Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa
File:                     3135392e3235332e352e302f32342d3234203d3e203533333536.roa (raw, json)
Hash identifier:          9QDAlicDZU2dKA/slyHao02LhaPY7/2iCnESN6BbiqA=
Subject key identifier:   15:8B:EE:D9:75:DB:8D:9D:EE:CC:30:B8:9D:55:7D:58:B6:07:E9:A1
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       02F3A54BA9D8A821CB9B6DBBEFAE9296AE12742A
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa
Signing time:             Tue 27 May 2025 13:46:51 +0000
ROA not before:           Tue 27 May 2025 13:41:51 +0000
ROA not after:            Tue 26 May 2026 13:46:51 +0000
asID:                     53356
IP address blocks:        159.253.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 16:12:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:f3:a5:4b:a9:d8:a8:21:cb:9b:6d:bb:ef:ae:92:96:ae:12:74:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: May 27 13:41:51 2025 GMT
            Not After : May 26 13:46:51 2026 GMT
        Subject: CN=158BEED975DB8D9DEECC30B89D557D58B607E9A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a3:6d:ac:36:47:df:9e:09:c9:5a:27:d8:4f:
                    e0:c5:f8:1c:05:fc:b1:0f:8c:82:5b:2c:0f:96:59:
                    69:dd:0f:cf:d6:1f:11:ef:67:86:ef:9d:18:d8:c3:
                    39:f0:68:1e:f9:ec:b0:62:c2:0c:8e:b5:4d:1d:a4:
                    8f:5e:6e:45:a7:ca:ff:05:fd:41:2c:9c:9d:6c:c5:
                    b6:33:d9:92:90:87:51:66:42:d2:7f:81:92:b7:d1:
                    c1:8c:41:30:8a:48:a8:c4:04:1d:69:14:40:c6:56:
                    85:ed:d9:a3:dd:b5:fb:51:c1:54:37:f4:9b:27:6f:
                    ed:83:33:e9:33:c3:48:12:08:31:73:f7:0d:f9:84:
                    d7:29:59:8d:45:66:d5:43:16:65:2c:02:67:fb:e8:
                    b4:1d:5e:c8:75:47:41:f0:c5:dc:2d:4a:e5:ed:ad:
                    82:fa:08:b0:b9:43:14:a5:27:76:2a:b1:15:91:d4:
                    d0:91:15:38:aa:3e:fe:7d:7e:f4:b4:f3:ea:c4:dd:
                    4c:7d:1b:86:b1:3c:ae:9a:75:39:f6:69:9c:94:22:
                    32:ea:4b:96:a4:9b:0f:e7:d9:b8:63:05:97:e7:88:
                    ee:3e:03:5e:83:4a:36:74:02:69:23:d0:9b:35:5a:
                    a5:0a:cd:76:d7:57:da:4e:89:35:dc:2b:ed:3e:f3:
                    68:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8B:EE:D9:75:DB:8D:9D:EE:CC:30:B8:9D:55:7D:58:B6:07:E9:A1
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:7a:cf:03:b4:29:ca:d7:71:49:8b:cb:51:2c:a5:9b:83:14:
         ea:57:b2:28:06:10:e8:37:cb:22:04:f1:9f:42:ad:4b:a3:94:
         f6:e8:48:68:6a:b6:7a:1b:de:d5:01:58:1d:d4:72:65:d0:a6:
         a6:d5:90:8b:ed:69:a0:b8:85:cb:e9:3e:7d:7d:e4:ff:d4:e5:
         3b:c1:54:16:44:e7:7a:55:2d:c9:51:71:b7:68:54:36:9b:35:
         60:e3:7c:83:b8:68:f7:de:31:fc:66:20:fb:19:c3:63:79:08:
         3e:8f:51:28:74:2e:9e:b2:88:45:5c:fe:cb:4b:a2:9f:bb:54:
         20:31:e4:af:90:a1:96:1b:5a:2a:ba:4a:b6:79:49:91:ef:fa:
         ae:cc:7a:6d:ba:ad:69:67:5a:27:e6:2f:2d:88:35:d4:5e:09:
         3d:f4:83:ef:b0:af:b5:3e:f3:5c:e6:99:4a:72:41:8d:4b:dd:
         ae:5d:df:13:39:48:6e:36:82:b7:c1:a7:88:06:7c:ca:9c:43:
         a9:fe:9d:c0:e9:a2:4f:96:12:94:11:f3:2b:ba:67:21:ce:24:
         85:4d:5e:b2:b6:ee:96:22:36:30:bd:83:bc:46:d8:50:b3:f2:
         b9:da:a8:e3:2a:40:91:f3:db:89:d4:6e:e5:ec:54:f3:d9:72:
         17:28:31:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAvOlS6nYqCHLm227766Slq4SdCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNTA1MjcxMzQxNTFaFw0yNjA1MjYxMzQ2NTFaMDMxMTAvBgNV
BAMTKDE1OEJFRUQ5NzVEQjhEOURFRUNDMzBCODlENTU3RDU4QjYwN0U5QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWo22sNkffngnJWifYT+DF+BwF
/LEPjIJbLA+WWWndD8/WHxHvZ4bvnRjYwznwaB757LBiwgyOtU0dpI9ebkWnyv8F
/UEsnJ1sxbYz2ZKQh1FmQtJ/gZK30cGMQTCKSKjEBB1pFEDGVoXt2aPdtftRwVQ3
9Jsnb+2DM+kzw0gSCDFz9w35hNcpWY1FZtVDFmUsAmf76LQdXsh1R0HwxdwtSuXt
rYL6CLC5QxSlJ3YqsRWR1NCRFTiqPv59fvS08+rE3Ux9G4axPK6adTn2aZyUIjLq
S5akmw/n2bhjBZfniO4+A16DSjZ0Amkj0Js1WqUKzXbXV9pOiTXcK+0+82hTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFYvu2XXbjZ3uzDC4nVV9WLYH6aEwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMzMzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ/9
BTANBgkqhkiG9w0BAQsFAAOCAQEAEnrPA7QpytdxSYvLUSylm4MU6leyKAYQ6DfL
IgTxn0KtS6OU9uhIaGq2ehve1QFYHdRyZdCmptWQi+1poLiFy+k+fX3k/9TlO8FU
FkTnelUtyVFxt2hUNps1YON8g7ho994x/GYg+xnDY3kIPo9RKHQunrKIRVz+y0ui
n7tUIDHkr5ChlhtaKrpKtnlJke/6rsx6bbqtaWdaJ+YvLYg11F4JPfSD77CvtT7z
XOaZSnJBjUvdrl3fEzlIbjaCt8GniAZ8ypxDqf6dwOmiT5YSlBHzK7pnIc4khU1e
srbuliI2ML2DvEbYULPyudqo4ypAkfPbidRu5exU89lyFygx1g==
-----END CERTIFICATE-----