Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          BoenS46tdhPMSuhm7qWpUg3dc/KKcSaA6FGg8pB3zAg=
Subject key identifier:   29:93:B9:EC:E6:60:2B:92:07:91:CF:C1:71:F4:29:FD:DF:46:05:34
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       635E48D198D44D211AC923DE82471BE1A044743E
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa
Signing time:             Mon 04 Aug 2025 09:57:36 +0000
ROA not before:           Mon 04 Aug 2025 09:52:36 +0000
ROA not after:            Mon 03 Aug 2026 09:57:36 +0000
asID:                     135391
IP address blocks:        95.134.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 21:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:5e:48:d1:98:d4:4d:21:1a:c9:23:de:82:47:1b:e1:a0:44:74:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug  4 09:52:36 2025 GMT
            Not After : Aug  3 09:57:36 2026 GMT
        Subject: CN=2993B9ECE6602B920791CFC171F429FDDF460534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:aa:e0:2f:0e:22:dc:f8:bc:32:c1:41:ca:ce:
                    0f:c1:1e:a6:bc:e6:3e:48:1b:25:3a:16:1b:46:86:
                    4e:9c:d0:76:0c:d9:17:5b:7f:82:b7:6c:eb:89:b0:
                    1e:4f:0c:a7:00:ed:94:99:8a:68:bc:bb:67:b0:cf:
                    a0:58:9d:a7:f4:e6:6c:44:17:26:b4:9c:57:09:dd:
                    71:8d:70:86:9c:61:9d:45:37:08:e1:78:27:9d:4d:
                    62:c7:9c:e6:f2:b5:a8:2a:52:a5:92:af:b2:69:ee:
                    a9:14:0b:2c:0a:4c:0d:83:fe:ab:9c:fe:2f:62:40:
                    40:83:a3:0b:37:0a:00:37:90:78:0d:d1:70:ae:10:
                    c7:bb:c8:28:be:e5:39:2d:8d:62:1f:2c:8b:00:66:
                    32:75:29:95:01:cc:05:d3:0d:96:63:20:6e:3e:81:
                    50:78:40:c2:dd:86:7f:20:a7:e8:60:85:1e:e9:02:
                    6c:f9:e2:a5:1a:ae:db:bf:c3:e8:41:5a:c1:a1:b9:
                    43:ba:37:2c:eb:60:86:45:52:68:11:f0:3a:99:ec:
                    08:2f:79:85:5a:1d:c4:d6:9c:29:ed:4c:ff:fe:00:
                    41:7f:1d:c5:e4:6a:c5:6f:57:11:79:30:96:77:a0:
                    27:fe:d1:1e:53:24:fb:ef:03:7a:65:4f:06:08:95:
                    10:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:93:B9:EC:E6:60:2B:92:07:91:CF:C1:71:F4:29:FD:DF:46:05:34
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:71:45:6e:2f:42:be:4c:c9:d8:1a:13:24:5e:c8:17:6f:d0:
         70:63:80:a3:e8:e0:33:76:b4:61:33:8d:06:6b:dd:f6:1e:df:
         8b:51:56:27:74:a4:df:bf:19:a8:70:70:ed:7a:9b:17:33:4b:
         10:9c:e2:e7:a1:88:64:d6:c8:e8:21:eb:1b:e6:db:ec:4e:9f:
         3a:15:ac:ea:9e:78:b5:b6:9d:e3:5a:73:82:5d:8e:29:fb:db:
         ba:08:5e:ff:74:34:21:f8:84:2d:f6:36:8d:cc:b5:97:a4:c6:
         31:b1:ad:14:d0:25:84:d7:90:17:f4:17:25:31:95:2b:f4:51:
         1a:ca:80:81:7d:78:12:c7:dc:fd:16:78:d4:d8:86:eb:d2:93:
         9d:89:9b:62:18:96:ae:ee:f7:db:42:3e:3b:83:aa:c0:9f:e2:
         34:01:a8:36:e2:5f:2d:d8:a4:61:57:3a:a0:c2:25:b8:f3:69:
         27:ac:70:89:fb:a8:74:30:c9:65:b3:94:dd:36:87:f6:17:40:
         34:35:a0:7b:54:e5:05:f3:a5:e5:aa:12:36:fe:d4:ca:ff:d8:
         37:c3:aa:05:53:9f:57:93:c9:b9:2c:50:6c:5c:0d:79:5e:0b:
         78:1f:76:76:e2:39:28:29:32:02:c3:74:74:72:a0:ca:51:60:
         fe:53:fe:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY15I0ZjUTSEaySPegkcb4aBEdD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MDQwOTUyMzZaFw0yNjA4MDMwOTU3MzZaMDMxMTAvBgNV
BAMTKDI5OTNCOUVDRTY2MDJCOTIwNzkxQ0ZDMTcxRjQyOUZEREY0NjA1MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0quAvDiLc+LwywUHKzg/BHqa8
5j5IGyU6FhtGhk6c0HYM2Rdbf4K3bOuJsB5PDKcA7ZSZimi8u2ewz6BYnaf05mxE
Fya0nFcJ3XGNcIacYZ1FNwjheCedTWLHnObytagqUqWSr7Jp7qkUCywKTA2D/quc
/i9iQECDows3CgA3kHgN0XCuEMe7yCi+5TktjWIfLIsAZjJ1KZUBzAXTDZZjIG4+
gVB4QMLdhn8gp+hghR7pAmz54qUartu/w+hBWsGhuUO6NyzrYIZFUmgR8DqZ7Agv
eYVaHcTWnCntTP/+AEF/HcXkasVvVxF5MJZ3oCf+0R5TJPvvA3plTwYIlRB/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKZO57OZgK5IHkc/BcfQp/d9GBTQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4aO
MA0GCSqGSIb3DQEBCwUAA4IBAQBScUVuL0K+TMnYGhMkXsgXb9BwY4Cj6OAzdrRh
M40Ga932Ht+LUVYndKTfvxmocHDtepsXM0sQnOLnoYhk1sjoIesb5tvsTp86Fazq
nni1tp3jWnOCXY4p+9u6CF7/dDQh+IQt9jaNzLWXpMYxsa0U0CWE15AX9BclMZUr
9FEayoCBfXgSx9z9FnjU2Ibr0pOdiZtiGJau7vfbQj47g6rAn+I0Aag24l8t2KRh
VzqgwiW482knrHCJ+6h0MMlls5TdNof2F0A0NaB7VOUF86XlqhI2/tTK/9g3w6oF
U59Xk8m5LFBsXA15Xgt4H3Z24jkoKTICw3R0cqDKUWD+U/41
-----END CERTIFICATE-----