Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          7MiXG3eqqm97qgkKM+GQP6Zk/56dgWaT4NSFfxTvPaE=
Subject key identifier:   34:F6:0C:3C:A9:5E:04:48:16:0B:EE:54:5B:10:38:1D:23:F4:D0:8D
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       2E9B72AB1FE60295A557346DC726F870B7389BA2
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa
Signing time:             Tue 06 May 2025 09:36:16 +0000
ROA not before:           Tue 06 May 2025 09:31:16 +0000
ROA not after:            Tue 05 May 2026 09:36:16 +0000
asID:                     137517
IP address blocks:        194.93.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:9b:72:ab:1f:e6:02:95:a5:57:34:6d:c7:26:f8:70:b7:38:9b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May  6 09:31:16 2025 GMT
            Not After : May  5 09:36:16 2026 GMT
        Subject: CN=34F60C3CA95E0448160BEE545B10381D23F4D08D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:10:62:9b:a7:b9:3d:09:c9:05:35:77:3e:c1:
                    f0:28:36:3b:0b:c3:30:f4:5e:17:1b:47:66:50:25:
                    b5:eb:8e:aa:ff:eb:bf:77:3e:55:c8:57:26:a1:73:
                    1b:26:b9:01:6d:14:2c:7a:07:f6:cf:f6:09:1d:cd:
                    d1:e4:0f:f4:c5:b8:5e:56:48:b7:1e:4a:b6:bf:35:
                    b8:17:0c:cb:be:81:8d:74:63:1c:ce:66:3e:63:ca:
                    92:ab:2c:39:12:ee:21:da:0e:f4:62:8b:0a:90:a2:
                    cb:80:e6:ea:5f:b8:d9:57:1a:9f:85:17:4b:81:a6:
                    87:1e:75:ad:6a:3a:53:63:60:23:e7:f4:11:90:ee:
                    d4:ab:a4:09:14:a2:c8:21:5a:aa:ef:e9:f1:33:20:
                    01:1b:c0:69:9e:5c:32:2f:72:a3:bc:34:d9:96:f8:
                    d2:a2:1c:a3:4f:b6:72:cb:03:58:e1:2f:ae:55:12:
                    52:71:74:6f:b0:6a:b6:0a:7f:2e:1b:e3:12:4f:38:
                    7e:4b:61:76:7f:da:fd:d8:43:50:4e:2d:a0:b8:0e:
                    94:dd:1f:c6:bb:eb:41:37:2c:ce:43:98:dd:53:1b:
                    38:83:e9:68:ba:de:47:b3:fd:9a:e1:5b:71:46:76:
                    c1:f8:66:86:2f:e0:b2:cd:77:20:26:f3:ed:67:11:
                    65:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F6:0C:3C:A9:5E:04:48:16:0B:EE:54:5B:10:38:1D:23:F4:D0:8D
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:8e:8a:f4:46:5b:56:4f:f7:79:f1:11:8e:0f:66:87:61:1e:
         13:7a:82:3a:55:e7:dd:6b:09:9d:c6:05:89:5f:06:02:77:c5:
         a9:22:38:8a:38:16:b5:53:af:83:ac:2b:7c:ca:fb:04:fd:bf:
         78:19:20:34:cb:91:25:38:16:02:7b:83:8b:ae:9b:5b:ff:ac:
         44:0e:8d:05:4d:dc:db:1b:2a:33:d3:3f:cb:d5:89:4b:cb:74:
         39:bf:8e:4c:75:ec:41:d1:20:68:fe:3d:a8:f3:6a:97:ea:2b:
         f0:f3:c8:95:bc:d5:8d:e4:5b:96:54:65:a6:3c:54:75:35:8e:
         19:2f:51:47:aa:d3:3e:73:fc:2f:1c:34:62:ee:12:ec:3c:f4:
         01:0e:83:ea:10:e5:75:80:b4:86:87:b6:fc:89:d7:bd:28:a2:
         f0:ca:96:ce:cb:e4:4c:50:d4:66:d7:15:46:b1:23:b1:cc:90:
         c3:3a:1c:d2:ed:42:12:4e:1b:c0:59:19:62:45:d8:10:8b:c9:
         2a:6e:41:09:c1:33:b9:a3:80:cf:36:07:82:1b:86:07:02:87:
         2b:57:f6:07:a0:34:d8:61:a4:dc:1a:15:3a:aa:ce:01:79:e9:
         95:cc:fd:5b:96:e6:45:d3:33:e9:76:bc:dc:96:ce:c6:b6:c3:
         0f:00:fd:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULptyqx/mApWlVzRtxyb4cLc4m6IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MDYwOTMxMTZaFw0yNjA1MDUwOTM2MTZaMDMxMTAvBgNV
BAMTKDM0RjYwQzNDQTk1RTA0NDgxNjBCRUU1NDVCMTAzODFEMjNGNEQwOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2EGKbp7k9CckFNXc+wfAoNjsL
wzD0XhcbR2ZQJbXrjqr/6793PlXIVyahcxsmuQFtFCx6B/bP9gkdzdHkD/TFuF5W
SLceSra/NbgXDMu+gY10YxzOZj5jypKrLDkS7iHaDvRiiwqQosuA5upfuNlXGp+F
F0uBpoceda1qOlNjYCPn9BGQ7tSrpAkUosghWqrv6fEzIAEbwGmeXDIvcqO8NNmW
+NKiHKNPtnLLA1jhL65VElJxdG+warYKfy4b4xJPOH5LYXZ/2v3YQ1BOLaC4DpTd
H8a760E3LM5DmN1TGziD6Wi63kez/ZrhW3FGdsH4ZoYv4LLNdyAm8+1nEWVvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNPYMPKleBEgWC+5UWxA4HSP00I0wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl0+
MA0GCSqGSIb3DQEBCwUAA4IBAQAFjor0RltWT/d58RGOD2aHYR4TeoI6Vefdawmd
xgWJXwYCd8WpIjiKOBa1U6+DrCt8yvsE/b94GSA0y5ElOBYCe4OLrptb/6xEDo0F
TdzbGyoz0z/L1YlLy3Q5v45MdexB0SBo/j2o82qX6ivw88iVvNWN5FuWVGWmPFR1
NY4ZL1FHqtM+c/wvHDRi7hLsPPQBDoPqEOV1gLSGh7b8ide9KKLwypbOy+RMUNRm
1xVGsSOxzJDDOhzS7UISThvAWRliRdgQi8kqbkEJwTO5o4DPNgeCG4YHAocrV/YH
oDTYYaTcGhU6qs4BeemVzP1bluZF0zPpdrzcls7GtsMPAP1u
-----END CERTIFICATE-----