Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          ps+scO9mLORtesOrrEfbwPu7rlbynpKpBs5rHtCYAJw=
Subject key identifier:   C9:FA:60:F0:01:BA:CA:B3:0B:90:35:2B:28:A9:65:84:69:C0:83:B4
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4E427B47D9300BDFB7D8001CEF1FDF18B45AE9F9
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
Signing time:             Tue 29 Jul 2025 00:00:45 +0000
ROA not before:           Mon 28 Jul 2025 23:55:45 +0000
ROA not after:            Tue 28 Jul 2026 00:00:45 +0000
asID:                     137517
IP address blocks:        188.119.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:40:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:42:7b:47:d9:30:0b:df:b7:d8:00:1c:ef:1f:df:18:b4:5a:e9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jul 28 23:55:45 2025 GMT
            Not After : Jul 28 00:00:45 2026 GMT
        Subject: CN=C9FA60F001BACAB30B90352B28A9658469C083B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:57:65:4f:1d:b7:9a:4c:e7:1c:74:51:ac:0a:
                    f4:8f:a9:50:40:02:5c:77:68:73:bc:1b:24:6f:98:
                    13:a0:ee:5b:9a:b6:c9:24:34:35:ae:04:e1:cb:8d:
                    f3:f1:d5:d5:10:cc:01:4a:9c:2b:1c:5c:e7:41:6b:
                    c2:f8:a4:30:f3:bd:a5:7b:87:2c:cd:35:57:44:c5:
                    ba:4d:4e:8d:d0:1d:9f:c2:0f:80:b7:55:5e:21:9b:
                    36:75:23:00:d9:bf:3f:65:d2:9a:6e:76:ff:27:25:
                    a1:c2:07:7d:ef:ca:28:92:c0:3c:c4:89:6d:b2:36:
                    a3:16:2e:43:66:7c:26:c7:dc:be:02:0b:65:cd:4f:
                    01:67:98:e2:d6:93:e4:28:ae:88:d3:d0:b7:e7:67:
                    ef:2d:55:82:55:d9:7c:6a:f1:d3:e9:e8:6c:43:57:
                    83:d1:d5:68:16:84:e9:c1:09:a2:36:41:86:4e:d1:
                    0b:f0:db:4a:74:1f:23:54:a3:37:b3:69:e0:ac:9f:
                    21:f3:ef:2b:95:97:57:dc:ff:d4:ac:6d:f4:0b:05:
                    1b:d2:d8:81:b8:e2:f1:a4:db:47:c6:7d:1f:66:20:
                    9d:44:80:b9:bc:43:05:50:f5:ed:47:02:39:24:e7:
                    69:4f:0f:2f:81:99:96:f7:46:67:0d:77:bf:92:a4:
                    d5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:FA:60:F0:01:BA:CA:B3:0B:90:35:2B:28:A9:65:84:69:C0:83:B4
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0a:c7:a0:6c:82:3c:fe:b1:e8:86:29:bc:75:c2:9a:29:3a:
         b8:8e:ce:4d:38:7b:68:a6:47:62:43:fd:b5:9e:b9:55:aa:e2:
         39:6d:10:76:72:92:e3:aa:6f:37:3b:86:a9:ea:d9:c9:83:68:
         f4:ae:f5:5b:cb:4e:ce:8d:e9:05:19:5b:bb:85:a5:d0:92:84:
         95:95:22:d6:5c:a0:c0:f3:1d:c0:09:12:28:3f:82:5d:d3:24:
         50:6c:90:a0:46:ba:8b:eb:b2:5e:4f:16:46:f5:c2:fd:79:41:
         f2:d2:08:9c:04:f7:32:29:a8:25:a0:54:93:61:4f:d6:aa:cd:
         5e:6b:00:fa:69:10:0d:95:5e:e6:1f:10:7b:7d:f6:bd:fa:f1:
         07:09:02:fa:09:7e:19:5e:f6:95:1b:8d:59:df:20:a7:6c:94:
         d0:c7:7f:b9:63:a7:9a:e5:ae:73:20:5e:bb:48:9c:3d:a8:1c:
         fd:a8:01:6e:69:e2:73:95:89:c7:bd:a1:49:23:fa:a7:7e:bd:
         8a:79:81:ab:c1:86:5c:b9:7a:be:02:ed:68:5a:c8:c2:6d:85:
         ab:84:e0:e0:c9:66:ce:d4:13:03:22:6a:fb:e7:7d:ed:cc:2f:
         e7:eb:23:7a:ac:b0:8f:ad:fe:88:c3:58:46:61:1f:67:d7:7f:
         5d:ec:b7:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTkJ7R9kwC9+32AAc7x/fGLRa6fkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA3MjgyMzU1NDVaFw0yNjA3MjgwMDAwNDVaMDMxMTAvBgNV
BAMTKEM5RkE2MEYwMDFCQUNBQjMwQjkwMzUyQjI4QTk2NTg0NjlDMDgzQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4V2VPHbeaTOccdFGsCvSPqVBA
Alx3aHO8GyRvmBOg7luatskkNDWuBOHLjfPx1dUQzAFKnCscXOdBa8L4pDDzvaV7
hyzNNVdExbpNTo3QHZ/CD4C3VV4hmzZ1IwDZvz9l0ppudv8nJaHCB33vyiiSwDzE
iW2yNqMWLkNmfCbH3L4CC2XNTwFnmOLWk+QorojT0LfnZ+8tVYJV2Xxq8dPp6GxD
V4PR1WgWhOnBCaI2QYZO0Qvw20p0HyNUozezaeCsnyHz7yuVl1fc/9SsbfQLBRvS
2IG44vGk20fGfR9mIJ1EgLm8QwVQ9e1HAjkk52lPDy+BmZb3RmcNd7+SpNXdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyfpg8AG6yrMLkDUrKKllhGnAg7QwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHdE
MA0GCSqGSIb3DQEBCwUAA4IBAQAdCsegbII8/rHohim8dcKaKTq4js5NOHtopkdi
Q/21nrlVquI5bRB2cpLjqm83O4ap6tnJg2j0rvVby07OjekFGVu7haXQkoSVlSLW
XKDA8x3ACRIoP4Jd0yRQbJCgRrqL67JeTxZG9cL9eUHy0gicBPcyKagloFSTYU/W
qs1eawD6aRANlV7mHxB7ffa9+vEHCQL6CX4ZXvaVG41Z3yCnbJTQx3+5Y6ea5a5z
IF67SJw9qBz9qAFuaeJzlYnHvaFJI/qnfr2KeYGrwYZcuXq+Au1oWsjCbYWrhODg
yWbO1BMDImr7533tzC/n6yN6rLCPrf6Iw1hGYR9n139d7Le3
-----END CERTIFICATE-----