Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          cQlZDFUkLM/wbaL60UAS6Dny0rIafKE4v7nqT83diuk=
Subject key identifier:   33:4F:38:B3:F0:15:0F:83:E2:F7:5F:6F:4E:3A:5C:DD:8B:AA:57:8B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7B920F6549FC98D9460F1F30F0F97B049B76E1FE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135402.roa
Signing time:             Wed 25 Dec 2024 01:57:32 +0000
ROA not before:           Wed 25 Dec 2024 01:52:32 +0000
ROA not after:            Wed 24 Dec 2025 01:57:32 +0000
asID:                     135402
IP address blocks:        5.181.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:92:0f:65:49:fc:98:d9:46:0f:1f:30:f0:f9:7b:04:9b:76:e1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 25 01:52:32 2024 GMT
            Not After : Dec 24 01:57:32 2025 GMT
        Subject: CN=334F38B3F0150F83E2F75F6F4E3A5CDD8BAA578B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:16:dd:61:23:0d:57:ff:20:28:0b:e4:0f:98:
                    9e:57:e9:f1:1c:fb:bf:4b:2d:8e:4d:32:8b:d4:56:
                    8f:a9:e9:dc:75:e0:80:43:11:54:0c:c5:9d:78:8e:
                    17:6e:7a:5f:c1:2d:27:e8:49:9c:0c:c6:b8:72:cc:
                    5c:34:3e:0b:b2:3f:d7:c2:8d:b7:a4:b7:6d:5d:bb:
                    96:95:e2:d3:4e:80:ea:2b:1f:b4:73:b1:2b:88:a8:
                    71:54:58:f9:07:cb:a7:35:a4:83:e4:36:b1:2c:1a:
                    de:96:f4:6b:79:d1:f0:18:55:c7:67:85:e4:0d:c1:
                    92:90:06:08:4b:60:2a:00:b1:7a:81:81:ef:ca:ef:
                    ba:47:b3:f2:c4:4c:15:7a:01:0a:84:d5:1c:e9:c1:
                    a8:a5:2c:ec:ff:07:24:82:6b:41:b1:89:a4:52:b5:
                    2c:ce:79:6a:02:c4:79:a9:ab:1f:60:0e:e7:e1:23:
                    03:27:67:f2:7b:38:85:c4:b6:ab:e2:2c:af:b0:b1:
                    39:9f:55:f3:83:00:47:10:9c:48:c3:11:84:4c:a1:
                    d7:3a:3b:a9:be:de:30:64:c4:b2:80:44:bb:ce:98:
                    44:38:d3:87:0e:1b:34:3b:ca:10:46:a3:bd:cd:53:
                    dc:54:e0:f5:76:2f:93:3b:f0:9f:dc:51:ad:e2:93:
                    17:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4F:38:B3:F0:15:0F:83:E2:F7:5F:6F:4E:3A:5C:DD:8B:AA:57:8B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:70:2b:0d:3b:72:72:6e:b8:7b:da:cc:1c:41:71:43:c6:3c:
         30:1a:13:03:31:6d:bb:2a:7c:15:49:27:9f:b7:b9:69:05:8e:
         72:06:fd:ed:af:5a:7b:64:74:ca:1b:09:12:39:0a:05:57:46:
         9b:bd:8b:83:11:2a:02:0c:cc:ea:a2:33:da:3e:c1:05:7a:02:
         4e:06:70:df:a1:94:40:3a:a1:eb:c4:9b:14:dd:d1:cd:77:35:
         68:bd:0f:e4:13:ab:2b:c0:48:62:85:0a:0c:ff:82:e7:36:3e:
         9d:91:27:7b:77:0d:1a:b7:81:5f:0a:8a:bd:4c:eb:4a:79:11:
         92:df:8f:e1:d2:e0:ab:b3:03:b4:c8:5f:73:4e:9d:af:ca:eb:
         0c:b9:d4:c8:1b:70:20:1f:f1:e7:62:87:95:97:52:45:ab:66:
         8b:e4:2b:66:84:d7:5b:0c:3e:68:16:b2:48:e5:88:9e:f0:98:
         37:a5:57:b5:10:08:a6:55:f4:ab:19:a5:55:89:04:a3:36:b5:
         f3:44:bc:1c:45:3b:1d:a5:cd:b9:0d:c6:9d:47:6f:b2:66:b2:
         53:1e:fc:18:02:c9:e8:df:f0:2a:c4:6f:a3:ae:95:81:61:9c:
         2e:25:6e:62:cb:49:b7:ab:40:9b:64:60:0f:2a:09:0f:b4:dc:
         72:8a:ee:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUe5IPZUn8mNlGDx8w8Pl7BJt24f4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMjUwMTUyMzJaFw0yNTEyMjQwMTU3MzJaMDMxMTAvBgNV
BAMTKDMzNEYzOEIzRjAxNTBGODNFMkY3NUY2RjRFM0E1Q0REOEJBQTU3OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFFt1hIw1X/yAoC+QPmJ5X6fEc
+79LLY5NMovUVo+p6dx14IBDEVQMxZ14jhduel/BLSfoSZwMxrhyzFw0PguyP9fC
jbekt21du5aV4tNOgOorH7RzsSuIqHFUWPkHy6c1pIPkNrEsGt6W9Gt50fAYVcdn
heQNwZKQBghLYCoAsXqBge/K77pHs/LETBV6AQqE1RzpwailLOz/BySCa0GxiaRS
tSzOeWoCxHmpqx9gDufhIwMnZ/J7OIXEtqviLK+wsTmfVfODAEcQnEjDEYRModc6
O6m+3jBkxLKARLvOmEQ404cOGzQ7yhBGo73NU9xU4PV2L5M78J/cUa3ikxfLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUM084s/AVD4Pi919vTjpc3YuqV4swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWC
MA0GCSqGSIb3DQEBCwUAA4IBAQANcCsNO3Jybrh72swcQXFDxjwwGhMDMW27KnwV
SSeft7lpBY5yBv3tr1p7ZHTKGwkSOQoFV0abvYuDESoCDMzqojPaPsEFegJOBnDf
oZRAOqHrxJsU3dHNdzVovQ/kE6srwEhihQoM/4LnNj6dkSd7dw0at4FfCoq9TOtK
eRGS34/h0uCrswO0yF9zTp2vyusMudTIG3AgH/HnYoeVl1JFq2aL5CtmhNdbDD5o
FrJI5Yie8Jg3pVe1EAimVfSrGaVViQSjNrXzRLwcRTsdpc25DcadR2+yZrJTHvwY
Asno3/AqxG+jrpWBYZwuJW5iy0m3q0CbZGAPKgkPtNxyiu5P
-----END CERTIFICATE-----