Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          Sv+n5eF3s0HRR500GAs4Ld/q7X+4RRcn1Xe6czZDRM0=
Subject key identifier:   C3:54:8F:6D:C2:AF:FB:95:67:CC:D6:52:80:A4:21:32:77:DB:9F:F6
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       197C4747A8CAEFDFD97BDC2CD724E0FCAC6CB739
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137409.roa
Signing time:             Wed 28 Jan 2026 14:59:24 +0000
ROA not before:           Wed 28 Jan 2026 14:54:24 +0000
ROA not after:            Wed 27 Jan 2027 14:59:24 +0000
asID:                     137409
IP address blocks:        91.124.88.0/24 maxlen: 24
                          92.113.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:7c:47:47:a8:ca:ef:df:d9:7b:dc:2c:d7:24:e0:fc:ac:6c:b7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jan 28 14:54:24 2026 GMT
            Not After : Jan 27 14:59:24 2027 GMT
        Subject: CN=C3548F6DC2AFFB9567CCD65280A4213277DB9FF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:da:64:d3:73:21:4c:c8:39:14:73:65:44:b8:
                    19:cf:55:a2:53:03:a7:1e:21:a6:45:6e:fb:6f:71:
                    76:36:9b:d4:dc:ec:42:28:6a:37:b1:94:61:cf:5a:
                    62:d2:db:19:7c:c7:ce:b6:99:8b:69:c9:c3:92:1e:
                    59:63:77:eb:9c:d3:94:39:39:76:e0:e7:16:f9:39:
                    bb:ee:e7:df:c6:94:4a:39:cf:6a:d7:de:58:4f:bc:
                    36:e9:04:bf:11:2e:18:e5:74:bf:66:ed:d7:a0:ef:
                    19:a3:3c:8b:cb:df:46:8a:4f:bf:81:06:a1:13:60:
                    62:0f:fb:fe:64:4f:a9:da:86:24:d6:ed:6a:18:c2:
                    78:8e:54:8d:d5:67:5a:27:24:4c:0d:8f:65:be:81:
                    b2:81:ac:12:b3:39:b0:5b:f7:68:aa:72:9c:8b:99:
                    91:a7:51:97:25:ae:70:81:ae:dc:ba:e7:b6:d4:08:
                    4f:0c:79:36:92:0b:ec:e6:2e:62:84:2a:d2:75:ea:
                    6b:fc:5b:2a:ac:63:e5:6d:a5:0b:62:b5:dd:cc:dd:
                    7f:51:82:da:51:46:5e:7f:2b:02:19:93:6d:d9:d2:
                    4d:d4:36:eb:8c:80:75:af:cd:f9:a3:d7:ac:b7:da:
                    5f:f6:ff:5a:e2:e7:9e:5c:26:df:dd:15:70:f1:59:
                    31:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:54:8F:6D:C2:AF:FB:95:67:CC:D6:52:80:A4:21:32:77:DB:9F:F6
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.88.0/24
                  92.113.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9b:3f:28:77:07:4c:d2:0c:96:0e:6d:d7:5b:0f:f2:a0:c6:
         f7:51:e5:97:85:42:fb:ed:34:9e:a7:b7:80:14:da:cf:f5:78:
         ce:6f:6c:d5:6d:8e:ab:9f:3f:32:9c:b9:af:9e:82:a3:3e:ef:
         d1:b4:16:86:30:10:cf:8b:da:f3:77:f6:6c:29:d1:3d:7e:9f:
         b6:88:4e:05:a5:a0:5c:a6:76:11:54:da:dd:0c:6e:7e:ac:e9:
         0a:33:d3:9d:f6:5f:cd:5c:30:a6:3b:4f:2c:15:0c:96:0a:03:
         92:83:ba:c2:38:72:95:6f:14:5d:bc:6c:85:04:d3:a1:20:8e:
         a3:0f:1f:80:41:6b:30:bd:5d:22:0d:9a:5b:b4:a1:0f:62:ce:
         3d:f7:14:36:d7:df:22:64:75:de:71:d6:a8:b4:e3:9c:90:7f:
         1a:08:29:cc:b0:b3:bd:1a:36:00:3d:bc:90:1a:d5:58:20:83:
         03:99:4c:b0:3f:cc:bf:03:97:d0:a6:0d:d6:ad:87:1b:20:a0:
         a8:83:8e:3b:bb:f2:24:f3:83:2d:f3:64:32:d5:bc:b1:5c:7f:
         b1:18:f5:4e:e7:6d:4b:72:dc:4e:21:cb:62:98:1e:dc:e7:ed:
         c5:b4:ff:34:5a:ea:7f:50:2e:e4:a1:04:91:90:08:c2:9f:20:
         e3:8d:89:bb
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGXxHR6jK79/Ze9ws1yTg/KxstzkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAxMjgxNDU0MjRaFw0yNzAxMjcxNDU5MjRaMDMxMTAvBgNV
BAMTKEMzNTQ4RjZEQzJBRkZCOTU2N0NDRDY1MjgwQTQyMTMyNzdEQjlGRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw2mTTcyFMyDkUc2VEuBnPVaJT
A6ceIaZFbvtvcXY2m9Tc7EIoajexlGHPWmLS2xl8x862mYtpycOSHlljd+uc05Q5
OXbg5xb5Obvu59/GlEo5z2rX3lhPvDbpBL8RLhjldL9m7deg7xmjPIvL30aKT7+B
BqETYGIP+/5kT6nahiTW7WoYwniOVI3VZ1onJEwNj2W+gbKBrBKzObBb92iqcpyL
mZGnUZclrnCBrty657bUCE8MeTaSC+zmLmKEKtJ16mv8WyqsY+VtpQtitd3M3X9R
gtpRRl5/KwIZk23Z0k3UNuuMgHWvzfmj16y32l/2/1ri555cJt/dFXDxWTGlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUw1SPbcKv+5VnzNZSgKQhMnfbn/YwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW3xY
AwQAXHGJMA0GCSqGSIb3DQEBCwUAA4IBAQBSmz8odwdM0gyWDm3XWw/yoMb3UeWX
hUL77TSep7eAFNrP9XjOb2zVbY6rnz8ynLmvnoKjPu/RtBaGMBDPi9rzd/ZsKdE9
fp+2iE4FpaBcpnYRVNrdDG5+rOkKM9Od9l/NXDCmO08sFQyWCgOSg7rCOHKVbxRd
vGyFBNOhII6jDx+AQWswvV0iDZpbtKEPYs499xQ2198iZHXecdaotOOckH8aCCnM
sLO9GjYAPbyQGtVYIIMDmUywP8y/A5fQpg3WrYcbIKCog447u/Ik84Mt82Qy1byx
XH+xGPVO521LctxOIctimB7c5+3FtP80Wup/UC7koQSRkAjCnyDjjYm7
-----END CERTIFICATE-----