Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          RrXmd6ETiT+wSSrqpweTPR6CpGEZbioofNmPCkTJcgc=
Subject key identifier:   B5:01:1C:31:01:56:51:6C:A9:C6:EA:F5:8A:4E:56:B6:AE:F5:0E:5E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       684745817A8DFF9003548A4C657980B092BBDFAA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135402.roa
Signing time:             Wed 17 Jul 2024 09:05:49 +0000
ROA not before:           Wed 17 Jul 2024 09:00:49 +0000
ROA not after:            Wed 16 Jul 2025 09:05:49 +0000
asID:                     135402
IP address blocks:        146.103.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:47:45:81:7a:8d:ff:90:03:54:8a:4c:65:79:80:b0:92:bb:df:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 17 09:00:49 2024 GMT
            Not After : Jul 16 09:05:49 2025 GMT
        Subject: CN=B5011C310156516CA9C6EAF58A4E56B6AEF50E5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:9e:13:71:e3:5e:1b:a7:03:d2:99:2a:1e:
                    de:ff:72:c2:0a:fe:96:86:7c:43:31:1e:a6:1b:98:
                    09:cb:d7:8e:ab:83:c7:7c:db:1e:96:52:46:9d:2f:
                    3c:2f:56:db:5c:54:29:39:ea:c6:1b:8b:67:3c:89:
                    a5:48:50:4e:15:5e:ed:dc:27:61:5c:56:0d:8c:0a:
                    b9:c8:22:ea:4a:4c:99:b4:46:f2:1e:dc:96:7f:50:
                    71:e5:4b:8d:c2:33:72:8a:a0:ed:23:1c:99:83:2f:
                    fc:ac:80:0c:d7:84:ed:8c:fd:d0:ae:ca:1c:23:d7:
                    81:07:ab:4d:1c:6d:c4:e4:34:1c:a3:80:9f:ec:71:
                    48:5d:fe:aa:05:4f:dd:59:d8:8f:ec:0d:2a:ff:8f:
                    cf:bd:2c:eb:6c:1d:c6:47:45:36:78:23:6c:4c:3b:
                    30:5b:3a:05:c0:39:37:64:ec:a9:e5:22:c9:a7:ff:
                    5e:8f:4d:ef:29:8a:10:20:c7:df:58:4d:3f:a9:93:
                    38:e0:1a:83:a2:8e:8d:61:b4:a0:0f:f9:45:71:28:
                    4a:86:e6:70:fb:be:0b:8b:07:1e:6d:3e:c5:81:22:
                    3a:12:cc:fe:2b:04:f6:cf:a4:cd:1b:22:63:12:c2:
                    33:e0:0d:88:76:15:ca:f2:58:ab:d5:59:26:2b:ec:
                    b5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:01:1C:31:01:56:51:6C:A9:C6:EA:F5:8A:4E:56:B6:AE:F5:0E:5E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:9f:89:81:d4:0a:33:72:aa:df:b3:28:c4:13:08:2b:d2:aa:
         14:fb:51:16:9b:ec:1c:0e:0b:e2:39:37:7a:ad:e7:ed:70:3b:
         1f:db:7d:79:0a:b8:c0:ac:a1:0c:af:3a:7e:80:77:79:03:88:
         69:d5:2c:be:93:57:68:7a:38:ac:c0:57:4f:9f:f6:2b:06:31:
         f2:df:68:c7:3e:91:cf:31:c0:8d:1b:7a:d9:ae:79:a9:0a:a7:
         1b:13:3e:17:25:b7:75:74:3b:fc:ff:89:53:a3:92:8d:c8:8e:
         0f:ea:3e:01:d0:29:44:49:d9:49:f8:23:7b:c4:5f:fa:b8:23:
         f3:54:24:bb:ca:4c:6c:a9:9e:e2:e5:90:4c:aa:62:7a:56:be:
         06:4d:43:e6:93:6b:21:bd:aa:6c:17:14:85:d1:0a:c9:6f:70:
         c0:6b:03:c6:09:a4:82:6e:ef:ce:59:10:b2:88:6f:f0:d8:20:
         f2:3b:a4:be:b7:08:1b:94:79:7b:fe:f0:49:ac:39:71:83:8f:
         19:dc:3e:26:48:0c:0b:61:d6:90:86:c0:cb:9b:bb:80:30:a5:
         95:44:80:3d:2e:be:3b:15:6d:e4:22:0e:60:a1:63:c5:96:d5:
         c4:4e:82:0e:cd:31:dc:b3:2b:8a:60:73:74:44:5f:2e:4d:09:
         5c:f8:c5:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaEdFgXqN/5ADVIpMZXmAsJK736owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MTcwOTAwNDlaFw0yNTA3MTYwOTA1NDlaMDMxMTAvBgNV
BAMTKEI1MDExQzMxMDE1NjUxNkNBOUM2RUFGNThBNEU1NkI2QUVGNTBFNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39Z4TceNeG6cD0pkqHt7/csIK
/paGfEMxHqYbmAnL146rg8d82x6WUkadLzwvVttcVCk56sYbi2c8iaVIUE4VXu3c
J2FcVg2MCrnIIupKTJm0RvIe3JZ/UHHlS43CM3KKoO0jHJmDL/ysgAzXhO2M/dCu
yhwj14EHq00cbcTkNByjgJ/scUhd/qoFT91Z2I/sDSr/j8+9LOtsHcZHRTZ4I2xM
OzBbOgXAOTdk7KnlIsmn/16PTe8pihAgx99YTT+pkzjgGoOijo1htKAP+UVxKEqG
5nD7vguLBx5tPsWBIjoSzP4rBPbPpM0bImMSwjPgDYh2FcryWKvVWSYr7LVlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtQEcMQFWUWypxur1ik5Wtq71Dl4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcA
MA0GCSqGSIb3DQEBCwUAA4IBAQAEn4mB1AozcqrfsyjEEwgr0qoU+1EWm+wcDgvi
OTd6reftcDsf2315CrjArKEMrzp+gHd5A4hp1Sy+k1doejiswFdPn/YrBjHy32jH
PpHPMcCNG3rZrnmpCqcbEz4XJbd1dDv8/4lTo5KNyI4P6j4B0ClESdlJ+CN7xF/6
uCPzVCS7ykxsqZ7i5ZBMqmJ6Vr4GTUPmk2shvapsFxSF0QrJb3DAawPGCaSCbu/O
WRCyiG/w2CDyO6S+twgblHl7/vBJrDlxg48Z3D4mSAwLYdaQhsDLm7uAMKWVRIA9
Lr47FW3kIg5goWPFltXEToIOzTHcsyuKYHN0RF8uTQlc+MV7
-----END CERTIFICATE-----