Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS134127.roa
File:                     AS134127.roa (raw, json)
Hash identifier:          8l6wpxfVYgqBsqcEB/ScQ0J9RDnVIhZKkTQepuvt/Lc=
Subject key identifier:   F6:31:9A:A5:FB:4D:AC:44:13:85:E5:94:39:C5:A9:58:A6:A8:D0:D0
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       51A6BC54DA5C7E8DDC96E39A1027966FCF567531
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS134127.roa
Signing time:             Wed 04 Feb 2026 04:25:36 +0000
ROA not before:           Wed 04 Feb 2026 04:20:36 +0000
ROA not after:            Wed 03 Feb 2027 04:25:36 +0000
asID:                     134127
IP address blocks:        2a14:7580:ff38::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:a6:bc:54:da:5c:7e:8d:dc:96:e3:9a:10:27:96:6f:cf:56:75:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 04:20:36 2026 GMT
            Not After : Feb  3 04:25:36 2027 GMT
        Subject: CN=F6319AA5FB4DAC441385E59439C5A958A6A8D0D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c0:22:7e:05:27:0f:db:13:5f:48:63:f2:b1:
                    9a:ec:b8:0e:c9:32:c9:2f:2c:07:94:a2:cd:2b:1f:
                    e5:a7:52:cf:a8:63:f3:b2:e7:4b:ef:3c:28:b1:b7:
                    bb:1b:b1:db:bb:a8:97:25:45:91:3e:5f:2a:f5:6e:
                    04:59:00:72:00:e5:12:ae:e3:71:69:97:ed:d1:e1:
                    1f:61:e2:f8:06:9b:a8:5c:f3:7e:b9:ae:1f:4d:4d:
                    c6:21:34:94:cb:29:89:4e:51:4a:bb:85:b0:9d:86:
                    ff:40:d6:0c:39:c3:bc:46:d5:b4:97:3a:89:b2:6d:
                    d8:73:da:17:a4:59:58:20:b5:49:df:6b:0c:82:a5:
                    90:2c:2e:d6:88:07:0d:c0:7c:b5:63:4d:d7:51:cb:
                    cc:1d:49:8f:1d:bc:eb:b0:67:bc:2d:ab:39:ce:d6:
                    11:e0:0c:b3:37:28:c5:1b:48:d9:19:12:bd:7e:bd:
                    ca:b2:d7:11:fd:34:6f:d7:36:3e:1b:84:ed:c3:77:
                    3a:63:74:88:3c:5f:72:5d:8c:99:bb:de:94:7e:10:
                    57:3d:b4:58:1e:b7:f1:a3:51:22:43:ad:c2:95:3e:
                    c6:ad:2c:f2:87:c0:a6:08:59:0f:e4:1d:99:10:74:
                    6e:7e:a0:96:22:5e:28:fc:04:c6:ec:f4:3f:36:a1:
                    c0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:31:9A:A5:FB:4D:AC:44:13:85:E5:94:39:C5:A9:58:A6:A8:D0:D0
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS134127.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff38::/47

    Signature Algorithm: sha256WithRSAEncryption
         84:7b:9d:d0:58:a8:61:1d:24:9e:6d:a1:d3:9d:10:be:91:be:
         54:14:73:0f:40:10:de:46:39:2f:e9:3d:a0:23:32:ca:21:25:
         07:c4:6b:61:7e:66:49:be:01:81:aa:f1:67:11:8f:c9:f5:81:
         90:80:13:82:06:56:ba:05:3e:5e:8c:d4:38:15:a8:3d:9c:50:
         d4:d5:a8:72:fc:bc:29:60:7a:67:c4:0b:21:ba:c5:39:0e:af:
         dd:8b:e5:8c:c6:a1:9d:8d:64:07:a4:27:3a:6c:12:b0:03:54:
         60:ed:f4:58:41:11:0a:43:d2:b8:4e:b5:c2:6b:6f:24:5c:de:
         49:02:5e:5f:27:f8:ee:5f:22:af:25:72:01:e9:91:99:de:a1:
         8f:4f:c2:13:6a:b0:d3:37:a8:5c:56:99:7f:2f:97:98:58:36:
         10:30:54:6a:0d:ad:10:ea:77:36:6c:97:e6:a6:5e:e5:1d:77:
         51:d0:8c:d0:df:03:55:01:d3:06:1e:2d:db:6f:21:48:b5:90:
         e8:5a:7a:e4:c9:5f:8d:5c:bb:82:3d:d6:34:08:52:4b:9b:b3:
         4b:df:e1:16:9e:48:66:8e:c7:6d:63:c9:85:05:3c:9b:39:dd:
         7c:dc:5c:26:d3:73:e9:66:c9:20:18:2a:d3:f2:13:2f:c9:d0:
         e9:ad:4d:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUaa8VNpcfo3cluOaECeWb89WdTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMDQwNDIwMzZaFw0yNzAyMDMwNDI1MzZaMDMxMTAvBgNV
BAMTKEY2MzE5QUE1RkI0REFDNDQxMzg1RTU5NDM5QzVBOTU4QTZBOEQwRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzwCJ+BScP2xNfSGPysZrsuA7J
MskvLAeUos0rH+WnUs+oY/Oy50vvPCixt7sbsdu7qJclRZE+Xyr1bgRZAHIA5RKu
43Fpl+3R4R9h4vgGm6hc8365rh9NTcYhNJTLKYlOUUq7hbCdhv9A1gw5w7xG1bSX
Oomybdhz2hekWVggtUnfawyCpZAsLtaIBw3AfLVjTddRy8wdSY8dvOuwZ7wtqznO
1hHgDLM3KMUbSNkZEr1+vcqy1xH9NG/XNj4bhO3DdzpjdIg8X3JdjJm73pR+EFc9
tFget/GjUSJDrcKVPsatLPKHwKYIWQ/kHZkQdG5+oJYiXij8BMbs9D82ocDpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9jGapftNrEQTheWUOcWpWKao0NAwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTM0MTI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhR1
gP84MA0GCSqGSIb3DQEBCwUAA4IBAQCEe53QWKhhHSSebaHTnRC+kb5UFHMPQBDe
Rjkv6T2gIzLKISUHxGthfmZJvgGBqvFnEY/J9YGQgBOCBla6BT5ejNQ4Fag9nFDU
1ahy/LwpYHpnxAshusU5Dq/di+WMxqGdjWQHpCc6bBKwA1Rg7fRYQREKQ9K4TrXC
a28kXN5JAl5fJ/juXyKvJXIB6ZGZ3qGPT8ITarDTN6hcVpl/L5eYWDYQMFRqDa0Q
6nc2bJfmpl7lHXdR0IzQ3wNVAdMGHi3bbyFItZDoWnrkyV+NXLuCPdY0CFJLm7NL
3+EWnkhmjsdtY8mFBTybOd183Fwm03PpZskgGCrT8hMvydDprU3/
-----END CERTIFICATE-----