:
         c1:79:aa:36:4c:2b:84:7b:25:f0:32:cb:61:82:5e:4e:c0:93:
         93:e9:aa:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUPhS3q7AIq/325FIeQipPipBS4ygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTAwNjQ3MDZaFw0yNjA2MDkwNjUyMDZaMDMxMTAvBgNV
BAMTKEJFRjNGNjMxRjhCMTk2MzQwQUI4MDZFMTU2RTk4N0I4MDkzNzgxNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBSoMeqoRjPaW30hAC0zaf93KS
hvQaTmKH9bXYQTjm3HfjiYNUUB+AvkSR2Qo+CehlSp7kKW0cJ0VSWnpPP8qSBe8Y
PbbCRIbRte6fyT/I8DYetdS9HbA8YOFLylRCtnqebR7I/7pIz1fPevM6vKMdzWfQ
YCM0pFVWZ/CUe5YznyYAMYBXTq2CYOhpIf86l7Yd4Vp/Lsf8a7NAnk9YyVmIo0WV
gC+SEuyMegEyrmyP9uav+8zyz99JQxm6BzztDgqm+yghqCcGt8rE8czUrzhbJuMA
4/GCDfNXk4SEQ+VyGsMlekpZu1abxHmehAivLLN32pmCbS2FfH+mJZiuxhrVAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUvvP2MfixljQKuAbhVumHuAk3gUowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw6P
AwQAkmcbAwQAm3VaMA0GCSqGSIb3DQEBCwUAA4IBAQCniircdpnms++MmaodKELF
tgaJe4hj2N/HqSdemQXkpw5fN4KTsl4s9luW5P35ZU1ahhQmTJB8FZ4Pa1XAISEW
YEObO6T8ljGStALkv9r2Un1nOiy95K1f98MoLzLawBZoWZjrG8bdxfvTr81Ga9UA
pMumTnm+iZGwIRyZSEdfiRD/fF8mNy3gFPU0nqOgo8hj1xsnC2RrchV3K5q0vtd+
vtRJfTqKfSoTjt0ltrfpZ9fePdgQAo7iWoBDGwLurs08q5pkg5RuXrR6nEVd6Uiy
lCO9mxqg5gS14qrjF/TRkaN/mYdXQ267Kb3Beao2TCuEeyXwMsthgl5OwJOT6ar5
-----END CERTIFICATE-----