Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa
File:                     AS136557.roa (raw, json)
Hash identifier:          NPCWco734NNdseFbKh6sDN4QBTm2oHzdp2UVzzlRklY=
Subject key identifier:   63:14:D3:F6:AC:54:A6:EE:78:51:E0:63:99:27:96:B7:3A:42:57:4F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       46DFE3F09D9A53077A5547F3DB6217CD85029C26
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa
Signing time:             Wed 12 Jun 2024 10:05:18 +0000
ROA not before:           Wed 12 Jun 2024 10:00:18 +0000
ROA not after:            Wed 11 Jun 2025 10:05:18 +0000
asID:                     136557
IP address blocks:        45.135.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:df:e3:f0:9d:9a:53:07:7a:55:47:f3:db:62:17:cd:85:02:9c:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 12 10:00:18 2024 GMT
            Not After : Jun 11 10:05:18 2025 GMT
        Subject: CN=6314D3F6AC54A6EE7851E063992796B73A42574F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6d:85:7f:26:2e:31:e7:dc:67:70:2c:d2:71:
                    cf:67:b3:5c:08:92:be:db:b1:2e:e5:56:d1:49:de:
                    8d:9c:31:7f:7f:0d:fd:6f:2d:e6:08:86:5e:62:75:
                    f2:45:53:eb:2f:0b:74:df:90:44:40:57:38:90:e1:
                    cd:6f:81:df:da:f7:22:89:b1:a5:f2:70:c1:f4:54:
                    4e:3c:c6:8b:f3:66:73:e3:6c:b8:8e:cd:81:52:b3:
                    42:8f:a3:d3:65:ad:e6:44:fd:db:fd:dd:e6:ec:6d:
                    9d:09:c1:ec:ec:74:ad:e9:37:49:59:d7:d2:17:a1:
                    2a:a8:83:95:76:8b:bb:f6:91:ed:bb:f8:5c:c3:43:
                    da:33:9c:70:a1:9d:73:5c:54:b6:79:94:a1:1b:75:
                    51:0a:9f:0f:44:58:b2:1e:f8:06:08:f9:b4:d1:bc:
                    60:a6:10:f4:79:71:0c:36:3f:a4:f1:2f:13:a1:4f:
                    ec:ef:4a:09:c2:c8:b5:66:76:42:8d:05:46:78:17:
                    0b:2a:d1:0a:a0:0b:a8:10:88:83:3e:24:29:05:70:
                    81:fc:2e:b6:8f:e8:0e:5c:85:9c:fc:5b:b0:93:6c:
                    79:2d:06:86:87:11:a3:97:32:42:05:da:c1:ae:43:
                    a9:5d:10:06:34:c2:52:b1:24:e8:8f:08:4b:c0:89:
                    9d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:14:D3:F6:AC:54:A6:EE:78:51:E0:63:99:27:96:B7:3A:42:57:4F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:94:c0:17:f4:d7:93:dc:b5:56:43:6b:03:86:97:42:bf:cc:
         1e:46:0a:c6:12:f9:7f:18:ca:c3:b0:5a:2d:f5:1a:93:9f:b0:
         bc:2d:af:b1:42:4c:e8:99:ab:66:ea:f4:1d:81:35:6b:b2:68:
         21:cb:63:c0:42:ed:4c:b5:a2:0c:48:8e:39:2e:65:65:d1:13:
         06:ac:b0:8a:40:b3:7d:b4:83:5c:b9:09:01:55:a6:e6:48:39:
         8f:6f:f6:2e:87:de:d3:bd:cc:4f:f3:ef:e2:e6:0c:10:4d:12:
         5d:0f:2b:61:78:96:63:60:d4:43:05:e0:4a:8c:94:b7:da:31:
         9f:d0:45:06:7c:fa:53:64:a0:77:8d:b0:66:da:1b:b1:d6:a0:
         a8:cb:2a:90:64:48:9d:0c:96:70:a1:05:7f:8f:08:f5:eb:ec:
         f6:6f:92:67:62:d7:16:d9:6f:dd:31:17:a6:59:a9:cb:40:bc:
         c8:35:28:ae:61:63:3f:1e:60:0d:a1:83:79:3a:32:f1:01:d8:
         8a:49:90:86:3e:01:3a:6d:75:9e:25:90:cf:03:cc:b0:1f:16:
         12:6d:93:81:54:e3:32:d0:05:c3:ac:d2:ef:b6:ea:fa:ca:3f:
         06:8c:5a:b2:d1:fb:d2:29:e7:a4:36:74:e4:b7:04:f9:14:60:
         eb:67:69:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURt/j8J2aUwd6VUfz22IXzYUCnCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MTIxMDAwMThaFw0yNTA2MTExMDA1MThaMDMxMTAvBgNV
BAMTKDYzMTREM0Y2QUM1NEE2RUU3ODUxRTA2Mzk5Mjc5NkI3M0E0MjU3NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdbYV/Ji4x59xncCzScc9ns1wI
kr7bsS7lVtFJ3o2cMX9/Df1vLeYIhl5idfJFU+svC3TfkERAVziQ4c1vgd/a9yKJ
saXycMH0VE48xovzZnPjbLiOzYFSs0KPo9NlreZE/dv93ebsbZ0JwezsdK3pN0lZ
19IXoSqog5V2i7v2ke27+FzDQ9oznHChnXNcVLZ5lKEbdVEKnw9EWLIe+AYI+bTR
vGCmEPR5cQw2P6TxLxOhT+zvSgnCyLVmdkKNBUZ4Fwsq0QqgC6gQiIM+JCkFcIH8
LraP6A5chZz8W7CTbHktBoaHEaOXMkIF2sGuQ6ldEAY0wlKxJOiPCEvAiZ37AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYxTT9qxUpu54UeBjmSeWtzpCV08wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM2NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYf5
MA0GCSqGSIb3DQEBCwUAA4IBAQBilMAX9NeT3LVWQ2sDhpdCv8weRgrGEvl/GMrD
sFot9RqTn7C8La+xQkzomatm6vQdgTVrsmghy2PAQu1MtaIMSI45LmVl0RMGrLCK
QLN9tINcuQkBVabmSDmPb/Yuh97TvcxP8+/i5gwQTRJdDytheJZjYNRDBeBKjJS3
2jGf0EUGfPpTZKB3jbBm2hux1qCoyyqQZEidDJZwoQV/jwj16+z2b5JnYtcW2W/d
MRemWanLQLzINSiuYWM/HmANoYN5OjLxAdiKSZCGPgE6bXWeJZDPA8ywHxYSbZOB
VOMy0AXDrNLvtur6yj8GjFqy0fvSKeekNnTktwT5FGDrZ2n3
-----END CERTIFICATE-----