Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa
File:                     3135352e3133332e342e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          RfihGdtHg9QqI2t0pFNZ0Z+qWvQhQ86oDo2ne56qflM=
Subject key identifier:   6C:85:13:D7:B2:6E:EA:9A:15:9A:22:9A:77:CF:75:A3:64:DC:E7:EB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       38ED1ADB7BD5E9981D012B8E2CD778811EDD53CD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 26 Feb 2024 08:53:32 +0000
ROA not before:           Mon 26 Feb 2024 08:48:32 +0000
ROA not after:            Mon 24 Feb 2025 08:53:32 +0000
asID:                     62240
IP address blocks:        155.133.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:ed:1a:db:7b:d5:e9:98:1d:01:2b:8e:2c:d7:78:81:1e:dd:53:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:32 2024 GMT
            Not After : Feb 24 08:53:32 2025 GMT
        Subject: CN=6C8513D7B26EEA9A159A229A77CF75A364DCE7EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b2:ef:45:84:f0:5f:78:ad:89:56:dd:61:0e:
                    7d:8a:fb:cc:a2:69:45:85:d5:a5:53:87:b0:26:98:
                    c2:9a:bb:4e:ed:92:3f:1a:a7:09:67:d9:a9:a2:95:
                    a7:f8:43:d8:41:11:b6:42:c2:61:82:e0:05:a6:b5:
                    ef:fe:f5:04:3e:70:ee:b6:42:aa:0e:a4:6a:55:53:
                    24:73:d8:e7:e6:a1:54:b6:f9:7d:81:7c:d0:21:49:
                    f2:53:f8:5b:b5:3e:71:63:9a:67:27:fc:39:8e:e8:
                    54:11:b9:43:71:37:53:7b:a6:10:fb:6a:7f:21:99:
                    4a:49:c8:ef:26:6c:10:e1:a9:c4:c8:a0:c8:96:93:
                    df:7e:16:45:69:c0:37:98:0e:c3:d4:be:1d:6f:7e:
                    c8:e2:21:85:9d:47:c3:fd:bb:d4:4d:f4:51:e8:60:
                    10:de:a5:b7:cb:a7:fd:45:d6:d5:54:a8:90:95:0d:
                    03:ed:2e:09:19:d7:aa:18:c0:a2:8d:66:67:e5:05:
                    e6:e2:d3:fb:a2:42:09:20:9b:b3:df:d9:4d:c2:86:
                    63:be:43:85:ae:96:5f:b0:49:49:05:e7:cd:a5:1e:
                    eb:60:5d:65:be:0e:4d:d9:1c:57:7a:10:fe:1f:93:
                    4c:84:75:cd:d4:0f:3b:5c:39:3f:cf:22:84:2d:e7:
                    68:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:85:13:D7:B2:6E:EA:9A:15:9A:22:9A:77:CF:75:A3:64:DC:E7:EB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ca:72:ce:8e:56:bf:4f:cf:3d:7e:6c:d9:e6:92:73:c3:3b:
         e5:a5:d0:6a:f6:45:b0:40:f1:0b:1e:62:fc:83:23:14:43:64:
         4f:45:ba:b6:44:59:3f:11:65:f3:db:85:70:2e:5f:d1:58:d7:
         7a:23:67:05:fa:4a:03:f9:14:2c:38:b0:42:c4:3d:8f:d0:9a:
         05:8f:b0:a1:bd:28:b5:d3:30:0a:92:f7:62:3c:99:33:e4:6b:
         04:21:83:7c:18:f4:28:b8:21:d3:94:f9:aa:b8:89:05:79:5a:
         6a:fb:3a:00:4f:4f:64:6c:6d:3f:52:ee:86:de:21:48:20:62:
         85:52:6b:8b:ad:c9:71:6d:bb:c6:f3:aa:3c:de:0a:81:07:11:
         b0:30:50:d2:72:2f:92:ad:fa:54:76:b7:62:2a:19:3e:cf:e9:
         08:fc:7a:0b:f7:b6:0b:d0:36:26:de:1d:db:42:c5:70:1d:85:
         f2:ef:57:e7:dc:5f:ca:a3:12:99:08:6f:0a:c9:85:b6:cb:d6:
         eb:16:0b:be:25:42:75:e9:24:f7:9f:fa:d2:15:93:73:db:17:
         18:bf:cd:bf:84:bc:21:ef:96:c5:3b:2a:d0:52:ed:fb:ad:b0:
         d0:f5:11:58:4a:03:25:8f:45:57:c3:b3:47:da:44:88:f4:fd:
         64:0e:76:c5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOO0a23vV6ZgdASuOLNd4gR7dU80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MzJaFw0yNTAyMjQwODUzMzJaMDMxMTAvBgNV
BAMTKDZDODUxM0Q3QjI2RUVBOUExNTlBMjI5QTc3Q0Y3NUEzNjREQ0U3RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXsu9FhPBfeK2JVt1hDn2K+8yi
aUWF1aVTh7AmmMKau07tkj8apwln2amilaf4Q9hBEbZCwmGC4AWmte/+9QQ+cO62
QqoOpGpVUyRz2OfmoVS2+X2BfNAhSfJT+Fu1PnFjmmcn/DmO6FQRuUNxN1N7phD7
an8hmUpJyO8mbBDhqcTIoMiWk99+FkVpwDeYDsPUvh1vfsjiIYWdR8P9u9RN9FHo
YBDepbfLp/1F1tVUqJCVDQPtLgkZ16oYwKKNZmflBebi0/uiQgkgm7Pf2U3ChmO+
Q4Wull+wSUkF582lHutgXWW+Dk3ZHFd6EP4fk0yEdc3UDztcOT/PIoQt52g/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbIUT17Ju6poVmiKad891o2Tc5+swHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJuF
BDANBgkqhkiG9w0BAQsFAAOCAQEAoMpyzo5Wv0/PPX5s2eaSc8M75aXQavZFsEDx
Cx5i/IMjFENkT0W6tkRZPxFl89uFcC5f0VjXeiNnBfpKA/kULDiwQsQ9j9CaBY+w
ob0otdMwCpL3YjyZM+RrBCGDfBj0KLgh05T5qriJBXlaavs6AE9PZGxtP1Luht4h
SCBihVJri63JcW27xvOqPN4KgQcRsDBQ0nIvkq36VHa3YioZPs/pCPx6C/e2C9A2
Jt4d20LFcB2F8u9X59xfyqMSmQhvCsmFtsvW6xYLviVCdekk95/60hWTc9sXGL/N
v4S8Ie+WxTsq0FLt+62w0PURWEoDJY9FV8OzR9pEiPT9ZA52xQ==
-----END CERTIFICATE-----