Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135377.roa
File:                     AS135377.roa (raw, json)
Hash identifier:          nXINxHuh0Zz1nDCcevPDJl5Z1k60URVT+AwrBhGLN7U=
Subject key identifier:   EA:EF:1D:D5:F9:E2:54:9F:35:C5:73:36:A4:6D:3F:33:B8:62:2A:40
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4BF06FA5E67FFD4F9C2B39E94C553733E8D6B331
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135377.roa
Signing time:             Fri 17 Jan 2025 10:36:25 +0000
ROA not before:           Fri 17 Jan 2025 10:31:25 +0000
ROA not after:            Fri 16 Jan 2026 10:36:25 +0000
asID:                     135377
IP address blocks:        181.215.201.0/24 maxlen: 24
                          181.215.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:f0:6f:a5:e6:7f:fd:4f:9c:2b:39:e9:4c:55:37:33:e8:d6:b3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 17 10:31:25 2025 GMT
            Not After : Jan 16 10:36:25 2026 GMT
        Subject: CN=EAEF1DD5F9E2549F35C57336A46D3F33B8622A40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:88:6b:a3:2b:1d:61:43:b1:9a:b7:e2:95:77:
                    01:e1:39:fc:53:23:e6:15:17:45:17:e8:40:b6:ed:
                    84:f5:c1:16:ed:38:24:8d:3c:cd:63:08:ef:73:11:
                    59:a8:8c:43:9d:24:5b:f9:40:6e:06:99:bc:6d:74:
                    18:61:be:cc:f9:cb:70:f8:15:85:15:97:6b:df:16:
                    a6:b0:a7:ed:d6:75:ba:ef:0d:0d:90:b9:6c:db:69:
                    19:a2:d7:f3:fb:7b:89:85:bc:82:d4:1f:f3:f3:12:
                    90:37:ca:ee:9d:c9:79:ab:fd:a6:73:27:27:78:e4:
                    b2:fa:99:d8:6b:90:d7:29:c7:e8:ec:0f:28:05:48:
                    71:2a:90:0c:0a:0c:0c:d0:5a:72:3b:71:2d:b2:ae:
                    a2:44:fd:44:03:b4:66:ac:e4:3b:06:9e:05:1d:89:
                    22:32:2d:c4:29:19:43:4c:4d:a0:79:40:23:10:cb:
                    6b:99:c6:80:a3:a3:6c:71:2d:bd:e4:69:76:c3:a3:
                    95:5c:10:0b:28:28:42:a9:8b:bf:0b:39:52:65:f7:
                    7d:24:6d:14:f6:da:e0:1c:6a:a4:25:84:26:e4:5b:
                    03:ac:52:ae:de:f9:f3:81:5f:a3:9d:ef:79:31:19:
                    2c:f5:8b:3a:89:7d:5e:77:ee:71:63:fd:de:f3:dd:
                    ae:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EF:1D:D5:F9:E2:54:9F:35:C5:73:36:A4:6D:3F:33:B8:62:2A:40
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135377.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.201.0/24
                  181.215.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:da:d3:62:1d:6a:af:31:ea:30:49:57:f6:42:9d:c2:89:b1:
         a8:9b:ba:4c:28:d4:68:c4:f0:4d:53:4c:a5:77:27:0d:16:d0:
         ba:51:a0:0e:37:0a:dc:1b:b0:1e:e8:16:f2:55:80:72:f6:9f:
         a2:bd:de:ab:34:6f:d1:f9:08:bd:7f:98:95:60:af:b1:15:96:
         02:f8:04:87:ff:6d:e5:b9:0c:65:d0:79:61:8c:13:6d:f8:57:
         81:52:3b:c1:fb:9c:82:25:7e:68:29:49:3f:2d:c8:72:8f:74:
         bc:0e:3e:06:85:5e:60:f7:e2:a6:8e:68:08:09:ee:f3:79:5d:
         2a:6a:56:c1:a7:fc:89:e8:67:9a:62:72:4b:f8:54:f6:e9:98:
         7d:f6:6b:b5:84:36:5b:a5:88:f9:fe:40:23:d0:96:ec:29:0c:
         91:71:8f:2e:8d:08:33:0c:49:06:92:ba:2b:fe:2e:1d:16:ed:
         12:0d:67:df:f7:51:a0:e3:2e:87:65:e7:5e:be:5f:07:fe:63:
         28:c8:b3:d4:3a:39:12:0c:10:07:e4:59:b9:64:13:6e:a8:5b:
         06:f6:85:7c:32:6b:d3:07:63:d7:19:e9:f0:4c:4f:7c:59:58:
         5b:d2:98:c0:1a:30:25:e4:21:a0:c0:e9:42:ea:8c:84:52:e1:
         39:77:16:b9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUS/BvpeZ//U+cKznpTFU3M+jWszEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTcxMDMxMjVaFw0yNjAxMTYxMDM2MjVaMDMxMTAvBgNV
BAMTKEVBRUYxREQ1RjlFMjU0OUYzNUM1NzMzNkE0NkQzRjMzQjg2MjJBNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfiGujKx1hQ7Gat+KVdwHhOfxT
I+YVF0UX6EC27YT1wRbtOCSNPM1jCO9zEVmojEOdJFv5QG4GmbxtdBhhvsz5y3D4
FYUVl2vfFqawp+3WdbrvDQ2QuWzbaRmi1/P7e4mFvILUH/PzEpA3yu6dyXmr/aZz
Jyd45LL6mdhrkNcpx+jsDygFSHEqkAwKDAzQWnI7cS2yrqJE/UQDtGas5DsGngUd
iSIyLcQpGUNMTaB5QCMQy2uZxoCjo2xxLb3kaXbDo5VcEAsoKEKpi78LOVJl930k
bRT22uAcaqQlhCbkWwOsUq7e+fOBX6Od73kxGSz1izqJfV537nFj/d7z3a49AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6u8d1fniVJ81xXM2pG0/M7hiKkAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1Mzc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdfJ
AwQAtdfLMA0GCSqGSIb3DQEBCwUAA4IBAQAR2tNiHWqvMeowSVf2Qp3CibGom7pM
KNRoxPBNU0yldycNFtC6UaAONwrcG7Ae6BbyVYBy9p+ivd6rNG/R+Qi9f5iVYK+x
FZYC+ASH/23luQxl0HlhjBNt+FeBUjvB+5yCJX5oKUk/Lchyj3S8Dj4GhV5g9+Km
jmgICe7zeV0qalbBp/yJ6GeaYnJL+FT26Zh99mu1hDZbpYj5/kAj0JbsKQyRcY8u
jQgzDEkGkror/i4dFu0SDWff91Gg4y6HZedevl8H/mMoyLPUOjkSDBAH5Fm5ZBNu
qFsG9oV8MmvTB2PXGenwTE98WVhb0pjAGjAl5CGgwOlC6oyEUuE5dxa5
-----END CERTIFICATE-----