Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS8100.roa
File:                     AS8100.roa (raw, json)
Hash identifier:          rYlUiGlA3xw0Pk57eE1elFVw2sLmL1ZQ5iT8sNlfms8=
Subject key identifier:   F4:2F:F3:D1:EF:05:FA:B1:88:F5:84:40:AC:76:AB:91:FB:6D:D0:36
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6BC2840BD65671C3AAB6944420F9B05728B1F43E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS8100.roa
Signing time:             Wed 02 Oct 2024 09:25:31 +0000
ROA not before:           Wed 02 Oct 2024 09:20:31 +0000
ROA not after:            Wed 01 Oct 2025 09:25:31 +0000
asID:                     8100
IP address blocks:        148.135.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:c2:84:0b:d6:56:71:c3:aa:b6:94:44:20:f9:b0:57:28:b1:f4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  2 09:20:31 2024 GMT
            Not After : Oct  1 09:25:31 2025 GMT
        Subject: CN=F42FF3D1EF05FAB188F58440AC76AB91FB6DD036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:86:70:2b:70:86:c3:bb:58:ef:dd:f6:6d:10:
                    51:af:89:9b:d1:ea:16:1a:ba:33:56:6e:11:fb:06:
                    1c:60:90:6f:ac:a9:e3:de:50:1a:f5:79:2f:a0:f7:
                    ee:89:50:b2:3e:b6:ab:26:19:b0:d3:74:16:7a:ce:
                    6c:cc:8c:69:94:d3:ac:05:ba:29:cb:4d:ec:d1:b8:
                    b6:5b:03:6b:33:05:ff:7e:61:7a:39:cc:06:8b:6b:
                    7f:79:44:81:19:fd:96:09:0d:5a:19:af:99:e8:58:
                    f2:6f:3b:14:33:8a:38:47:59:81:a0:42:ce:4f:cf:
                    cd:ba:33:d3:27:a3:e7:ec:d1:3a:93:56:e2:66:89:
                    7b:ba:47:b3:80:8a:7d:3b:ff:db:46:45:8a:d0:df:
                    0c:59:6d:34:68:5d:48:a2:58:82:40:f8:76:f4:ba:
                    ed:56:57:1a:18:59:ac:f8:e4:27:8b:21:bf:c8:0a:
                    99:a8:7a:43:3f:a0:09:5f:da:11:1a:9d:f2:83:76:
                    07:d0:80:ff:a1:0e:51:69:63:a3:0c:2c:fc:6e:14:
                    b8:f4:71:72:f4:75:bc:2e:2c:09:4b:fc:78:2a:71:
                    ba:55:e8:58:84:f9:d2:a6:23:24:79:e1:e5:f8:3e:
                    23:59:f0:70:e9:d6:46:ab:06:15:8d:d5:3a:c2:0b:
                    c7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:2F:F3:D1:EF:05:FA:B1:88:F5:84:40:AC:76:AB:91:FB:6D:D0:36
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS8100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f0:2a:39:d9:4a:88:ec:d6:01:2c:a3:14:3e:6d:42:f5:1e:
         3b:9b:cf:58:e2:4c:0e:09:d9:1c:a6:97:74:b8:4a:cf:6a:2e:
         dc:ac:2d:b4:d9:0d:87:e6:4c:57:a9:e6:85:da:d2:0b:d3:7a:
         21:9f:ee:f9:bd:6b:93:b4:87:72:27:5c:2f:f0:db:d7:81:88:
         0d:87:96:fc:31:bf:ed:09:4c:8c:2e:ae:43:bc:18:bd:ee:1c:
         34:39:3d:92:d1:84:c3:1a:90:27:aa:87:73:b3:99:32:7c:2a:
         bb:dc:42:5a:2b:30:2a:7c:1e:e2:8c:f9:c8:01:53:f4:69:9f:
         ab:af:6d:87:79:33:55:f2:59:42:6f:c0:b9:90:28:cb:4b:1e:
         23:5d:7f:40:5f:b3:b0:76:65:f1:49:7d:87:77:c7:08:4b:4e:
         6d:c3:1b:31:64:07:4d:46:b9:77:f1:5a:0d:c2:3a:54:db:30:
         48:d1:8e:f6:1c:c3:5b:5d:f7:da:97:e9:da:91:e9:7a:fd:81:
         92:8b:0b:cc:65:a1:2c:7c:3c:f1:a5:d8:19:59:8f:0c:cc:0a:
         55:57:de:a3:cb:51:d4:dc:e2:b9:fd:da:00:b9:f2:25:40:72:
         54:2c:2f:91:dc:70:2f:1b:cf:7d:aa:d2:ac:6e:56:ac:8b:a8:
         3a:6a:10:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUa8KEC9ZWccOqtpREIPmwVyix9D4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEwMDIwOTIwMzFaFw0yNTEwMDEwOTI1MzFaMDMxMTAvBgNV
BAMTKEY0MkZGM0QxRUYwNUZBQjE4OEY1ODQ0MEFDNzZBQjkxRkI2REQwMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNhnArcIbDu1jv3fZtEFGviZvR
6hYaujNWbhH7BhxgkG+sqePeUBr1eS+g9+6JULI+tqsmGbDTdBZ6zmzMjGmU06wF
uinLTezRuLZbA2szBf9+YXo5zAaLa395RIEZ/ZYJDVoZr5noWPJvOxQzijhHWYGg
Qs5Pz826M9Mno+fs0TqTVuJmiXu6R7OAin07/9tGRYrQ3wxZbTRoXUiiWIJA+Hb0
uu1WVxoYWaz45CeLIb/ICpmoekM/oAlf2hEanfKDdgfQgP+hDlFpY6MMLPxuFLj0
cXL0dbwuLAlL/HgqcbpV6FiE+dKmIyR54eX4PiNZ8HDp1karBhWN1TrCC8cVAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU9C/z0e8F+rGI9YRArHarkftt0DYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTODEwMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJSHmDAN
BgkqhkiG9w0BAQsFAAOCAQEAWfAqOdlKiOzWASyjFD5tQvUeO5vPWOJMDgnZHKaX
dLhKz2ou3KwttNkNh+ZMV6nmhdrSC9N6IZ/u+b1rk7SHcidcL/Db14GIDYeW/DG/
7QlMjC6uQ7wYve4cNDk9ktGEwxqQJ6qHc7OZMnwqu9xCWiswKnwe4oz5yAFT9Gmf
q69th3kzVfJZQm/AuZAoy0seI11/QF+zsHZl8Ul9h3fHCEtObcMbMWQHTUa5d/Fa
DcI6VNswSNGO9hzDW1332pfp2pHpev2BkosLzGWhLHw88aXYGVmPDMwKVVfeo8tR
1Nziuf3aALnyJUByVCwvkdxwLxvPfarSrG5WrIuoOmoQUQ==
-----END CERTIFICATE-----