Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          9Do9q6u/D7O3nnS3kHdzlm32TE/Ki/uIXVFe5v5mbZ8=
Subject key identifier:   6E:C8:6D:81:9B:80:E1:E9:95:BE:2E:0E:AD:A8:91:C7:E9:83:F3:CC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6DC66F4542BA2CA8F9359D609CBA5896AEAFE6F6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa
Signing time:             Fri 06 Feb 2026 16:25:08 +0000
ROA not before:           Fri 06 Feb 2026 16:20:08 +0000
ROA not after:            Fri 05 Feb 2027 16:25:08 +0000
asID:                     138195
IP address blocks:        143.14.143.0/24 maxlen: 24
                          162.141.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c6:6f:45:42:ba:2c:a8:f9:35:9d:60:9c:ba:58:96:ae:af:e6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  6 16:20:08 2026 GMT
            Not After : Feb  5 16:25:08 2027 GMT
        Subject: CN=6EC86D819B80E1E995BE2E0EADA891C7E983F3CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b4:b6:e3:ca:6a:a8:b6:d0:18:96:f5:3c:a5:
                    57:ea:ce:a2:bc:68:c9:75:4b:6e:c1:df:65:f7:17:
                    fa:16:b7:02:d9:5c:ef:48:1b:55:70:79:ac:84:ac:
                    64:02:f2:99:60:6e:45:a8:6f:97:38:79:38:07:1d:
                    dc:14:c3:7d:cb:de:fa:42:60:66:78:22:27:a7:2e:
                    7d:70:fb:de:2e:f9:d4:5d:b2:9e:f8:a7:d3:dd:37:
                    63:f1:cc:fa:39:3d:45:41:d2:1c:fb:90:00:2b:50:
                    fc:ea:46:ef:f9:59:89:48:ac:46:10:d4:63:4f:c1:
                    09:78:c4:d3:61:70:eb:21:53:a3:05:e9:5f:1c:c6:
                    cf:52:aa:f4:ce:a8:c7:12:31:e3:b5:1c:48:68:55:
                    cc:7b:2d:2f:85:4a:56:90:b2:79:0e:d6:17:13:fe:
                    34:15:80:2a:28:b9:c1:8d:a1:87:0a:af:0b:bd:be:
                    ee:a9:1a:a7:1c:e4:86:d8:48:64:99:db:92:27:02:
                    21:05:76:53:4f:ff:4d:b2:34:ee:67:d8:96:c4:df:
                    2f:82:15:20:8d:cf:92:9a:c4:48:ef:31:1d:56:fb:
                    37:35:38:f9:41:2f:ef:e2:8f:8f:e0:f8:6a:de:92:
                    75:2a:fa:4a:6f:f4:38:b8:6d:5d:38:f4:83:01:3b:
                    43:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C8:6D:81:9B:80:E1:E9:95:BE:2E:0E:AD:A8:91:C7:E9:83:F3:CC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.143.0/24
                  162.141.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:20:39:a0:e2:aa:2c:36:1e:57:78:ea:ee:00:1d:a6:a2:d5:
         bb:02:b2:63:bd:f9:cf:eb:a4:fd:15:d4:89:93:68:af:b8:86:
         3c:fa:42:2f:01:f7:6e:a7:eb:d5:35:a6:93:b7:cc:33:91:33:
         74:42:07:f2:df:5f:2b:67:65:f3:af:9f:99:3d:7e:0f:02:18:
         ed:d2:39:95:f5:6b:70:b3:76:d6:5d:93:16:d8:d6:33:e7:b5:
         08:05:d2:99:21:ce:3a:6b:b5:ae:f6:b5:05:30:65:aa:c7:11:
         bf:ef:51:49:f6:8d:0b:f0:21:74:cd:f9:42:49:8b:38:e9:ee:
         be:91:47:ab:c6:2f:1a:14:ea:23:a8:d5:37:bd:73:5c:e7:2c:
         03:9a:ff:b9:7b:3b:94:16:e2:35:7d:e8:99:ab:a0:cb:04:1f:
         cc:9e:f0:19:ed:57:e9:62:82:d0:eb:d0:35:71:4d:78:5f:16:
         ea:e5:91:93:ff:2f:0a:c0:73:4e:03:54:99:61:08:06:63:4d:
         2c:e5:ac:9b:90:c7:87:52:45:31:52:3d:ef:39:7b:f0:c8:44:
         83:55:42:d5:c6:f1:ef:8d:ad:4b:33:2e:db:92:1d:a8:27:7e:
         61:6f:ac:1c:cd:4f:b3:7a:cf:f8:02:66:ac:42:d1:66:c1:9e:
         26:b5:29:80
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbcZvRUK6LKj5NZ1gnLpYlq6v5vYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDYxNjIwMDhaFw0yNzAyMDUxNjI1MDhaMDMxMTAvBgNV
BAMTKDZFQzg2RDgxOUI4MEUxRTk5NUJFMkUwRUFEQTg5MUM3RTk4M0YzQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWtLbjymqottAYlvU8pVfqzqK8
aMl1S27B32X3F/oWtwLZXO9IG1VweayErGQC8plgbkWob5c4eTgHHdwUw33L3vpC
YGZ4IienLn1w+94u+dRdsp74p9PdN2PxzPo5PUVB0hz7kAArUPzqRu/5WYlIrEYQ
1GNPwQl4xNNhcOshU6MF6V8cxs9SqvTOqMcSMeO1HEhoVcx7LS+FSlaQsnkO1hcT
/jQVgCooucGNoYcKrwu9vu6pGqcc5IbYSGSZ25InAiEFdlNP/02yNO5n2JbE3y+C
FSCNz5KaxEjvMR1W+zc1OPlBL+/ij4/g+GreknUq+kpv9Di4bV049IMBO0NJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUbshtgZuA4emVvi4OraiRx+mD88wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw6P
AwQCoo1UMA0GCSqGSIb3DQEBCwUAA4IBAQAiIDmg4qosNh5XeOruAB2motW7ArJj
vfnP66T9FdSJk2ivuIY8+kIvAfdup+vVNaaTt8wzkTN0Qgfy318rZ2Xzr5+ZPX4P
Ahjt0jmV9Wtws3bWXZMW2NYz57UIBdKZIc46a7Wu9rUFMGWqxxG/71FJ9o0L8CF0
zflCSYs46e6+kUerxi8aFOojqNU3vXNc5ywDmv+5ezuUFuI1feiZq6DLBB/MnvAZ
7VfpYoLQ69A1cU14Xxbq5ZGT/y8KwHNOA1SZYQgGY00s5aybkMeHUkUxUj3vOXvw
yESDVULVxvHvja1LMy7bkh2oJ35hb6wczU+zes/4AmasQtFmwZ4mtSmA
-----END CERTIFICATE-----