Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          r2yr8VDuF/YRkaifxY3kdPs4FoJnE7UzHGP/Dl7m8d4=
Subject key identifier:   56:38:7D:24:BE:82:67:B9:F4:8A:63:74:F4:7B:18:09:67:02:43:CE
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       22FD19414C6B6E9EBA6340FEF5E46EB69EB3AE25
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa
Signing time:             Wed 22 Oct 2025 02:10:07 +0000
ROA not before:           Wed 22 Oct 2025 02:05:07 +0000
ROA not after:            Wed 21 Oct 2026 02:10:07 +0000
asID:                     135391
IP address blocks:        178.95.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 14:35:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fd:19:41:4c:6b:6e:9e:ba:63:40:fe:f5:e4:6e:b6:9e:b3:ae:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 22 02:05:07 2025 GMT
            Not After : Oct 21 02:10:07 2026 GMT
        Subject: CN=56387D24BE8267B9F48A6374F47B1809670243CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:d6:63:88:a5:1f:c2:f5:1a:a1:74:c5:27:
                    4d:04:37:e0:f6:c7:e8:da:8c:12:a8:78:eb:cc:c2:
                    3a:1e:2e:37:e0:46:8f:40:ff:13:a8:b1:be:76:8d:
                    9c:f7:37:09:ab:a5:cd:0c:80:ad:ae:49:1d:19:1b:
                    ad:28:7a:c7:49:9f:25:91:e2:6b:93:0f:cb:05:89:
                    e7:f0:b8:8c:e9:0a:a9:61:57:e2:d9:f4:ab:ca:8b:
                    0b:bf:db:f0:68:28:bd:54:2d:65:49:21:67:f9:58:
                    8f:39:a4:51:a5:de:2e:90:dd:91:b1:f1:48:c0:ab:
                    3b:0b:d7:f9:b4:3f:7d:74:5f:54:a3:57:09:76:dc:
                    59:ae:a1:f6:61:be:66:6d:71:5a:ef:6e:10:c9:52:
                    99:24:8e:b8:c6:40:f4:3c:ef:90:fd:34:b4:7e:76:
                    72:4e:57:b6:43:3b:d5:67:a2:77:f5:07:47:f9:7b:
                    e8:b8:e8:2a:02:90:9f:84:6d:53:53:b5:2a:e5:95:
                    ac:79:10:bf:65:cf:76:29:df:87:35:64:48:29:ce:
                    d6:f2:ca:64:6c:4f:fa:6a:37:d6:2b:b5:2c:bb:e7:
                    f5:3f:68:12:84:4b:9c:7c:e8:0e:69:48:e8:d5:cf:
                    f4:67:99:79:1d:70:22:d3:aa:e6:88:9b:d2:77:5d:
                    35:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:38:7D:24:BE:82:67:B9:F4:8A:63:74:F4:7B:18:09:67:02:43:CE
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:a1:2f:43:8a:7d:be:0f:5b:df:e9:7e:f4:fd:ed:7a:4d:22:
         ac:cd:06:27:99:8c:05:32:d2:f0:b2:d2:bc:f6:81:c7:54:d0:
         70:1a:62:59:09:c4:2a:98:d3:12:62:f0:d1:42:dc:f1:91:56:
         1c:57:dd:2f:93:eb:c1:77:25:b7:36:07:5e:af:8e:3e:c2:73:
         66:41:9f:21:53:be:e3:8a:c9:d5:f0:fb:4e:8b:c8:7c:6e:97:
         b8:9d:cf:23:1e:f0:12:88:7d:d6:c7:24:c7:4e:24:61:e6:90:
         4a:a2:68:52:2b:65:42:34:d4:f4:9b:b6:1b:b8:d9:eb:62:4c:
         72:2c:ed:f4:f4:73:a0:8f:f6:e7:9e:90:4d:c0:f8:39:d1:c1:
         c8:fb:24:97:13:83:c0:9d:d5:9e:5b:6a:16:10:67:81:f9:2b:
         bd:99:99:36:33:d5:8a:55:30:1b:91:a9:04:19:c5:90:73:55:
         32:59:77:33:a9:b1:58:06:70:0b:65:b0:7f:d3:4d:72:ee:f1:
         df:3f:d5:40:76:8b:8d:a7:5d:86:8a:da:39:85:68:93:02:32:
         7d:34:15:84:36:26:83:3a:93:2a:30:fc:e5:62:15:00:c3:72:
         f3:6f:18:03:30:5c:21:3c:4f:e1:63:81:b6:68:b9:00:5e:f6:
         d4:d7:5b:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIv0ZQUxrbp66Y0D+9eRutp6zriUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjIwMjA1MDdaFw0yNjEwMjEwMjEwMDdaMDMxMTAvBgNV
BAMTKDU2Mzg3RDI0QkU4MjY3QjlGNDhBNjM3NEY0N0IxODA5NjcwMjQzQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqJdZjiKUfwvUaoXTFJ00EN+D2
x+jajBKoeOvMwjoeLjfgRo9A/xOosb52jZz3Nwmrpc0MgK2uSR0ZG60oesdJnyWR
4muTD8sFiefwuIzpCqlhV+LZ9KvKiwu/2/BoKL1ULWVJIWf5WI85pFGl3i6Q3ZGx
8UjAqzsL1/m0P310X1SjVwl23FmuofZhvmZtcVrvbhDJUpkkjrjGQPQ875D9NLR+
dnJOV7ZDO9Vnonf1B0f5e+i46CoCkJ+EbVNTtSrllax5EL9lz3Yp34c1ZEgpztby
ymRsT/pqN9YrtSy75/U/aBKES5x86A5pSOjVz/RnmXkdcCLTquaIm9J3XTXZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVjh9JL6CZ7n0imN09HsYCWcCQ84wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl+i
MA0GCSqGSIb3DQEBCwUAA4IBAQAroS9Din2+D1vf6X70/e16TSKszQYnmYwFMtLw
stK89oHHVNBwGmJZCcQqmNMSYvDRQtzxkVYcV90vk+vBdyW3Ngder44+wnNmQZ8h
U77jisnV8PtOi8h8bpe4nc8jHvASiH3WxyTHTiRh5pBKomhSK2VCNNT0m7YbuNnr
YkxyLO309HOgj/bnnpBNwPg50cHI+ySXE4PAndWeW2oWEGeB+Su9mZk2M9WKVTAb
kakEGcWQc1UyWXczqbFYBnALZbB/001y7vHfP9VAdouNp12Gito5hWiTAjJ9NBWE
NiaDOpMqMPzlYhUAw3LzbxgDMFwhPE/hY4G2aLkAXvbU11ts
-----END CERTIFICATE-----