Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa
File:                     AS135375.roa (raw, json)
Hash identifier:          LEMkF+ZulKdL1GPx4LxyFOvW8WWsTziZSwyENLpQDGM=
Subject key identifier:   F2:CB:FB:F0:22:B7:9C:FA:3C:0D:5D:D1:59:F0:6C:5B:67:26:3F:48
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       03A4CD11FB2B4B08BDABFDFE68F9A58DB3B5E7D3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa
Signing time:             Tue 23 Jul 2024 00:05:19 +0000
ROA not before:           Tue 23 Jul 2024 00:00:19 +0000
ROA not after:            Tue 22 Jul 2025 00:05:19 +0000
asID:                     135375
IP address blocks:        45.133.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:a4:cd:11:fb:2b:4b:08:bd:ab:fd:fe:68:f9:a5:8d:b3:b5:e7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 23 00:00:19 2024 GMT
            Not After : Jul 22 00:05:19 2025 GMT
        Subject: CN=F2CBFBF022B79CFA3C0D5DD159F06C5B67263F48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e2:48:ae:56:39:b5:65:80:f0:1b:71:4c:2a:
                    02:59:56:cf:9b:c0:13:e8:37:35:3e:37:49:aa:22:
                    63:66:e6:80:20:75:a5:b4:80:40:28:c5:20:0e:d0:
                    d4:62:51:b6:d7:9e:04:52:61:32:0b:dc:0c:4a:02:
                    a0:2c:81:13:af:e4:39:a9:df:07:d9:5a:4b:91:80:
                    88:5a:8a:46:fe:46:31:3e:df:34:44:70:cd:3c:e9:
                    3c:da:84:37:ee:13:a0:48:b1:6d:a1:89:88:10:d8:
                    02:67:66:4f:d6:e2:47:1d:51:d0:bb:16:8a:b5:54:
                    af:66:91:85:b6:f8:9c:d2:4f:72:5c:92:6d:d9:46:
                    00:d4:72:fe:16:50:dc:01:db:b8:d6:27:83:d9:35:
                    40:27:ae:f1:47:8f:2e:1c:fb:08:ae:12:c8:56:23:
                    fe:27:78:cf:cf:32:ab:0e:2f:2a:2a:00:36:20:73:
                    c7:5f:c0:81:87:f8:ff:59:c4:f3:ff:26:88:17:d2:
                    f4:63:ff:43:dd:fc:98:02:d6:55:62:b5:75:43:af:
                    86:7f:d2:5c:51:9f:e9:6a:15:1f:7f:f7:24:00:7b:
                    f6:5c:0a:21:0f:e9:f6:59:31:f5:11:0b:d5:18:e9:
                    6c:7e:d3:33:d4:a2:4b:fd:24:45:04:3b:15:a7:b3:
                    ce:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CB:FB:F0:22:B7:9C:FA:3C:0D:5D:D1:59:F0:6C:5B:67:26:3F:48
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:db:b8:e3:a4:fa:7d:c2:c9:40:e2:39:25:8f:13:13:cb:a1:
         65:28:4b:86:9f:de:50:5f:52:a3:2e:4b:63:e1:8c:13:f4:25:
         bb:9a:a4:97:2e:83:04:67:05:52:ed:32:79:76:9f:cd:65:82:
         e1:0a:1c:88:66:44:d9:b9:46:30:ca:47:7f:10:9f:6c:b4:0c:
         c4:a7:d0:6e:1b:f9:71:da:80:a4:d3:1e:ef:20:6f:8f:4b:9b:
         68:50:c4:48:d5:e1:2d:d8:88:ef:e1:5c:05:bb:0e:fa:7f:a2:
         73:74:39:ab:85:1c:4b:8a:d7:1d:ab:d6:cd:d0:f6:f8:17:71:
         57:85:52:8a:bf:eb:ce:bb:d4:34:e0:c7:3a:79:51:58:5e:41:
         8d:5e:78:04:63:f2:2a:60:aa:7d:6a:6d:fd:52:51:fc:e7:43:
         6c:06:d2:55:8d:00:fb:b9:60:b9:56:01:ee:19:ea:ba:00:d4:
         e4:b3:99:5b:53:1c:1f:b2:9d:8b:ed:99:3c:0d:79:5b:0c:f0:
         01:41:2a:13:39:0e:57:78:a2:bc:87:57:01:d5:f6:ae:3f:bc:
         2a:fb:fb:36:d4:0a:18:db:2e:98:92:6c:c4:f5:be:e1:e4:b4:
         17:04:0b:b6:d9:ea:f6:99:69:ca:b9:54:cd:87:10:6a:8c:8a:
         f8:ba:87:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUA6TNEfsrSwi9q/3+aPmljbO159MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MjMwMDAwMTlaFw0yNTA3MjIwMDA1MTlaMDMxMTAvBgNV
BAMTKEYyQ0JGQkYwMjJCNzlDRkEzQzBENUREMTU5RjA2QzVCNjcyNjNGNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC94kiuVjm1ZYDwG3FMKgJZVs+b
wBPoNzU+N0mqImNm5oAgdaW0gEAoxSAO0NRiUbbXngRSYTIL3AxKAqAsgROv5Dmp
3wfZWkuRgIhaikb+RjE+3zREcM086TzahDfuE6BIsW2hiYgQ2AJnZk/W4kcdUdC7
Foq1VK9mkYW2+JzST3Jckm3ZRgDUcv4WUNwB27jWJ4PZNUAnrvFHjy4c+wiuEshW
I/4neM/PMqsOLyoqADYgc8dfwIGH+P9ZxPP/JogX0vRj/0Pd/JgC1lVitXVDr4Z/
0lxRn+lqFR9/9yQAe/ZcCiEP6fZZMfURC9UY6Wx+0zPUokv9JEUEOxWns84hAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8sv78CK3nPo8DV3RWfBsW2cmP0gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1Mzc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWo
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ27jjpPp9wslA4jkljxMTy6FlKEuGn95QX1Kj
Lktj4YwT9CW7mqSXLoMEZwVS7TJ5dp/NZYLhChyIZkTZuUYwykd/EJ9stAzEp9Bu
G/lx2oCk0x7vIG+PS5toUMRI1eEt2Ijv4VwFuw76f6JzdDmrhRxLitcdq9bN0Pb4
F3FXhVKKv+vOu9Q04Mc6eVFYXkGNXngEY/IqYKp9am39UlH850NsBtJVjQD7uWC5
VgHuGeq6ANTks5lbUxwfsp2L7Zk8DXlbDPABQSoTOQ5XeKK8h1cB1fauP7wq+/s2
1AoY2y6YkmzE9b7h5LQXBAu22er2mWnKuVTNhxBqjIr4uoef
-----END CERTIFICATE-----