Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          xOGFzjwEYmSxjJ5eBZEgZ7CXYMTvIwJkCO/zCs5VBSc=
Subject key identifier:   01:4A:F6:9A:0D:A7:09:67:C5:94:43:DE:F7:1F:56:D0:A7:10:E4:17
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0DCDFD55521283994028B51767D9B0A52DA86540
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
Signing time:             Tue 01 Apr 2025 10:00:10 +0000
ROA not before:           Tue 01 Apr 2025 09:55:10 +0000
ROA not after:            Tue 31 Mar 2026 10:00:10 +0000
asID:                     135391
IP address blocks:        45.152.242.0/24 maxlen: 24
                          45.155.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:cd:fd:55:52:12:83:99:40:28:b5:17:67:d9:b0:a5:2d:a8:65:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  1 09:55:10 2025 GMT
            Not After : Mar 31 10:00:10 2026 GMT
        Subject: CN=014AF69A0DA70967C59443DEF71F56D0A710E417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6c:55:c6:cc:94:9f:a4:3d:96:dd:41:45:43:
                    b1:a3:00:31:4e:e2:06:a7:c9:35:8f:d9:ee:14:2e:
                    3c:f7:9b:ef:94:b5:3b:42:50:a5:f9:b2:8f:8c:28:
                    ff:ec:bb:8d:95:92:d4:a4:10:d3:5a:74:93:b7:71:
                    c1:79:6e:df:da:63:50:49:6e:7a:f8:c2:66:86:2d:
                    32:88:14:47:cd:4b:17:48:fb:ef:df:7e:91:d5:e7:
                    0b:bf:37:7b:fd:4c:23:83:73:ee:9e:e3:22:89:d8:
                    28:6c:47:48:75:e1:86:6a:60:d4:b8:86:eb:07:d9:
                    42:14:a1:4f:43:09:e4:d4:26:da:21:75:bc:a2:74:
                    22:6b:7e:c3:f1:77:32:1b:bd:51:a3:9e:d2:0f:6b:
                    06:a4:5f:5c:2c:d6:40:f8:50:2a:c1:49:d8:b1:82:
                    95:33:dd:9f:d2:9b:50:c1:1d:be:bc:6f:80:ff:44:
                    3a:be:e4:29:b1:1c:de:e1:0c:b7:a5:80:0a:90:29:
                    d6:ea:ca:51:35:41:08:5d:08:90:e2:72:8d:bf:42:
                    f5:dd:49:1a:e3:97:dc:ef:d7:4a:0e:b8:14:12:b2:
                    e9:1a:a3:1a:c6:b3:f0:fb:77:02:ff:81:e8:6f:6e:
                    64:f8:e0:4c:74:05:21:c2:2e:57:5d:3c:52:5e:1c:
                    6c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:4A:F6:9A:0D:A7:09:67:C5:94:43:DE:F7:1F:56:D0:A7:10:E4:17
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.242.0/24
                  45.155.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:14:b3:71:2f:2b:61:f9:12:ee:02:9c:0e:d7:99:00:6b:ee:
         03:45:d9:5c:53:aa:32:c2:d6:59:39:90:6a:70:ad:43:a4:25:
         c5:7e:c5:b6:e7:3d:7d:e9:79:ee:7c:30:6e:7f:e7:32:00:9a:
         82:25:c5:3c:e5:e2:99:dc:f3:2b:61:f9:c0:3b:22:d1:d3:76:
         e2:32:85:3d:70:81:71:d0:d8:c1:be:f6:ef:5f:62:1f:4c:6f:
         b9:0e:19:06:04:89:96:3e:0d:b4:02:b1:09:48:25:9a:e1:6f:
         92:49:6d:8a:b4:10:2a:26:ab:87:40:f1:2d:e1:48:55:79:2a:
         18:c6:65:17:7c:35:80:d5:12:a9:cb:82:01:0c:82:f7:04:c3:
         e7:8a:ae:c8:c5:97:8e:f5:65:33:70:32:6d:fd:9f:2e:92:a2:
         06:41:c1:93:13:91:05:a0:2e:eb:27:4d:eb:31:9c:0e:15:24:
         02:44:75:ce:fc:59:fd:dd:26:f3:11:8b:41:84:5a:7e:f2:75:
         bc:19:4f:04:91:12:f4:31:e9:ea:51:d5:c2:d6:5a:1c:a5:41:
         f2:bc:a2:75:db:05:4a:e1:ed:e6:1e:be:2e:19:dd:56:4a:52:
         28:2e:a6:f1:22:0b:b3:11:61:a0:16:95:e8:44:95:87:2f:20:
         53:ba:99:32
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUDc39VVISg5lAKLUXZ9mwpS2oZUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MDEwOTU1MTBaFw0yNjAzMzExMDAwMTBaMDMxMTAvBgNV
BAMTKDAxNEFGNjlBMERBNzA5NjdDNTk0NDNERUY3MUY1NkQwQTcxMEU0MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEbFXGzJSfpD2W3UFFQ7GjADFO
4ganyTWP2e4ULjz3m++UtTtCUKX5so+MKP/su42VktSkENNadJO3ccF5bt/aY1BJ
bnr4wmaGLTKIFEfNSxdI++/ffpHV5wu/N3v9TCODc+6e4yKJ2ChsR0h14YZqYNS4
husH2UIUoU9DCeTUJtohdbyidCJrfsPxdzIbvVGjntIPawakX1ws1kD4UCrBSdix
gpUz3Z/Sm1DBHb68b4D/RDq+5CmxHN7hDLelgAqQKdbqylE1QQhdCJDico2/QvXd
SRrjl9zv10oOuBQSsukaoxrGs/D7dwL/gehvbmT44Ex0BSHCLlddPFJeHGwjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAUr2mg2nCWfFlEPe9x9W0KcQ5BcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZjy
AwQALZsSMA0GCSqGSIb3DQEBCwUAA4IBAQA8FLNxLyth+RLuApwO15kAa+4DRdlc
U6oywtZZOZBqcK1DpCXFfsW25z196XnufDBuf+cyAJqCJcU85eKZ3PMrYfnAOyLR
03biMoU9cIFx0NjBvvbvX2IfTG+5DhkGBImWPg20ArEJSCWa4W+SSW2KtBAqJquH
QPEt4UhVeSoYxmUXfDWA1RKpy4IBDIL3BMPniq7IxZeO9WUzcDJt/Z8ukqIGQcGT
E5EFoC7rJ03rMZwOFSQCRHXO/Fn93SbzEYtBhFp+8nW8GU8EkRL0MenqUdXC1loc
pUHyvKJ12wVK4e3mHr4uGd1WSlIoLqbxIguzEWGgFpXoRJWHLyBTupky
-----END CERTIFICATE-----