Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          HGDb6ahHqUCrOiYPqgUCmGWsdOlD5MigcGSWhAcUH8s=
Subject key identifier:   FE:F9:61:D4:60:FE:A9:D2:CD:44:EF:3A:B2:D8:01:7B:8A:BD:68:6D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2C88024E62585A3638738DC0E223B2351E4C2615
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa
Signing time:             Sun 25 Jan 2026 11:55:35 +0000
ROA not before:           Sun 25 Jan 2026 11:50:35 +0000
ROA not after:            Sun 24 Jan 2027 11:55:35 +0000
asID:                     138195
IP address blocks:        193.142.6.0/24 maxlen: 24
                          193.176.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:88:02:4e:62:58:5a:36:38:73:8d:c0:e2:23:b2:35:1e:4c:26:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 25 11:50:35 2026 GMT
            Not After : Jan 24 11:55:35 2027 GMT
        Subject: CN=FEF961D460FEA9D2CD44EF3AB2D8017B8ABD686D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5b:ec:97:5d:a9:00:f5:71:7a:92:88:98:f1:
                    47:b8:5c:81:2c:f0:cc:27:41:64:30:9f:31:fc:b8:
                    da:7f:ae:c9:86:c7:f2:89:3b:e4:07:02:94:f4:55:
                    9d:a7:0e:36:76:1e:c6:f6:88:09:f4:e0:34:10:5a:
                    89:c2:d2:dc:41:c2:9e:2a:c9:83:40:66:76:aa:06:
                    55:e2:a8:74:12:83:b0:6c:0f:32:03:fd:d4:ee:a9:
                    11:99:cc:15:cb:da:25:c4:95:13:68:5a:59:e3:0a:
                    6f:27:26:c2:4d:5c:a7:bc:e1:09:78:23:be:3f:50:
                    4d:d6:4a:74:fe:e5:49:e1:16:40:71:29:0b:a2:ee:
                    4c:4c:f3:e4:32:39:7a:dd:e3:b1:af:a6:df:25:5c:
                    82:b5:5b:85:4f:de:03:61:39:e9:11:5e:a2:4a:d8:
                    09:42:54:1c:38:37:28:62:c1:be:dc:a0:0f:59:b4:
                    88:8c:34:82:18:49:ae:4a:6e:0d:76:75:32:34:4b:
                    68:22:24:09:45:88:36:3e:ec:19:5a:a1:6a:99:3c:
                    2b:2c:a7:8e:55:b2:42:39:69:6c:cf:d7:6b:c6:1d:
                    67:56:bc:98:34:bb:88:94:28:c4:97:de:6b:84:da:
                    02:88:47:71:0a:12:0b:8f:14:8f:df:0e:d0:f3:72:
                    31:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F9:61:D4:60:FE:A9:D2:CD:44:EF:3A:B2:D8:01:7B:8A:BD:68:6D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.6.0/24
                  193.176.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bc:93:38:98:dd:ef:ee:be:b3:86:8d:51:56:ca:05:38:b1:
         e7:4b:49:5d:47:03:e7:4a:46:71:6e:41:74:68:dc:e0:7d:0d:
         75:74:c0:43:cc:da:ac:cb:dc:d8:27:db:c2:96:fa:b6:e6:4d:
         4a:06:a0:4f:b3:7d:d0:99:ec:af:cd:6d:72:f8:b3:cb:18:85:
         2e:1d:e9:6d:24:bd:07:62:83:66:59:84:d8:93:34:88:49:80:
         91:5e:fc:69:20:9d:ba:88:f9:c2:19:a9:31:4e:41:80:07:fb:
         d6:31:91:dc:2d:e0:75:8c:5e:72:e5:0b:b7:d5:22:c5:b9:7b:
         7a:1d:17:5b:45:7b:2a:7c:8e:2d:32:b1:6b:6c:63:67:db:55:
         e8:92:e2:32:fd:4e:74:05:f4:cf:9a:58:81:6b:52:10:fd:f6:
         b0:8b:7b:2b:e3:6d:19:34:c5:dd:c2:76:74:0f:98:41:ab:5d:
         70:6d:ff:dd:50:dc:99:13:d3:8b:36:aa:f8:35:6f:a9:97:5b:
         f5:b5:a1:36:ce:fb:72:d6:8e:a2:a9:b0:d3:b4:32:57:28:71:
         ab:9e:52:58:cc:5f:82:41:e6:ae:8a:6f:16:bd:71:02:6f:d8:
         44:3f:8f:5a:38:d7:11:83:e2:b8:da:08:43:15:e4:cd:8d:47:
         d7:6e:1a:16
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIULIgCTmJYWjY4c43A4iOyNR5MJhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAxMjUxMTUwMzVaFw0yNzAxMjQxMTU1MzVaMDMxMTAvBgNV
BAMTKEZFRjk2MUQ0NjBGRUE5RDJDRDQ0RUYzQUIyRDgwMTdCOEFCRDY4NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIW+yXXakA9XF6koiY8Ue4XIEs
8MwnQWQwnzH8uNp/rsmGx/KJO+QHApT0VZ2nDjZ2Hsb2iAn04DQQWonC0txBwp4q
yYNAZnaqBlXiqHQSg7BsDzID/dTuqRGZzBXL2iXElRNoWlnjCm8nJsJNXKe84Ql4
I74/UE3WSnT+5UnhFkBxKQui7kxM8+QyOXrd47Gvpt8lXIK1W4VP3gNhOekRXqJK
2AlCVBw4Nyhiwb7coA9ZtIiMNIIYSa5Kbg12dTI0S2giJAlFiDY+7BlaoWqZPCss
p45VskI5aWzP12vGHWdWvJg0u4iUKMSX3muE2gKIR3EKEguPFI/fDtDzcjHxAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/vlh1GD+qdLNRO86stgBe4q9aG0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwY4G
AwQAwbA2MA0GCSqGSIb3DQEBCwUAA4IBAQBCvJM4mN3v7r6zho1RVsoFOLHnS0ld
RwPnSkZxbkF0aNzgfQ11dMBDzNqsy9zYJ9vClvq25k1KBqBPs33QmeyvzW1y+LPL
GIUuHeltJL0HYoNmWYTYkzSISYCRXvxpIJ26iPnCGakxTkGAB/vWMZHcLeB1jF5y
5Qu31SLFuXt6HRdbRXsqfI4tMrFrbGNn21XokuIy/U50BfTPmliBa1IQ/fawi3sr
420ZNMXdwnZ0D5hBq11wbf/dUNyZE9OLNqr4NW+pl1v1taE2zvty1o6iqbDTtDJX
KHGrnlJYzF+CQeauim8WvXECb9hEP49aONcRg+K42ghDFeTNjUfXbhoW
-----END CERTIFICATE-----