Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          tKNWlsiIlX1Y4DYQAraRQKliHSrTQU5iMPgDFsH13sA=
Subject key identifier:   BC:19:4F:4D:0D:BF:D9:78:B5:1A:8F:E0:FF:79:B0:FF:71:9A:3E:84
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4FD3BD161FDE6665390AF009131FB09A207F23D8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
Signing time:             Mon 22 Jul 2024 07:07:07 +0000
ROA not before:           Mon 22 Jul 2024 07:02:07 +0000
ROA not after:            Mon 21 Jul 2025 07:07:07 +0000
asID:                     135391
IP address blocks:        181.214.21.0/24 maxlen: 24
                          181.215.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:d3:bd:16:1f:de:66:65:39:0a:f0:09:13:1f:b0:9a:20:7f:23:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 22 07:02:07 2024 GMT
            Not After : Jul 21 07:07:07 2025 GMT
        Subject: CN=BC194F4D0DBFD978B51A8FE0FF79B0FF719A3E84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:7b:76:4c:e0:f9:74:2c:68:02:b1:e7:7b:
                    e9:48:8c:66:83:12:2e:c5:e9:52:e7:9a:17:71:1d:
                    1d:da:20:3c:b6:d6:c8:16:8c:97:ec:27:6f:8d:c3:
                    fc:7a:e5:85:3a:9c:7e:2e:99:0b:9e:1e:d7:fe:31:
                    c6:57:ad:da:90:79:28:69:46:9d:1d:cc:37:72:48:
                    0e:1f:d8:bb:09:73:6a:c9:a4:37:96:f4:55:8f:1a:
                    e8:c7:91:fe:28:b4:ce:0b:f1:5e:b4:a0:c5:d8:73:
                    56:62:8c:0b:c8:c2:de:72:9c:32:25:32:68:28:30:
                    a0:a8:f8:67:27:46:87:f3:a7:63:53:85:f9:a8:c0:
                    e2:8e:73:17:6e:b2:6a:37:87:b1:40:e9:47:ea:71:
                    2a:ea:9b:70:a3:0e:d5:8c:61:85:ac:59:44:f5:49:
                    ba:52:18:ac:88:41:3e:e7:b3:2e:93:88:2a:ba:7c:
                    94:2b:f2:33:2e:4f:f5:2a:9c:37:b4:a3:98:75:73:
                    5b:ee:75:52:31:d7:32:f7:eb:8d:04:d4:18:0e:60:
                    c5:9e:96:32:b6:4a:04:3b:14:37:81:a8:c2:a9:72:
                    ed:d2:23:97:33:3f:a9:aa:92:9a:24:4c:f6:b3:c9:
                    98:1d:fb:4f:80:a1:7a:c7:e0:3c:e6:75:81:56:9b:
                    f4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:19:4F:4D:0D:BF:D9:78:B5:1A:8F:E0:FF:79:B0:FF:71:9A:3E:84
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.21.0/24
                  181.215.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:02:76:a7:79:a6:e3:35:d8:d1:a1:d2:44:69:ab:2f:53:09:
         09:59:60:e7:d6:70:ce:90:7a:e0:2e:ee:81:b2:42:24:aa:26:
         5d:6f:30:29:66:02:5d:89:e0:f1:4e:6f:37:e0:24:af:60:47:
         d4:6f:59:e7:50:84:77:12:16:2f:e1:40:4c:81:72:a4:52:cb:
         14:bc:6b:e8:45:e0:46:b5:30:b0:0d:8b:b8:dd:72:0a:87:c2:
         a2:9b:2d:fe:b0:a5:68:3b:56:fc:be:ad:99:d5:2c:77:a6:02:
         f4:a4:7a:bf:58:92:63:5f:46:9f:ef:96:69:42:c9:d4:e3:1c:
         41:9c:5a:ec:94:1f:0a:e2:1d:d5:5c:67:c9:ae:8f:10:6e:74:
         42:ee:64:32:11:6b:74:e2:fe:26:1b:95:ec:e6:23:a2:1e:89:
         e6:b4:a0:70:e3:89:7c:9a:68:3f:01:b1:35:af:f5:52:96:71:
         00:8d:d0:a2:fd:f5:ad:48:7f:79:c3:96:80:20:9d:a0:d0:94:
         4e:fc:e8:ea:6a:9b:6b:f6:3c:37:d8:19:ac:16:af:f8:38:61:
         08:24:4e:3b:17:47:d8:9a:bb:92:b8:cc:c0:15:6d:15:d5:57:
         59:d7:42:f8:bc:4d:96:8c:b1:4e:9b:66:31:8f:d1:23:2e:0d:
         b8:5c:4d:1b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUT9O9Fh/eZmU5CvAJEx+wmiB/I9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MjIwNzAyMDdaFw0yNTA3MjEwNzA3MDdaMDMxMTAvBgNV
BAMTKEJDMTk0RjREMERCRkQ5NzhCNTFBOEZFMEZGNzlCMEZGNzE5QTNFODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmynt2TOD5dCxoArHne+lIjGaD
Ei7F6VLnmhdxHR3aIDy21sgWjJfsJ2+Nw/x65YU6nH4umQueHtf+McZXrdqQeShp
Rp0dzDdySA4f2LsJc2rJpDeW9FWPGujHkf4otM4L8V60oMXYc1ZijAvIwt5ynDIl
MmgoMKCo+GcnRofzp2NThfmowOKOcxdusmo3h7FA6UfqcSrqm3CjDtWMYYWsWUT1
SbpSGKyIQT7nsy6TiCq6fJQr8jMuT/UqnDe0o5h1c1vudVIx1zL3640E1BgOYMWe
ljK2SgQ7FDeBqMKpcu3SI5czP6mqkpokTPazyZgd+0+AoXrH4DzmdYFWm/RfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUvBlPTQ2/2Xi1Go/g/3mw/3GaPoQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdYV
AwQAtdc4MA0GCSqGSIb3DQEBCwUAA4IBAQAZAnaneabjNdjRodJEaasvUwkJWWDn
1nDOkHrgLu6BskIkqiZdbzApZgJdieDxTm834CSvYEfUb1nnUIR3EhYv4UBMgXKk
UssUvGvoReBGtTCwDYu43XIKh8Kimy3+sKVoO1b8vq2Z1Sx3pgL0pHq/WJJjX0af
75ZpQsnU4xxBnFrslB8K4h3VXGfJro8QbnRC7mQyEWt04v4mG5Xs5iOiHonmtKBw
44l8mmg/AbE1r/VSlnEAjdCi/fWtSH95w5aAIJ2g0JRO/Ojqaptr9jw32BmsFq/4
OGEIJE47F0fYmruSuMzAFW0V1VdZ10L4vE2WjLFOm2Yxj9EjLg24XE0b
-----END CERTIFICATE-----