Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa
File:                     AS136557.roa (raw, json)
Hash identifier:          m6/DRfNn9NK2KWak8lfIFBoRmeOV+9qGDwgn27Kxlco=
Subject key identifier:   E3:7B:D1:1A:03:2D:16:96:D8:71:FD:71:01:D4:BC:5D:C4:81:1E:8E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7369425889395A8F45028312A05462E71EB61F62
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa
Signing time:             Wed 12 Jul 2023 09:07:55 +0000
ROA not before:           Wed 12 Jul 2023 09:02:55 +0000
ROA not after:            Wed 10 Jul 2024 09:07:55 +0000
asID:                     136557
IP address blocks:        45.135.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 19:45:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:69:42:58:89:39:5a:8f:45:02:83:12:a0:54:62:e7:1e:b6:1f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 12 09:02:55 2023 GMT
            Not After : Jul 10 09:07:55 2024 GMT
        Subject: CN=E37BD11A032D1696D871FD7101D4BC5DC4811E8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b7:87:ba:3a:c0:7b:46:31:61:fa:55:b5:fd:
                    d6:5f:60:f9:61:3c:8c:89:7d:ec:e8:6b:64:b6:cc:
                    92:e3:31:ab:70:d2:f8:75:aa:9b:67:3d:3b:89:b1:
                    af:54:d1:c1:49:a5:39:d6:a1:65:49:b0:64:bf:56:
                    7a:22:df:51:48:2f:b9:82:56:4e:52:4a:7f:78:a0:
                    6b:b1:3d:1c:a8:0e:af:9c:73:2a:df:0d:db:49:1e:
                    cf:54:5e:3f:ee:7b:89:af:95:ed:39:db:59:dc:61:
                    e6:a8:68:0b:22:92:7a:d3:66:b8:04:a8:e3:64:f7:
                    4f:4e:fb:a1:f8:59:5e:4a:28:cb:f0:cb:6c:cc:fd:
                    81:ff:aa:50:18:1f:aa:9f:98:6c:b2:80:a9:c6:43:
                    3c:cf:e3:44:ab:9c:49:0d:20:81:18:eb:9f:0e:09:
                    e3:c3:4f:ef:86:5f:5c:3b:5b:ee:07:7f:7f:e4:5e:
                    c2:53:06:03:da:ef:3b:e2:5d:86:4a:db:71:56:80:
                    99:2a:1a:7f:60:d8:8f:2f:32:15:a9:d1:41:0d:61:
                    c5:19:8d:b0:8d:eb:9e:32:85:a6:19:34:c8:1d:e5:
                    2c:da:b6:dc:b4:90:6a:17:8e:1e:dd:3a:90:5d:54:
                    bb:46:5c:ae:ec:a4:18:4f:c5:70:7a:1e:60:e2:90:
                    62:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7B:D1:1A:03:2D:16:96:D8:71:FD:71:01:D4:BC:5D:C4:81:1E:8E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS136557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:ea:b1:43:db:1d:a8:00:b4:9f:23:d4:d5:3d:26:ef:56:7b:
         85:91:89:4c:ff:fd:a9:cb:63:a8:82:74:8f:13:44:5e:1e:41:
         73:25:12:98:97:8c:78:6e:33:a5:84:9b:ff:eb:a0:bb:da:8a:
         65:1e:bf:fc:8c:eb:ba:00:5c:67:1a:43:88:b5:be:d8:49:0b:
         c6:04:12:d2:f1:bd:cd:a6:58:43:e4:94:bb:d1:66:15:23:34:
         db:0c:a0:ba:15:68:99:79:74:3f:ab:76:61:46:2e:76:11:99:
         fc:9f:b7:a5:86:a5:04:a5:0f:2b:cb:1b:0a:f8:a4:e9:9a:f3:
         b9:ec:7c:dd:eb:80:45:50:01:c9:c1:c4:16:15:c5:56:07:3d:
         42:31:08:ba:cb:86:42:bd:14:20:a1:98:8a:8e:75:4f:e7:6a:
         14:1e:0b:ac:2f:8e:09:ed:c5:94:d9:59:9b:a7:b6:e5:5f:f1:
         c1:47:f1:08:fd:4a:7e:00:10:69:da:9d:a5:e9:09:6b:9b:20:
         a0:71:a9:5e:5f:6e:0e:f6:bb:2a:3e:52:66:15:0a:fd:65:d5:
         7a:80:59:ba:73:69:b3:8c:b4:e3:11:0e:8d:aa:15:35:bf:65:
         e6:65:c2:99:c0:a2:e2:8b:84:50:ba:81:62:4a:9d:31:1e:43:
         63:14:6e:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUc2lCWIk5Wo9FAoMSoFRi5x62H2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA3MTIwOTAyNTVaFw0yNDA3MTAwOTA3NTVaMDMxMTAvBgNV
BAMTKEUzN0JEMTFBMDMyRDE2OTZEODcxRkQ3MTAxRDRCQzVEQzQ4MTFFOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUt4e6OsB7RjFh+lW1/dZfYPlh
PIyJfezoa2S2zJLjMatw0vh1qptnPTuJsa9U0cFJpTnWoWVJsGS/Vnoi31FIL7mC
Vk5SSn94oGuxPRyoDq+ccyrfDdtJHs9UXj/ue4mvle0521ncYeaoaAsiknrTZrgE
qONk909O+6H4WV5KKMvwy2zM/YH/qlAYH6qfmGyygKnGQzzP40SrnEkNIIEY658O
CePDT++GX1w7W+4Hf3/kXsJTBgPa7zviXYZK23FWgJkqGn9g2I8vMhWp0UENYcUZ
jbCN654yhaYZNMgd5Szatty0kGoXjh7dOpBdVLtGXK7spBhPxXB6HmDikGLtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU43vRGgMtFpbYcf1xAdS8XcSBHo4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM2NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYf5
MA0GCSqGSIb3DQEBCwUAA4IBAQC36rFD2x2oALSfI9TVPSbvVnuFkYlM//2py2Oo
gnSPE0ReHkFzJRKYl4x4bjOlhJv/66C72oplHr/8jOu6AFxnGkOItb7YSQvGBBLS
8b3NplhD5JS70WYVIzTbDKC6FWiZeXQ/q3ZhRi52EZn8n7elhqUEpQ8ryxsK+KTp
mvO57Hzd64BFUAHJwcQWFcVWBz1CMQi6y4ZCvRQgoZiKjnVP52oUHgusL44J7cWU
2Vmbp7blX/HBR/EI/Up+ABBp2p2l6QlrmyCgcaleX24O9rsqPlJmFQr9ZdV6gFm6
c2mzjLTjEQ6NqhU1v2XmZcKZwKLii4RQuoFiSp0xHkNjFG7v
-----END CERTIFICATE-----