Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          Sczxp1vc0f7iN3JOlR1+MOHiNjxBF+XlD0z9TCpMD6E=
Subject key identifier:   1C:41:83:16:46:C8:36:A2:6C:D8:AE:9D:42:91:D1:13:54:75:DC:35
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3ED39F1D51DE2EB5965B0CE75ED7E81179C2440D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa
Signing time:             Wed 26 Jun 2024 06:53:15 +0000
ROA not before:           Wed 26 Jun 2024 06:48:15 +0000
ROA not after:            Wed 25 Jun 2025 06:53:15 +0000
asID:                     135391
IP address blocks:        45.155.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:d3:9f:1d:51:de:2e:b5:96:5b:0c:e7:5e:d7:e8:11:79:c2:44:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 26 06:48:15 2024 GMT
            Not After : Jun 25 06:53:15 2025 GMT
        Subject: CN=1C41831646C836A26CD8AE9D4291D1135475DC35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e2:3a:3b:3b:18:c0:d6:d5:1c:2d:73:dd:77:
                    6c:00:da:f4:5f:de:d9:91:e8:87:3c:cf:3c:83:2b:
                    fa:a8:b3:22:f8:6f:49:dc:cd:6e:f0:02:cc:77:10:
                    68:e1:17:9f:92:c7:eb:af:8a:cc:49:0c:3c:5d:ba:
                    c5:f0:84:da:b2:9a:5c:02:a6:43:d1:e8:3a:70:d0:
                    e3:7d:29:cd:9b:24:1d:fa:15:4f:1b:a0:90:50:8f:
                    0a:2b:64:23:c5:62:93:94:e4:a6:35:98:48:f9:cb:
                    80:7f:88:9f:d8:7d:4d:1d:97:e8:72:63:4e:c7:86:
                    31:73:3b:4d:11:09:fc:88:ef:1b:a9:ea:39:e9:59:
                    22:41:1b:27:85:1b:34:59:26:42:b7:8f:12:01:48:
                    73:2f:30:e9:da:5e:05:13:49:b2:0a:bd:72:1d:8b:
                    e2:e0:33:65:bc:da:d9:9a:ab:fd:81:0a:05:bf:b5:
                    12:18:de:72:c7:12:fa:8c:1a:ef:cd:6b:16:83:5c:
                    ab:d2:ca:e1:ef:9d:3a:fb:cd:02:22:a9:12:ec:5c:
                    6a:58:ac:c5:9c:b8:55:b7:fe:94:ef:bb:e5:68:86:
                    d4:74:27:72:ba:24:60:65:4d:3d:ca:fd:7d:83:a0:
                    2a:6e:0c:98:22:b9:29:c0:a3:c2:95:b9:0b:29:6d:
                    ea:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:41:83:16:46:C8:36:A2:6C:D8:AE:9D:42:91:D1:13:54:75:DC:35
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a7:ce:ca:8f:22:b3:0f:dc:93:9d:38:82:ea:dc:72:84:e5:
         b2:72:2d:4e:4e:0c:91:c8:59:99:07:55:b8:5e:3b:50:c7:91:
         1b:db:d0:14:f0:c7:46:1a:d3:5e:1a:81:1f:6d:ce:83:00:6c:
         b6:ee:64:be:b4:99:4a:b9:5e:5c:2a:1d:47:2d:a1:08:80:d2:
         f7:17:7d:5b:79:97:e2:ce:cd:df:c2:88:e2:1a:33:e6:7a:a8:
         79:1c:4c:5d:20:5d:0b:95:95:73:76:52:cd:31:91:69:de:6f:
         b7:fa:fc:ca:c0:32:2a:26:83:46:3c:6e:02:24:57:3e:5b:28:
         ef:9a:a9:c1:c0:7b:8b:63:94:27:9d:2a:1c:b3:d5:4d:13:53:
         af:8d:a1:d5:2f:eb:c7:07:50:f1:c8:91:b0:1c:ae:66:97:f7:
         57:2f:26:a9:b5:f5:4a:33:fd:49:83:ba:14:f5:45:cb:14:cc:
         89:d9:5b:f7:f7:e2:c7:c7:12:51:9b:aa:64:56:ac:fd:10:cd:
         cc:38:7f:54:d8:af:10:54:61:a0:0d:a3:d4:58:b3:52:e0:e4:
         5b:37:4e:08:71:af:14:92:b4:5c:8b:31:f2:9b:3f:cf:d8:83:
         19:47:02:aa:8f:58:ef:7a:2a:0d:dc:22:9a:d6:51:6b:1a:ab:
         c2:76:a2:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPtOfHVHeLrWWWwznXtfoEXnCRA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MjYwNjQ4MTVaFw0yNTA2MjUwNjUzMTVaMDMxMTAvBgNV
BAMTKDFDNDE4MzE2NDZDODM2QTI2Q0Q4QUU5RDQyOTFEMTEzNTQ3NURDMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd4jo7OxjA1tUcLXPdd2wA2vRf
3tmR6Ic8zzyDK/qosyL4b0nczW7wAsx3EGjhF5+Sx+uvisxJDDxdusXwhNqymlwC
pkPR6Dpw0ON9Kc2bJB36FU8boJBQjworZCPFYpOU5KY1mEj5y4B/iJ/YfU0dl+hy
Y07HhjFzO00RCfyI7xup6jnpWSJBGyeFGzRZJkK3jxIBSHMvMOnaXgUTSbIKvXId
i+LgM2W82tmaq/2BCgW/tRIY3nLHEvqMGu/NaxaDXKvSyuHvnTr7zQIiqRLsXGpY
rMWcuFW3/pTvu+VohtR0J3K6JGBlTT3K/X2DoCpuDJgiuSnAo8KVuQspbeppAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHEGDFkbINqJs2K6dQpHRE1R13DUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZsS
MA0GCSqGSIb3DQEBCwUAA4IBAQCap87KjyKzD9yTnTiC6txyhOWyci1OTgyRyFmZ
B1W4XjtQx5Eb29AU8MdGGtNeGoEfbc6DAGy27mS+tJlKuV5cKh1HLaEIgNL3F31b
eZfizs3fwojiGjPmeqh5HExdIF0LlZVzdlLNMZFp3m+3+vzKwDIqJoNGPG4CJFc+
WyjvmqnBwHuLY5QnnSocs9VNE1OvjaHVL+vHB1DxyJGwHK5ml/dXLyaptfVKM/1J
g7oU9UXLFMyJ2Vv39+LHxxJRm6pkVqz9EM3MOH9U2K8QVGGgDaPUWLNS4ORbN04I
ca8UkrRcizHymz/P2IMZRwKqj1jveioN3CKa1lFrGqvCdqK6
-----END CERTIFICATE-----