Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134488.roa
File:                     AS134488.roa (raw, json)
Hash identifier:          tlQqhuHJGK2qNUiua2WcgFmJuz8JJjPaf8EH70cLJmc=
Subject key identifier:   62:9C:58:A7:79:6E:4A:6E:A4:53:15:D1:2E:AE:C5:A4:B5:53:1A:65
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3F39FB06F4A4D7990A0FECC2B332C2310AF69BD1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134488.roa
Signing time:             Thu 11 Jun 2026 06:21:15 +0000
ROA not before:           Thu 11 Jun 2026 06:16:15 +0000
ROA not after:            Thu 10 Jun 2027 06:21:15 +0000
asID:                     134488
IP address blocks:        188.221.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:39:fb:06:f4:a4:d7:99:0a:0f:ec:c2:b3:32:c2:31:0a:f6:9b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 11 06:16:15 2026 GMT
            Not After : Jun 10 06:21:15 2027 GMT
        Subject: CN=629C58A7796E4A6EA45315D12EAEC5A4B5531A65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6f:d3:be:f8:a0:07:3a:55:56:6b:66:51:24:
                    ab:8e:30:27:31:96:88:39:01:5a:3e:f6:3a:2d:29:
                    2e:bd:bd:24:0a:5d:a9:9a:d1:73:d5:1b:59:35:f2:
                    54:a4:34:e2:4a:84:38:e7:10:4c:02:44:cf:52:54:
                    91:19:4a:28:52:a2:a3:7e:6f:3c:a8:cf:2c:84:3d:
                    18:28:1d:fd:4e:77:5a:4a:70:8b:b1:d3:fe:c2:dc:
                    e5:13:7d:7a:9e:1e:b6:38:f5:56:d3:8b:e8:26:28:
                    1c:d8:1a:4e:d8:f1:bb:33:2c:70:5a:7b:5f:65:35:
                    70:cb:80:d1:4b:4a:66:f7:02:58:d4:d0:c5:27:5b:
                    b9:cf:76:f6:79:19:e6:7e:1b:7a:23:eb:19:26:a8:
                    44:2b:69:c8:0e:12:84:a3:ee:1c:02:fa:c9:cf:92:
                    27:93:c6:dd:0b:5a:75:47:17:b0:f5:32:0b:8f:b9:
                    93:bf:68:13:a9:41:be:ce:12:24:be:84:09:14:04:
                    03:ed:09:fc:d8:b0:03:d1:62:8c:8c:f0:0b:e3:32:
                    3a:12:3a:c9:68:3d:b6:c9:94:a1:fa:f1:9f:f8:73:
                    10:d9:f1:80:3f:c0:84:26:cb:c1:b5:52:47:8c:29:
                    5c:4e:7a:ac:f0:de:e2:8b:3e:a9:17:8b:b1:96:83:
                    15:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:9C:58:A7:79:6E:4A:6E:A4:53:15:D1:2E:AE:C5:A4:B5:53:1A:65
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS134488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.221.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b3:61:5e:49:7d:a8:47:cc:10:5c:e4:06:0b:d7:9f:62:7e:
         18:12:7f:8e:8f:71:1d:30:09:7a:5e:7a:47:a6:2f:82:4a:2a:
         b6:a1:ae:13:a0:8f:fd:b6:ac:26:7d:2d:f0:d3:44:9e:87:39:
         33:83:0a:16:10:7f:89:4b:85:07:86:7f:72:a8:a2:29:bc:51:
         92:4e:08:8d:4f:9b:ef:36:52:ef:c7:2f:61:03:40:5c:a4:17:
         a6:7d:07:b7:21:b4:ae:66:e3:40:b3:da:a3:39:92:be:63:02:
         5d:13:ea:82:a7:7b:dc:40:dc:88:6d:da:33:13:bd:4a:b4:0f:
         e0:0b:24:d9:91:5e:b7:76:45:be:94:7d:09:f3:6c:50:44:a5:
         9a:45:5f:95:36:86:50:4c:da:aa:4a:f3:d6:10:65:8f:cc:51:
         62:dc:c6:7e:74:e1:bf:ec:94:c9:f1:ec:3f:86:ea:50:49:49:
         8c:c9:5c:e7:e6:89:90:a7:1b:62:ec:15:a0:5b:6c:28:b1:49:
         f5:19:b8:33:4c:e6:5c:86:15:28:f8:fb:03:ea:1a:d7:b8:32:
         22:5b:c9:e9:f5:7f:6c:5a:80:a7:5d:96:59:12:b7:db:13:5b:
         1c:53:3c:c0:3f:0c:99:8b:53:a5:52:3d:5f:b9:2d:74:10:e1:
         b3:85:50:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPzn7BvSk15kKD+zCszLCMQr2m9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTEwNjE2MTVaFw0yNzA2MTAwNjIxMTVaMDMxMTAvBgNV
BAMTKDYyOUM1OEE3Nzk2RTRBNkVBNDUzMTVEMTJFQUVDNUE0QjU1MzFBNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfb9O++KAHOlVWa2ZRJKuOMCcx
log5AVo+9jotKS69vSQKXama0XPVG1k18lSkNOJKhDjnEEwCRM9SVJEZSihSoqN+
bzyozyyEPRgoHf1Od1pKcIux0/7C3OUTfXqeHrY49VbTi+gmKBzYGk7Y8bszLHBa
e19lNXDLgNFLSmb3AljU0MUnW7nPdvZ5GeZ+G3oj6xkmqEQracgOEoSj7hwC+snP
kieTxt0LWnVHF7D1MguPuZO/aBOpQb7OEiS+hAkUBAPtCfzYsAPRYoyM8AvjMjoS
OsloPbbJlKH68Z/4cxDZ8YA/wIQmy8G1UkeMKVxOeqzw3uKLPqkXi7GWgxX3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYpxYp3luSm6kUxXRLq7FpLVTGmUwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTM0NDg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvN1j
MA0GCSqGSIb3DQEBCwUAA4IBAQBOs2FeSX2oR8wQXOQGC9efYn4YEn+Oj3EdMAl6
XnpHpi+CSiq2oa4ToI/9tqwmfS3w00SehzkzgwoWEH+JS4UHhn9yqKIpvFGSTgiN
T5vvNlLvxy9hA0BcpBemfQe3IbSuZuNAs9qjOZK+YwJdE+qCp3vcQNyIbdozE71K
tA/gCyTZkV63dkW+lH0J82xQRKWaRV+VNoZQTNqqSvPWEGWPzFFi3MZ+dOG/7JTJ
8ew/hupQSUmMyVzn5omQpxti7BWgW2wosUn1GbgzTOZchhUo+PsD6hrXuDIiW8np
9X9sWoCnXZZZErfbE1scUzzAPwyZi1OlUj1fuS10EOGzhVAo
-----END CERTIFICATE-----