Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          9Xp4HbG3a7cHo3Kxm+nnhF1mfGgVByEQ9ADdQjR2FjE=
Subject key identifier:   C2:F7:C6:1D:56:79:1E:8D:35:C9:FE:05:E2:18:7D:46:69:51:DA:62
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5CAEDA7D5A856DA508E350BEF971AA4443D29E90
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa
Signing time:             Thu 04 Apr 2024 18:05:16 +0000
ROA not before:           Thu 04 Apr 2024 18:00:16 +0000
ROA not after:            Thu 03 Apr 2025 18:05:16 +0000
asID:                     137409
IP address blocks:        185.155.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ae:da:7d:5a:85:6d:a5:08:e3:50:be:f9:71:aa:44:43:d2:9e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  4 18:00:16 2024 GMT
            Not After : Apr  3 18:05:16 2025 GMT
        Subject: CN=C2F7C61D56791E8D35C9FE05E2187D466951DA62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:47:99:cd:ee:d7:92:ae:55:69:e3:75:b6:0e:
                    27:10:47:cb:7d:95:5b:26:e5:34:40:64:5e:34:3e:
                    2c:c1:53:48:a0:54:2b:c1:9b:06:df:c6:c9:00:19:
                    1d:1c:ab:ec:5f:10:fd:69:d2:aa:8c:32:f5:8c:1b:
                    3b:66:86:64:c6:59:85:07:bb:04:fb:01:d8:01:9b:
                    02:89:cd:03:70:66:fe:03:d9:06:31:89:49:c4:7b:
                    6d:43:49:91:18:f6:60:c8:b8:3d:fa:b5:39:aa:e0:
                    c1:88:bc:32:76:61:70:33:87:71:70:31:b7:5f:6a:
                    26:dd:03:0c:a4:53:42:78:b3:89:73:27:76:4f:56:
                    d2:e2:b6:58:34:95:35:d8:04:4e:a7:b9:88:ab:2a:
                    92:35:dc:88:c1:fc:46:7a:91:6c:4e:2d:97:3d:29:
                    93:4e:da:c0:c8:70:10:08:e1:87:37:7f:de:af:d6:
                    89:75:0f:69:50:a8:f4:cf:72:32:00:be:14:10:47:
                    fc:2a:9e:3a:62:71:83:50:5d:ed:9f:22:cb:0a:79:
                    d7:82:6b:c9:2e:ba:1d:bc:9e:71:35:4f:27:83:86:
                    00:b2:48:c7:7e:4c:ed:f2:0c:6b:b4:7b:90:d5:e1:
                    6c:e8:f7:8d:56:23:02:02:ed:27:10:62:72:98:6c:
                    7e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F7:C6:1D:56:79:1E:8D:35:C9:FE:05:E2:18:7D:46:69:51:DA:62
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:2d:8a:3f:ff:16:fb:25:41:42:9d:32:e4:49:ad:08:46:1e:
         5d:e9:02:c9:fc:c1:01:76:21:cd:9c:70:1d:6a:21:18:a6:6b:
         67:51:1b:0f:73:31:8d:dd:b5:be:e6:73:5a:3d:f5:35:2f:76:
         63:12:f1:b1:95:e7:54:7c:a2:f3:3d:a7:66:7a:d2:ab:fe:25:
         7b:a8:c4:ad:04:be:c6:97:1e:ee:1b:b8:0b:91:d3:3e:01:d1:
         a0:97:2c:77:07:ba:9d:25:3a:c5:e8:36:33:97:00:3d:b8:7d:
         b3:cf:e7:de:f0:21:28:ee:92:dc:91:e1:be:39:35:3d:38:2a:
         72:d3:0f:3f:f9:2f:af:24:14:70:3a:aa:50:ff:96:b2:5f:e7:
         26:aa:26:8a:29:fb:a2:97:0e:91:d6:4c:2c:5b:cc:24:60:9e:
         aa:ff:be:ce:69:6a:fe:c3:9b:9d:6d:99:c3:e5:fa:f1:c6:56:
         cb:5c:b0:80:cf:92:af:74:d1:d2:03:47:8d:86:92:5c:b7:56:
         04:42:f9:5b:ae:90:48:eb:14:79:80:6a:8d:3a:09:43:4e:86:
         d0:9f:52:c5:c4:66:c2:27:77:86:0b:fc:35:c3:f4:53:3b:76:
         25:08:46:ac:90:0e:12:17:3b:52:00:de:0e:4a:aa:2a:1b:e1:
         d6:c6:74:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXK7afVqFbaUI41C++XGqREPSnpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA0MDQxODAwMTZaFw0yNTA0MDMxODA1MTZaMDMxMTAvBgNV
BAMTKEMyRjdDNjFENTY3OTFFOEQzNUM5RkUwNUUyMTg3RDQ2Njk1MURBNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuR5nN7teSrlVp43W2DicQR8t9
lVsm5TRAZF40PizBU0igVCvBmwbfxskAGR0cq+xfEP1p0qqMMvWMGztmhmTGWYUH
uwT7AdgBmwKJzQNwZv4D2QYxiUnEe21DSZEY9mDIuD36tTmq4MGIvDJ2YXAzh3Fw
MbdfaibdAwykU0J4s4lzJ3ZPVtLitlg0lTXYBE6nuYirKpI13IjB/EZ6kWxOLZc9
KZNO2sDIcBAI4Yc3f96v1ol1D2lQqPTPcjIAvhQQR/wqnjpicYNQXe2fIssKedeC
a8kuuh28nnE1TyeDhgCySMd+TO3yDGu0e5DV4Wzo941WIwIC7ScQYnKYbH4xAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwvfGHVZ5Ho01yf4F4hh9RmlR2mIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvc
MA0GCSqGSIb3DQEBCwUAA4IBAQDULYo//xb7JUFCnTLkSa0IRh5d6QLJ/MEBdiHN
nHAdaiEYpmtnURsPczGN3bW+5nNaPfU1L3ZjEvGxledUfKLzPadmetKr/iV7qMSt
BL7Glx7uG7gLkdM+AdGglyx3B7qdJTrF6DYzlwA9uH2zz+fe8CEo7pLckeG+OTU9
OCpy0w8/+S+vJBRwOqpQ/5ayX+cmqiaKKfuilw6R1kwsW8wkYJ6q/77OaWr+w5ud
bZnD5frxxlbLXLCAz5KvdNHSA0eNhpJct1YEQvlbrpBI6xR5gGqNOglDTobQn1LF
xGbCJ3eGC/w1w/RTO3YlCEaskA4SFztSAN4OSqoqG+HWxnTA
-----END CERTIFICATE-----