Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa
File:                     3135352e3133332e342e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          BkycbV5er55GRbq0gsgnYksEqZkNeZ5Y9qtX0sJUSUo=
Subject key identifier:   EB:DF:B7:3B:38:55:85:16:C1:53:9C:91:6B:4C:B5:93:67:71:6A:A5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       46701C63AD2BB53FA0D5C0CD257C0AB03B47FED1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 27 Jan 2025 09:45:01 +0000
ROA not before:           Mon 27 Jan 2025 09:40:01 +0000
ROA not after:            Mon 26 Jan 2026 09:45:01 +0000
asID:                     62240
IP address blocks:        155.133.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:70:1c:63:ad:2b:b5:3f:a0:d5:c0:cd:25:7c:0a:b0:3b:47:fe:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:01 2025 GMT
            Not After : Jan 26 09:45:01 2026 GMT
        Subject: CN=EBDFB73B38558516C1539C916B4CB59367716AA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bd:5a:71:13:f6:03:8b:fd:e0:62:77:9e:d6:
                    3f:b3:f0:88:d6:73:d5:b5:35:ca:af:d2:08:8d:23:
                    e7:95:da:50:f0:32:82:0d:67:dd:57:61:88:2f:61:
                    a4:22:a3:ed:82:3d:d7:db:b0:f8:c9:00:b6:87:f4:
                    dc:a2:08:4b:be:aa:91:40:3c:d0:60:22:3b:03:6c:
                    16:76:24:ce:1d:9b:95:91:3e:f1:18:c3:0d:c2:b0:
                    4a:8e:99:95:58:bf:49:c4:92:08:ab:2e:7e:79:68:
                    1b:e5:d7:1c:3b:4c:2a:be:54:f5:6a:4d:c0:d4:6d:
                    03:f6:64:b8:4a:ff:39:73:b0:f4:d3:e9:6c:0d:8a:
                    51:10:a1:58:5e:b8:21:32:d2:3c:92:eb:35:f7:9a:
                    79:4d:ce:d8:11:49:fa:33:f4:ca:fa:a9:27:da:40:
                    37:19:ed:8f:97:8d:2f:9d:19:f4:a5:39:ff:4a:48:
                    a9:0c:a8:28:ed:01:7b:4e:b2:c4:8c:4f:34:9f:46:
                    a2:8e:62:4d:5b:5c:91:42:86:ab:99:0c:8f:f6:eb:
                    17:9e:2e:a2:e7:41:1a:60:05:aa:96:56:73:d7:9c:
                    3c:28:7d:59:f5:17:15:36:5c:ba:7c:51:d4:22:48:
                    b3:65:a5:7d:98:99:d8:0c:01:ac:b7:ff:99:be:69:
                    32:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:DF:B7:3B:38:55:85:16:C1:53:9C:91:6B:4C:B5:93:67:71:6A:A5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e342e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:a7:36:ec:38:25:10:19:d3:41:a1:23:7e:78:c6:d9:00:1d:
         28:af:2c:46:29:5b:90:b4:b1:78:b6:ad:20:ec:1a:cb:b5:ff:
         a0:da:3a:ab:f8:82:26:7a:8a:7a:1e:49:db:0b:f5:31:e6:90:
         a3:d3:1a:4e:19:74:4f:bb:fd:50:0d:58:2a:74:3e:51:01:1d:
         cc:c3:fe:f8:c0:10:8d:ab:76:3e:5c:53:75:2c:2d:f2:a3:1e:
         11:e1:3d:c6:d0:10:95:b0:05:a3:2f:a3:62:14:7a:4e:7e:bc:
         e6:1a:a7:66:89:f8:98:ff:17:80:76:d9:1d:40:89:8a:3d:8d:
         df:b4:4d:26:c2:13:e6:74:9e:58:27:1f:46:d0:08:01:1a:ad:
         84:9e:77:83:c4:e8:5b:e2:fe:27:8a:f3:f2:04:0f:d2:3a:01:
         44:51:49:fd:67:2d:87:22:67:09:98:72:02:68:34:8d:42:4b:
         f6:e7:ac:a6:dd:0a:79:3a:87:4d:a7:a4:c8:3f:85:1c:1e:70:
         2e:5a:6d:00:18:32:62:45:7b:85:b6:e6:f8:4d:fe:e0:26:6f:
         75:33:d0:d9:9e:e4:b6:23:30:5d:77:0a:0e:15:17:98:71:3c:
         51:eb:29:c4:fb:1c:d4:42:90:0a:a5:6c:28:cb:22:fb:72:25:
         22:79:1f:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURnAcY60rtT+g1cDNJXwKsDtH/tEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDFaFw0yNjAxMjYwOTQ1MDFaMDMxMTAvBgNV
BAMTKEVCREZCNzNCMzg1NTg1MTZDMTUzOUM5MTZCNENCNTkzNjc3MTZBQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOvVpxE/YDi/3gYnee1j+z8IjW
c9W1Ncqv0giNI+eV2lDwMoINZ91XYYgvYaQio+2CPdfbsPjJALaH9NyiCEu+qpFA
PNBgIjsDbBZ2JM4dm5WRPvEYww3CsEqOmZVYv0nEkgirLn55aBvl1xw7TCq+VPVq
TcDUbQP2ZLhK/zlzsPTT6WwNilEQoVheuCEy0jyS6zX3mnlNztgRSfoz9Mr6qSfa
QDcZ7Y+XjS+dGfSlOf9KSKkMqCjtAXtOssSMTzSfRqKOYk1bXJFChquZDI/26xee
LqLnQRpgBaqWVnPXnDwofVn1FxU2XLp8UdQiSLNlpX2YmdgMAay3/5m+aTJDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU69+3OzhVhRbBU5yRa0y1k2dxaqUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJuF
BDANBgkqhkiG9w0BAQsFAAOCAQEAJKc27DglEBnTQaEjfnjG2QAdKK8sRilbkLSx
eLatIOway7X/oNo6q/iCJnqKeh5J2wv1MeaQo9MaThl0T7v9UA1YKnQ+UQEdzMP+
+MAQjat2PlxTdSwt8qMeEeE9xtAQlbAFoy+jYhR6Tn685hqnZon4mP8XgHbZHUCJ
ij2N37RNJsIT5nSeWCcfRtAIARqthJ53g8ToW+L+J4rz8gQP0joBRFFJ/WcthyJn
CZhyAmg0jUJL9uespt0KeTqHTaekyD+FHB5wLlptABgyYkV7hbbm+E3+4CZvdTPQ
2Z7ktiMwXXcKDhUXmHE8UespxPsc1EKQCqVsKMsi+3IlInkfmw==
-----END CERTIFICATE-----