Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa
File:                     AS135375.roa (raw, json)
Hash identifier:          pXNu23QKbKLDXhT2LMDIYJKjj1FNZYMxlZD4PZW26WE=
Subject key identifier:   2C:DC:C3:E9:B2:0B:0E:5E:78:B7:B2:AD:FB:D4:89:B5:B7:D2:95:CE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7DCBBA0D6286C517AB5A7D45608EF75A3919221F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa
Signing time:             Tue 22 Aug 2023 00:00:13 +0000
ROA not before:           Mon 21 Aug 2023 23:55:13 +0000
ROA not after:            Tue 20 Aug 2024 00:00:13 +0000
asID:                     135375
IP address blocks:        45.133.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:cb:ba:0d:62:86:c5:17:ab:5a:7d:45:60:8e:f7:5a:39:19:22:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 21 23:55:13 2023 GMT
            Not After : Aug 20 00:00:13 2024 GMT
        Subject: CN=2CDCC3E9B20B0E5E78B7B2ADFBD489B5B7D295CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fe:17:33:bb:68:98:dc:51:bf:6b:93:ed:a8:
                    e0:0d:78:4c:8a:f0:58:56:b1:8e:5f:bf:6c:c4:25:
                    08:01:a5:40:df:9d:ab:d5:d7:99:f0:ee:7e:df:36:
                    68:a5:8f:7b:d2:63:48:d3:59:f2:aa:f4:e2:e2:cc:
                    a6:0b:13:41:b2:9a:f2:98:53:68:1a:dd:3a:87:36:
                    80:9a:17:94:1c:43:54:b3:47:81:e1:a7:e0:da:37:
                    30:97:76:8e:6a:3d:a9:83:d2:1b:ea:6a:03:96:00:
                    d7:a0:61:40:4b:29:ed:87:d7:52:ef:90:2a:e5:2d:
                    fa:fa:df:d7:6a:1a:96:21:6f:ed:5d:44:4b:1e:7c:
                    91:f8:f7:63:ba:dc:75:5f:c1:41:3f:91:e7:b2:a8:
                    3b:e4:3d:5e:02:dc:17:d6:39:41:05:a6:8a:45:f1:
                    a3:e7:93:e3:ae:6c:19:ac:83:14:c5:62:04:63:a6:
                    88:c1:fa:83:9a:47:d9:d7:13:31:22:a7:9e:2e:ba:
                    6a:e8:cc:46:7a:18:a5:5e:b7:21:6d:60:ad:7c:3e:
                    fa:09:ff:95:c4:86:c6:f6:63:e8:6d:b0:4c:90:4a:
                    d6:59:17:33:1a:a6:42:92:c7:0e:fe:6e:64:27:ff:
                    b7:ef:23:57:11:b2:d0:f7:d3:c9:f6:95:5b:61:8c:
                    ff:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DC:C3:E9:B2:0B:0E:5E:78:B7:B2:AD:FB:D4:89:B5:B7:D2:95:CE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135375.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:69:41:f6:81:0d:bd:cd:b5:87:1a:0f:79:3a:88:a3:e9:25:
         8d:85:f1:b7:8c:e1:1a:b7:6d:fd:c6:aa:77:e0:52:cf:1b:86:
         42:52:a8:df:2a:11:6d:a5:8a:2a:29:f6:58:73:28:48:5a:0d:
         fe:08:33:eb:8a:68:45:38:dd:17:2d:54:0e:cc:db:46:46:4a:
         87:4b:f6:04:4c:6e:76:ff:e0:59:32:f6:94:84:6e:9b:e1:25:
         bb:fc:7e:37:d6:2c:34:e9:6b:12:2b:b4:33:ed:fb:0f:5c:cc:
         2b:ba:10:96:0f:77:60:a0:db:34:68:b5:ce:6e:27:bb:ec:6c:
         c5:37:4d:08:44:cc:ec:05:c8:c0:59:cd:48:22:44:16:6b:ba:
         f7:04:b4:b6:fe:33:70:62:ae:ae:95:38:4f:1e:2b:63:e3:5d:
         23:8a:a3:64:2a:2b:1f:f5:8d:f3:2d:4f:be:0d:dd:e8:36:b9:
         e8:b9:6f:a4:e7:6f:9a:c9:f9:31:63:7d:a8:17:da:75:f0:1c:
         5d:b0:7a:e8:97:17:f9:0f:13:39:ab:98:2a:8d:26:29:8e:d1:
         92:90:94:51:69:92:56:c7:44:d1:55:c5:ff:c7:ae:d8:79:d7:
         c4:dd:7f:9f:9a:15:cc:76:5a:93:54:c9:51:2f:ad:a9:69:4a:
         c1:6a:67:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfcu6DWKGxRerWn1FYI73WjkZIh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA4MjEyMzU1MTNaFw0yNDA4MjAwMDAwMTNaMDMxMTAvBgNV
BAMTKDJDRENDM0U5QjIwQjBFNUU3OEI3QjJBREZCRDQ4OUI1QjdEMjk1Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk/hczu2iY3FG/a5PtqOANeEyK
8FhWsY5fv2zEJQgBpUDfnavV15nw7n7fNmilj3vSY0jTWfKq9OLizKYLE0GymvKY
U2ga3TqHNoCaF5QcQ1SzR4Hhp+DaNzCXdo5qPamD0hvqagOWANegYUBLKe2H11Lv
kCrlLfr639dqGpYhb+1dREsefJH492O63HVfwUE/keeyqDvkPV4C3BfWOUEFpopF
8aPnk+OubBmsgxTFYgRjpojB+oOaR9nXEzEip54uumrozEZ6GKVetyFtYK18PvoJ
/5XEhsb2Y+htsEyQStZZFzMapkKSxw7+bmQn/7fvI1cRstD308n2lVthjP8pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULNzD6bILDl54t7Kt+9SJtbfSlc4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1Mzc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWo
MA0GCSqGSIb3DQEBCwUAA4IBAQAwaUH2gQ29zbWHGg95Ooij6SWNhfG3jOEat239
xqp34FLPG4ZCUqjfKhFtpYoqKfZYcyhIWg3+CDPrimhFON0XLVQOzNtGRkqHS/YE
TG52/+BZMvaUhG6b4SW7/H431iw06WsSK7Qz7fsPXMwruhCWD3dgoNs0aLXObie7
7GzFN00IRMzsBcjAWc1IIkQWa7r3BLS2/jNwYq6ulThPHitj410jiqNkKisf9Y3z
LU++Dd3oNrnouW+k52+ayfkxY32oF9p18BxdsHrolxf5DxM5q5gqjSYpjtGSkJRR
aZJWx0TRVcX/x67YedfE3X+fmhXMdlqTVMlRL62paUrBameF
-----END CERTIFICATE-----