Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134477.roa
File:                     AS134477.roa (raw, json)
Hash identifier:          OvON+NgVEIhRK6QQ4UQTOUQX/6aT64+5kqi6llTHv2M=
Subject key identifier:   AE:6C:5C:CD:B0:D7:55:11:A0:91:63:A6:16:85:52:E8:F7:E2:56:FF
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       282E28262EB4801E777B90D60836958C8726A888
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134477.roa
Signing time:             Tue 09 Jun 2026 04:49:37 +0000
ROA not before:           Tue 09 Jun 2026 04:44:37 +0000
ROA not after:            Tue 08 Jun 2027 04:49:37 +0000
asID:                     134477
IP address blocks:        78.105.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:2e:28:26:2e:b4:80:1e:77:7b:90:d6:08:36:95:8c:87:26:a8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  9 04:44:37 2026 GMT
            Not After : Jun  8 04:49:37 2027 GMT
        Subject: CN=AE6C5CCDB0D75511A09163A6168552E8F7E256FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:f6:21:76:21:31:dc:61:85:07:3e:36:ce:
                    89:17:dd:03:62:c1:99:0f:d7:4e:ce:52:36:54:f9:
                    58:f5:78:21:e6:4f:b8:c6:1b:99:6a:c1:fb:80:f8:
                    70:38:26:9d:60:5c:c3:8d:c4:b6:26:44:82:d9:96:
                    e8:07:a7:9a:b2:73:28:79:75:17:bf:ab:ac:35:56:
                    9b:c5:e3:47:54:79:63:87:ce:52:14:d2:f2:58:f1:
                    bb:34:1d:fa:a1:5b:47:86:27:c8:d8:ed:a1:fe:22:
                    f4:3b:be:8d:34:de:d1:83:4c:ee:e1:ff:c0:6e:ab:
                    88:b2:10:b2:f3:0d:97:b7:f7:05:06:bd:d5:78:0d:
                    b6:2c:89:80:ac:21:be:86:ee:09:9b:0d:d0:98:a6:
                    24:92:71:96:af:da:c7:2a:37:67:a8:0e:c5:f0:55:
                    37:81:08:72:63:f6:38:db:ec:7f:97:8f:39:80:c7:
                    4d:dd:c9:fe:b6:ca:65:dd:25:56:d1:cd:83:1d:19:
                    a2:84:77:cb:8d:34:22:44:7a:ea:76:ab:1a:16:c1:
                    b6:b5:8b:12:83:f0:59:65:57:de:02:ce:6e:c7:06:
                    f3:d5:88:22:2d:8a:7e:1e:21:25:50:d7:41:2d:15:
                    83:e6:20:a6:ea:8d:b4:78:02:e7:cf:19:d3:f3:18:
                    ea:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6C:5C:CD:B0:D7:55:11:A0:91:63:A6:16:85:52:E8:F7:E2:56:FF
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:fe:fb:b9:43:9e:d0:91:3f:eb:8f:fb:c9:d3:07:00:55:5d:
         96:0c:52:ee:89:82:21:3e:37:31:c6:d0:1b:9c:8b:ae:f0:b2:
         17:c3:1b:a4:4c:53:50:51:a6:09:a1:fc:22:04:57:95:f0:29:
         2b:8a:71:74:4c:c6:67:3d:85:6a:80:1d:33:d2:2a:16:52:a4:
         15:9e:52:db:0e:47:2b:80:9f:3e:b4:84:c5:d6:27:79:58:e8:
         b1:1f:25:ec:d3:f1:90:47:37:6a:b8:8f:75:1e:a2:1d:f9:2a:
         34:41:db:f6:a1:eb:1e:93:27:ed:38:f1:d3:f6:ea:bf:87:9d:
         7c:be:41:2a:63:0e:19:40:bd:5b:82:c9:72:35:18:d3:1e:79:
         cf:2c:0b:94:bc:21:07:61:5a:25:16:65:1b:53:bf:bb:e1:d3:
         41:cf:39:e1:5c:c3:98:b2:b2:c0:95:48:ce:a0:1a:82:bf:c0:
         c4:21:01:f3:f0:b8:fe:c9:ed:c7:f7:58:e9:ed:ab:0a:30:4b:
         12:73:64:2d:7f:ca:fc:a1:b2:62:6c:82:73:81:41:fc:dd:45:
         bb:00:65:c4:79:3e:99:ca:92:5f:2f:30:e3:07:66:ad:03:42:
         b7:58:09:07:64:02:4f:ff:e4:46:5d:06:43:14:2f:0e:09:72:
         52:3f:af:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKC4oJi60gB53e5DWCDaVjIcmqIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDkwNDQ0MzdaFw0yNzA2MDgwNDQ5MzdaMDMxMTAvBgNV
BAMTKEFFNkM1Q0NEQjBENzU1MTFBMDkxNjNBNjE2ODU1MkU4RjdFMjU2RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw6vYhdiEx3GGFBz42zokX3QNi
wZkP107OUjZU+Vj1eCHmT7jGG5lqwfuA+HA4Jp1gXMONxLYmRILZlugHp5qycyh5
dRe/q6w1VpvF40dUeWOHzlIU0vJY8bs0HfqhW0eGJ8jY7aH+IvQ7vo003tGDTO7h
/8Buq4iyELLzDZe39wUGvdV4DbYsiYCsIb6G7gmbDdCYpiSScZav2scqN2eoDsXw
VTeBCHJj9jjb7H+XjzmAx03dyf62ymXdJVbRzYMdGaKEd8uNNCJEeup2qxoWwba1
ixKD8FllV94Czm7HBvPViCItin4eISVQ10EtFYPmIKbqjbR4AufPGdPzGOq7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrmxczbDXVRGgkWOmFoVS6PfiVv8wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTM0NDc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmmT
MA0GCSqGSIb3DQEBCwUAA4IBAQBn/vu5Q57QkT/rj/vJ0wcAVV2WDFLuiYIhPjcx
xtAbnIuu8LIXwxukTFNQUaYJofwiBFeV8CkrinF0TMZnPYVqgB0z0ioWUqQVnlLb
DkcrgJ8+tITF1id5WOixHyXs0/GQRzdquI91HqId+So0Qdv2oesekyftOPHT9uq/
h518vkEqYw4ZQL1bgslyNRjTHnnPLAuUvCEHYVolFmUbU7+74dNBzznhXMOYsrLA
lUjOoBqCv8DEIQHz8Lj+ye3H91jp7asKMEsSc2Qtf8r8obJibIJzgUH83UW7AGXE
eT6ZypJfLzDjB2atA0K3WAkHZAJP/+RGXQZDFC8OCXJSP69U
-----END CERTIFICATE-----