Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          d1+1Q5M2NW0DcVV0Bo4lRCRHerewZ4ttKI/sCMxId2g=
Subject key identifier:   71:31:5A:81:3B:BE:50:C8:48:16:40:44:C1:29:A1:32:EB:C1:0B:C6
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       67AEFFAACE80EDB6649B1C0809A6111270EC06B9
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS135402.roa
Signing time:             Tue 06 May 2025 09:34:49 +0000
ROA not before:           Tue 06 May 2025 09:29:49 +0000
ROA not after:            Tue 05 May 2026 09:34:49 +0000
asID:                     135402
IP address blocks:        188.119.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 01:31:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:ae:ff:aa:ce:80:ed:b6:64:9b:1c:08:09:a6:11:12:70:ec:06:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May  6 09:29:49 2025 GMT
            Not After : May  5 09:34:49 2026 GMT
        Subject: CN=71315A813BBE50C848164044C129A132EBC10BC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f9:de:67:fe:5d:24:4c:01:0b:c0:9e:1e:d5:
                    cc:86:25:c9:ff:43:73:52:9a:8e:fe:57:93:bd:0c:
                    aa:8a:c3:05:44:2d:ae:f5:a2:88:07:98:d9:8d:b7:
                    80:0e:c3:61:70:84:95:d8:98:19:5b:a7:d7:72:06:
                    7f:9b:27:04:dc:d9:79:a2:ba:11:cd:53:5b:04:2d:
                    6b:9b:af:ce:3a:b6:55:6e:48:24:a6:7e:b1:59:55:
                    73:77:a2:64:54:ae:59:cd:89:45:95:b7:f2:59:61:
                    47:fa:8e:66:90:5b:2c:c0:32:02:61:9b:be:ce:db:
                    6e:58:6f:3a:d5:90:cf:a9:52:18:f0:0a:5a:81:4f:
                    08:a3:32:73:68:67:83:f1:8f:05:8f:e9:a2:78:30:
                    9a:ce:33:f8:45:f0:cd:f9:93:20:d8:43:db:0a:64:
                    60:be:a7:ff:85:23:0b:33:d4:b0:4a:8a:1e:1c:a5:
                    bf:bc:ef:ca:d8:ae:11:8a:e9:1d:29:90:e9:5e:55:
                    bb:8a:77:64:d2:48:22:77:17:ec:5d:3a:04:60:aa:
                    fa:bb:e5:4b:f3:74:1a:b9:70:40:f3:d8:0a:b8:55:
                    06:da:fc:4a:05:6a:0e:37:8f:f5:80:8d:57:0e:81:
                    3e:5e:df:3c:10:ad:46:8f:73:a6:7b:a0:95:a2:1c:
                    d7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:31:5A:81:3B:BE:50:C8:48:16:40:44:C1:29:A1:32:EB:C1:0B:C6
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:58:67:4b:a9:cd:a0:6c:93:65:da:fe:16:f4:cc:fd:aa:b6:
         b4:c3:ef:be:91:02:de:ae:21:bf:f2:69:a1:31:72:8e:78:ee:
         00:9d:6f:6f:26:d5:bf:c1:de:16:bd:b6:cc:66:2a:34:4c:bc:
         6d:8b:db:1b:f8:32:60:90:4f:6a:d4:fa:f0:b8:21:aa:fc:61:
         6b:2e:aa:e5:55:04:99:58:42:e1:4a:a8:f9:21:70:4e:41:6d:
         c8:83:24:97:ad:8f:27:b1:85:45:68:c0:89:16:a9:1e:bc:3b:
         46:50:c8:ea:08:0b:26:a4:32:9c:9d:ba:46:58:c6:cc:1c:87:
         bf:10:1d:99:e1:d5:36:2b:e4:ce:f6:15:7f:e0:ab:b8:c4:96:
         71:ea:8c:36:04:99:eb:cc:fd:eb:5e:b2:15:c9:1f:b2:04:8d:
         62:f2:e6:5b:17:cd:95:9f:6f:be:3b:be:b9:63:56:2d:1a:a0:
         c5:a9:e1:0c:29:9f:e5:a2:21:46:a6:33:58:f1:68:5c:47:19:
         77:7c:2f:b9:74:a3:cd:0d:5c:9b:ad:94:83:60:c8:87:3d:40:
         07:72:f5:42:70:a6:bb:40:66:b6:23:3d:c6:a1:80:5b:fa:16:
         b1:e9:55:4b:4d:ad:ae:2b:3e:80:48:ae:c9:a5:55:66:d5:61:
         27:50:de:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ67/qs6A7bZkmxwICaYREnDsBrkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MDYwOTI5NDlaFw0yNjA1MDUwOTM0NDlaMDMxMTAvBgNV
BAMTKDcxMzE1QTgxM0JCRTUwQzg0ODE2NDA0NEMxMjlBMTMyRUJDMTBCQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE+d5n/l0kTAELwJ4e1cyGJcn/
Q3NSmo7+V5O9DKqKwwVELa71oogHmNmNt4AOw2FwhJXYmBlbp9dyBn+bJwTc2Xmi
uhHNU1sELWubr846tlVuSCSmfrFZVXN3omRUrlnNiUWVt/JZYUf6jmaQWyzAMgJh
m77O225YbzrVkM+pUhjwClqBTwijMnNoZ4PxjwWP6aJ4MJrOM/hF8M35kyDYQ9sK
ZGC+p/+FIwsz1LBKih4cpb+878rYrhGK6R0pkOleVbuKd2TSSCJ3F+xdOgRgqvq7
5UvzdBq5cEDz2Aq4VQba/EoFag43j/WAjVcOgT5e3zwQrUaPc6Z7oJWiHNfpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcTFagTu+UMhIFkBEwSmhMuvBC8YwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHdG
MA0GCSqGSIb3DQEBCwUAA4IBAQBeWGdLqc2gbJNl2v4W9Mz9qra0w+++kQLeriG/
8mmhMXKOeO4AnW9vJtW/wd4WvbbMZio0TLxti9sb+DJgkE9q1PrwuCGq/GFrLqrl
VQSZWELhSqj5IXBOQW3IgySXrY8nsYVFaMCJFqkevDtGUMjqCAsmpDKcnbpGWMbM
HIe/EB2Z4dU2K+TO9hV/4Ku4xJZx6ow2BJnrzP3rXrIVyR+yBI1i8uZbF82Vn2++
O765Y1YtGqDFqeEMKZ/loiFGpjNY8WhcRxl3fC+5dKPNDVybrZSDYMiHPUAHcvVC
cKa7QGa2Iz3GoYBb+hax6VVLTa2uKz6ASK7JpVVm1WEnUN7n
-----END CERTIFICATE-----