Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          VNgqBYCkIuoeyACLL+DyFf3beQ+sbxzIrSmT7/2jiak=
Subject key identifier:   6A:AC:57:A2:D5:59:8C:08:32:DB:D4:6E:54:99:E4:44:EC:DA:A8:19
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       710E09E558A4ABA35897BCE40073EF0C6DF05AAA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
Signing time:             Thu 04 Jun 2026 11:47:29 +0000
ROA not before:           Thu 04 Jun 2026 11:42:29 +0000
ROA not after:            Thu 03 Jun 2027 11:47:29 +0000
asID:                     137409
IP address blocks:        141.11.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 04:17:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0e:09:e5:58:a4:ab:a3:58:97:bc:e4:00:73:ef:0c:6d:f0:5a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  4 11:42:29 2026 GMT
            Not After : Jun  3 11:47:29 2027 GMT
        Subject: CN=6AAC57A2D5598C0832DBD46E5499E444ECDAA819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:56:3d:20:b2:25:ae:fe:18:2d:7f:2b:25:
                    86:0a:be:ec:79:24:e7:88:52:50:53:e8:2b:9e:b7:
                    0c:4e:ee:51:80:78:44:85:43:79:a6:00:84:0a:ff:
                    58:12:9d:9e:f3:de:3f:50:a0:4b:f4:d0:86:72:77:
                    7c:19:a5:b2:a4:57:2d:ab:9f:85:03:09:92:90:43:
                    17:26:b7:2e:aa:40:de:5b:9a:39:80:16:9e:95:f1:
                    d3:2a:16:1e:d6:a9:aa:4c:93:b7:23:60:83:51:32:
                    d1:ea:d2:f9:95:88:7b:27:f6:4e:5f:45:75:8b:44:
                    2d:51:4f:4d:b0:8f:77:a7:3d:8c:fb:60:f5:3c:3e:
                    d8:d9:39:39:81:0b:80:03:ab:4c:65:50:15:26:0e:
                    60:91:ec:aa:03:bc:6d:3e:d3:34:94:72:59:c9:b6:
                    37:1f:fb:34:11:2a:30:84:1b:8f:1e:dc:41:3c:7a:
                    4a:a0:81:35:1e:3f:c1:54:59:94:ba:72:15:72:05:
                    6e:98:46:1b:d5:81:5c:f2:f8:c7:de:13:15:79:ed:
                    40:43:8a:e4:ce:11:bd:7d:fe:e7:71:97:32:35:79:
                    08:04:e0:9b:e8:ed:f8:eb:d8:af:6e:b0:46:f2:fb:
                    0d:2f:25:56:e3:5a:fa:59:55:ea:b1:f3:09:1f:d6:
                    06:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AC:57:A2:D5:59:8C:08:32:DB:D4:6E:54:99:E4:44:EC:DA:A8:19
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:fe:c0:59:71:ee:d3:bb:d1:13:d2:30:00:54:78:d8:9a:5c:
         8c:1d:17:13:72:e2:2b:5a:a8:f4:9a:f7:f4:07:c0:02:2d:82:
         b7:b2:a2:de:66:a7:b3:8d:7f:a4:d1:74:e0:b2:1f:bf:06:46:
         86:89:a2:1a:f5:5c:b5:c9:77:1d:a2:7e:95:8b:75:18:5a:80:
         d7:2b:79:08:df:e8:21:d2:4d:b9:41:fe:51:ff:ad:fc:99:58:
         bc:3e:d8:b8:2a:cd:0f:f0:ab:d5:e4:46:01:2e:79:c0:61:56:
         dd:e9:df:d8:0f:72:c3:f5:7e:0a:b4:94:fa:54:ad:01:b9:91:
         ff:ca:e4:55:17:d5:71:79:44:06:fd:4d:91:dc:c7:3f:8c:1f:
         8d:9b:2f:c1:1c:de:d9:dd:c3:2e:c6:f1:f6:b9:0d:45:73:5a:
         cb:f5:11:55:58:87:9a:cf:c3:44:f1:16:54:bd:72:fd:61:5f:
         81:64:68:86:05:41:86:2c:ad:22:56:36:13:e6:cb:54:14:24:
         e2:2b:1b:29:a0:9f:cb:38:7a:cb:26:4b:ba:77:a7:27:d6:9e:
         de:f9:f0:07:ad:46:72:eb:fc:20:b7:a4:40:46:7a:13:eb:2b:
         a1:4b:60:ff:82:e2:c1:12:4f:d2:69:e1:0e:a5:04:7d:41:b1:
         07:9b:43:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcQ4J5Vikq6NYl7zkAHPvDG3wWqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDQxMTQyMjlaFw0yNzA2MDMxMTQ3MjlaMDMxMTAvBgNV
BAMTKDZBQUM1N0EyRDU1OThDMDgzMkRCRDQ2RTU0OTlFNDQ0RUNEQUE4MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0alY9ILIlrv4YLX8rJYYKvux5
JOeIUlBT6CuetwxO7lGAeESFQ3mmAIQK/1gSnZ7z3j9QoEv00IZyd3wZpbKkVy2r
n4UDCZKQQxcmty6qQN5bmjmAFp6V8dMqFh7WqapMk7cjYINRMtHq0vmViHsn9k5f
RXWLRC1RT02wj3enPYz7YPU8PtjZOTmBC4ADq0xlUBUmDmCR7KoDvG0+0zSUclnJ
tjcf+zQRKjCEG48e3EE8ekqggTUeP8FUWZS6chVyBW6YRhvVgVzy+MfeExV57UBD
iuTOEb19/udxlzI1eQgE4Jvo7fjr2K9usEby+w0vJVbjWvpZVeqx8wkf1gbjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaqxXotVZjAgy29RuVJnkROzaqBkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsk
MA0GCSqGSIb3DQEBCwUAA4IBAQB7/sBZce7Tu9ET0jAAVHjYmlyMHRcTcuIrWqj0
mvf0B8ACLYK3sqLeZqezjX+k0XTgsh+/BkaGiaIa9Vy1yXcdon6Vi3UYWoDXK3kI
3+gh0k25Qf5R/638mVi8Pti4Ks0P8KvV5EYBLnnAYVbd6d/YD3LD9X4KtJT6VK0B
uZH/yuRVF9VxeUQG/U2R3Mc/jB+Nmy/BHN7Z3cMuxvH2uQ1Fc1rL9RFVWIeaz8NE
8RZUvXL9YV+BZGiGBUGGLK0iVjYT5stUFCTiKxspoJ/LOHrLJku6d6cn1p7e+fAH
rUZy6/wgt6RARnoT6yuhS2D/guLBEk/SaeEOpQR9QbEHm0O6
-----END CERTIFICATE-----