Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          q3RUKhzTzvaItjYHUXgqcdgTMyLbXghxI6+SSh8NAiU=
Subject key identifier:   BC:6F:7F:19:E2:66:4C:4B:7D:A9:F6:8C:84:86:E7:9F:D6:78:C2:9B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       375586440DBB00EE6423914FC35CEE029FE0093D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa
Signing time:             Thu 05 Feb 2026 18:55:37 +0000
ROA not before:           Thu 05 Feb 2026 18:50:37 +0000
ROA not after:            Thu 04 Feb 2027 18:55:37 +0000
asID:                     137409
IP address blocks:        185.155.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:19:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:55:86:44:0d:bb:00:ee:64:23:91:4f:c3:5c:ee:02:9f:e0:09:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb  5 18:50:37 2026 GMT
            Not After : Feb  4 18:55:37 2027 GMT
        Subject: CN=BC6F7F19E2664C4B7DA9F68C8486E79FD678C29B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5d:3b:4e:dd:7d:d9:65:47:03:88:3b:f2:84:
                    58:3d:28:99:58:b1:0d:3a:18:37:3d:70:96:10:59:
                    94:13:07:4e:22:f8:da:78:52:53:30:12:8c:63:79:
                    49:7f:6d:c4:30:55:95:8f:f6:aa:3b:27:14:86:e6:
                    4a:6e:2d:05:50:b9:c9:c9:8a:0a:f5:aa:98:33:bf:
                    4f:9a:7f:ee:65:59:c3:9f:74:b4:17:db:63:fc:6b:
                    b7:65:c3:f2:b1:5f:80:cb:b6:06:ae:d5:4f:0f:82:
                    cf:4a:c6:c4:88:05:12:a5:15:84:23:aa:e4:39:b6:
                    2c:f7:aa:df:f7:bd:ee:e7:23:61:ee:e0:d6:61:68:
                    4d:e8:0d:a9:9c:e3:b1:b3:ec:17:5d:65:f9:6d:88:
                    2e:99:67:0f:85:4c:79:c6:7b:7e:ae:79:4b:c0:2b:
                    eb:b5:0c:fa:76:f6:28:dd:39:50:2f:96:73:1d:50:
                    14:9d:dd:8e:42:1b:db:6a:8e:64:c2:42:bf:ca:7c:
                    3b:69:bf:c6:03:cb:e3:d6:0a:87:d3:b8:3d:7f:d7:
                    e6:c1:9e:a1:08:15:10:fa:4c:16:a4:c9:47:0c:6d:
                    0a:48:73:b3:98:f5:b3:76:ef:d4:e6:8c:3f:af:29:
                    cd:df:64:a0:e7:08:7d:4e:83:e8:32:74:f8:04:18:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:6F:7F:19:E2:66:4C:4B:7D:A9:F6:8C:84:86:E7:9F:D6:78:C2:9B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:8d:be:56:51:b0:f3:68:44:33:8b:ce:7d:73:37:9c:01:af:
         5e:8a:3e:30:de:ab:3a:b6:da:08:34:65:6b:86:82:ac:13:5b:
         ab:21:54:9b:f8:a6:e7:bd:d4:dd:8a:f8:5a:4f:4b:60:98:21:
         64:15:e9:3b:d6:8d:ca:62:17:88:1c:fa:56:ef:88:a0:bf:f9:
         7e:b8:b2:a6:a8:84:f8:30:ca:e6:e7:7e:07:7e:2d:d5:90:0f:
         87:0b:a5:4d:a5:6c:6a:cb:e1:66:20:d5:ac:d7:a1:e7:a3:61:
         6b:a4:91:28:b4:bf:19:df:e6:bc:4b:6c:6f:03:79:d7:8f:e7:
         72:b4:ee:dc:5d:f9:ee:5a:b6:1d:ec:82:ac:32:db:13:76:a0:
         95:3a:86:1b:fd:13:83:ab:26:c1:dc:37:b5:8f:88:b2:6a:91:
         67:b2:a7:89:bb:60:61:6b:a3:68:51:95:19:ac:51:f0:30:bb:
         32:09:87:7f:c1:3f:50:31:09:9b:17:39:15:5b:f8:bd:69:8b:
         f8:94:c4:06:92:6d:49:8e:f0:8c:44:bb:38:6a:91:75:3b:2a:
         48:be:a3:c6:11:c9:25:fd:43:1f:22:f7:84:33:f3:d1:d8:da:
         0f:6a:e8:2e:50:fd:c8:e9:19:cc:41:f8:81:aa:a7:2d:f2:c6:
         cb:6b:2a:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUN1WGRA27AO5kI5FPw1zuAp/gCT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMDUxODUwMzdaFw0yNzAyMDQxODU1MzdaMDMxMTAvBgNV
BAMTKEJDNkY3RjE5RTI2NjRDNEI3REE5RjY4Qzg0ODZFNzlGRDY3OEMyOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXXTtO3X3ZZUcDiDvyhFg9KJlY
sQ06GDc9cJYQWZQTB04i+Np4UlMwEoxjeUl/bcQwVZWP9qo7JxSG5kpuLQVQucnJ
igr1qpgzv0+af+5lWcOfdLQX22P8a7dlw/KxX4DLtgau1U8Pgs9KxsSIBRKlFYQj
quQ5tiz3qt/3ve7nI2Hu4NZhaE3oDamc47Gz7BddZfltiC6ZZw+FTHnGe36ueUvA
K+u1DPp29ijdOVAvlnMdUBSd3Y5CG9tqjmTCQr/KfDtpv8YDy+PWCofTuD1/1+bB
nqEIFRD6TBakyUcMbQpIc7OY9bN279TmjD+vKc3fZKDnCH1Og+gydPgEGPuRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvG9/GeJmTEt9qfaMhIbnn9Z4wpswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvc
MA0GCSqGSIb3DQEBCwUAA4IBAQCqjb5WUbDzaEQzi859czecAa9eij4w3qs6ttoI
NGVrhoKsE1urIVSb+KbnvdTdivhaT0tgmCFkFek71o3KYheIHPpW74igv/l+uLKm
qIT4MMrm534Hfi3VkA+HC6VNpWxqy+FmINWs16Hno2FrpJEotL8Z3+a8S2xvA3nX
j+dytO7cXfnuWrYd7IKsMtsTdqCVOoYb/RODqybB3De1j4iyapFnsqeJu2Bha6No
UZUZrFHwMLsyCYd/wT9QMQmbFzkVW/i9aYv4lMQGkm1JjvCMRLs4apF1OypIvqPG
Eckl/UMfIveEM/PR2NoPauguUP3I6RnMQfiBqqct8sbLaypI
-----END CERTIFICATE-----