Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          0u7ZjAHbhI6KzCpz4zoVkU2FYWBzeP9Zjsr0hdBhxck=
Subject key identifier:   5E:62:E9:B3:55:2A:D4:6D:0C:35:78:39:01:72:34:DF:8B:7C:ED:60
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       69735F2FA8F635F9DEFF3B0FB580D02B1DB9DD12
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
Signing time:             Wed 19 Jun 2024 10:49:46 +0000
ROA not before:           Wed 19 Jun 2024 10:44:46 +0000
ROA not after:            Wed 18 Jun 2025 10:49:46 +0000
asID:                     135391
IP address blocks:        147.79.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:73:5f:2f:a8:f6:35:f9:de:ff:3b:0f:b5:80:d0:2b:1d:b9:dd:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 19 10:44:46 2024 GMT
            Not After : Jun 18 10:49:46 2025 GMT
        Subject: CN=5E62E9B3552AD46D0C357839017234DF8B7CED60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d0:51:34:40:e4:4e:78:c9:c3:99:81:6a:53:
                    34:e5:d8:5b:70:b7:77:58:b8:ba:44:5c:e8:fd:0a:
                    50:bc:0d:d0:51:fd:e1:ff:3f:38:3b:50:a8:c2:56:
                    3a:29:ea:ea:f1:53:7f:fc:3f:7c:60:02:ed:e3:16:
                    b7:a5:ca:36:65:9c:61:7b:e3:3f:a4:f2:f4:f2:3f:
                    c7:91:ec:f7:93:d8:09:a3:50:16:be:e4:2b:09:c2:
                    d4:b0:fa:f8:ab:76:03:7b:d1:6d:e9:08:f9:21:77:
                    09:f6:a6:8b:98:29:2d:93:24:fd:d7:7c:c2:97:fd:
                    00:8e:cb:66:94:2e:93:d1:a1:b6:44:9b:62:7e:37:
                    34:5c:35:61:f5:50:55:a3:01:67:99:e1:60:03:db:
                    33:f9:33:4d:e7:be:f8:b6:54:f2:d4:38:d1:8d:76:
                    07:b2:3a:da:fb:dd:be:97:91:1f:fe:d1:e9:84:92:
                    db:f4:6e:c5:45:7d:58:68:9f:a9:aa:ba:8c:7a:7e:
                    1f:3c:8c:60:65:d3:28:8c:08:f5:9e:d9:82:d3:1b:
                    fe:59:e9:8c:be:ae:ad:35:09:5e:f3:14:fa:f3:37:
                    36:86:62:7e:8c:ce:27:d3:aa:33:f7:dc:8f:d4:65:
                    85:3c:04:4d:c0:46:e9:54:e9:79:81:1c:49:8f:79:
                    cb:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:62:E9:B3:55:2A:D4:6D:0C:35:78:39:01:72:34:DF:8B:7C:ED:60
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:81:d4:bf:7a:73:92:89:44:dd:84:dc:34:ae:67:54:0d:6f:
         a2:6e:c0:a0:69:24:d2:bc:f8:88:ab:fb:cf:af:af:02:3f:e6:
         5b:88:bd:63:c7:45:62:a7:4c:61:12:c7:4e:c8:8a:1f:61:85:
         f9:c4:0d:94:03:e8:70:ce:0e:e1:45:21:8a:aa:f6:2e:b4:ff:
         d4:da:00:70:7b:bf:2b:ed:ad:3d:1b:77:31:43:53:0c:7c:bb:
         50:dc:67:65:0f:06:73:d4:d8:08:48:94:f9:9e:4e:a5:be:c5:
         3c:08:e6:10:8b:47:06:16:61:43:06:50:c2:c1:c7:41:26:38:
         c5:2e:f7:10:6d:9d:5e:50:5c:ee:99:8e:9f:6a:50:9b:51:72:
         24:28:3b:f4:19:23:4d:9d:7e:fd:55:11:f1:ee:01:8c:92:cb:
         73:74:85:bc:57:1d:81:14:88:50:8c:a4:91:aa:1c:55:f7:23:
         75:56:41:e4:6e:48:e5:92:d3:b7:a3:77:20:35:e0:c1:01:7f:
         1d:3e:18:b5:c5:e6:e4:1a:f9:d0:78:35:67:f2:ae:2e:b5:d6:
         7e:d3:4b:eb:f7:aa:10:83:82:1b:26:8c:b9:88:3c:91:5c:81:
         10:68:ed:91:ec:1f:1a:08:57:d6:db:48:14:a8:2e:2d:41:56:
         11:29:56:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaXNfL6j2Nfne/zsPtYDQKx253RIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA2MTkxMDQ0NDZaFw0yNTA2MTgxMDQ5NDZaMDMxMTAvBgNV
BAMTKDVFNjJFOUIzNTUyQUQ0NkQwQzM1NzgzOTAxNzIzNERGOEI3Q0VENjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU0FE0QOROeMnDmYFqUzTl2Ftw
t3dYuLpEXOj9ClC8DdBR/eH/Pzg7UKjCVjop6urxU3/8P3xgAu3jFrelyjZlnGF7
4z+k8vTyP8eR7PeT2AmjUBa+5CsJwtSw+virdgN70W3pCPkhdwn2pouYKS2TJP3X
fMKX/QCOy2aULpPRobZEm2J+NzRcNWH1UFWjAWeZ4WAD2zP5M03nvvi2VPLUONGN
dgeyOtr73b6XkR/+0emEktv0bsVFfVhon6mquox6fh88jGBl0yiMCPWe2YLTG/5Z
6Yy+rq01CV7zFPrzNzaGYn6MzifTqjP33I/UZYU8BE3ARulU6XmBHEmPectPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXmLps1Uq1G0MNXg5AXI034t87WAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk084
MA0GCSqGSIb3DQEBCwUAA4IBAQBjgdS/enOSiUTdhNw0rmdUDW+ibsCgaSTSvPiI
q/vPr68CP+ZbiL1jx0Vip0xhEsdOyIofYYX5xA2UA+hwzg7hRSGKqvYutP/U2gBw
e78r7a09G3cxQ1MMfLtQ3GdlDwZz1NgISJT5nk6lvsU8COYQi0cGFmFDBlDCwcdB
JjjFLvcQbZ1eUFzumY6falCbUXIkKDv0GSNNnX79VRHx7gGMkstzdIW8Vx2BFIhQ
jKSRqhxV9yN1VkHkbkjlktO3o3cgNeDBAX8dPhi1xebkGvnQeDVn8q4utdZ+00vr
96oQg4IbJoy5iDyRXIEQaO2R7B8aCFfW20gUqC4tQVYRKVZK
-----END CERTIFICATE-----