Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa
File:                     3135352e3133332e352e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          jx+GYqttx53NzsKzrPeLMGy8CY35X2xDuHWGp6S2DwU=
Subject key identifier:   5F:58:79:C4:77:20:3A:01:CD:9D:8D:A6:34:62:B9:CE:82:29:6E:3F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4BFB66D0ACF2187BD1AD2BCCBC76B00690173CC8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 27 Jan 2025 09:45:04 +0000
ROA not before:           Mon 27 Jan 2025 09:40:04 +0000
ROA not after:            Mon 26 Jan 2026 09:45:04 +0000
asID:                     62240
IP address blocks:        155.133.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 13:54:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:fb:66:d0:ac:f2:18:7b:d1:ad:2b:cc:bc:76:b0:06:90:17:3c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:04 2025 GMT
            Not After : Jan 26 09:45:04 2026 GMT
        Subject: CN=5F5879C477203A01CD9D8DA63462B9CE82296E3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:77:c8:d7:e2:86:df:e3:24:2b:f7:ac:4b:
                    f3:32:f3:bb:c6:ea:5e:f9:b3:87:d0:b0:75:41:04:
                    0e:19:5a:78:67:f1:c3:b8:ab:5b:1e:8f:7a:e4:af:
                    5e:b3:86:02:3c:6c:47:22:6c:b0:79:42:ee:bf:dd:
                    d2:25:18:51:00:77:ab:1f:45:d2:15:fa:15:18:02:
                    af:44:52:f9:e1:5e:91:1a:40:83:a2:ea:9c:97:da:
                    5b:f3:c6:a1:16:1b:1e:bc:1c:38:ed:ba:53:0e:c7:
                    1c:00:2d:88:c1:97:7a:d4:15:e6:62:26:4e:5a:15:
                    ec:e7:89:6e:2a:81:0b:89:bc:99:82:6a:f1:16:87:
                    84:f3:51:b4:06:ee:b5:0f:15:79:ba:89:92:64:c1:
                    b4:58:05:ae:0f:59:61:84:61:81:e0:ac:a6:7f:be:
                    75:51:c9:4f:aa:e6:4b:38:f8:31:33:48:ad:8d:26:
                    82:4e:f8:53:5d:d9:1d:1f:e3:ea:47:ba:30:a1:50:
                    c3:cc:c5:aa:5c:40:a7:eb:00:7c:a9:9e:97:ce:80:
                    d4:14:75:3e:9c:d2:11:26:8b:ee:16:ef:ee:76:5b:
                    81:b5:49:79:26:09:8e:92:e6:1e:8c:57:ed:70:05:
                    ca:e4:97:54:d2:e8:1f:ff:67:90:84:d5:81:d6:22:
                    3d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:58:79:C4:77:20:3A:01:CD:9D:8D:A6:34:62:B9:CE:82:29:6E:3F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:ad:84:57:6d:68:8a:a3:56:1d:e7:f6:b2:84:bb:d9:be:3c:
         b6:63:89:ad:69:66:31:7b:ca:9b:af:7f:8f:c4:6e:35:41:32:
         0a:d5:e0:52:f5:ba:9b:19:38:ff:f6:b0:77:09:f3:5b:0b:44:
         2c:b5:9f:76:19:46:b7:9b:96:41:54:9a:04:fd:5b:ef:41:96:
         3c:05:ae:96:31:58:bb:43:1d:42:2c:39:fa:50:cc:78:23:df:
         67:55:fa:fb:f3:8c:3d:13:5c:d7:7e:14:71:2b:5d:6f:9d:44:
         bd:c4:87:04:b9:41:c6:2f:61:6d:a3:95:18:29:e3:f5:09:06:
         3f:9e:c9:ed:72:47:78:82:b9:dc:d5:f5:51:61:a3:d0:1d:3e:
         d7:58:f8:96:ab:f6:53:e6:80:60:5d:4b:4c:06:f4:05:1d:3d:
         04:88:8a:9b:a1:9e:6e:93:7b:c8:d0:2b:64:3c:e2:5f:21:56:
         44:bf:b7:b2:f9:61:0e:5c:3a:59:aa:cc:be:09:8f:44:9a:c7:
         d7:fb:0b:86:ec:ad:3d:73:5c:de:98:e3:5f:55:c1:70:26:5b:
         cd:38:7b:17:3f:5c:3d:9b:9a:f4:9c:bc:ab:48:0b:66:20:2d:
         1b:82:d9:af:7d:ce:ea:b4:48:47:5b:74:c0:24:c7:93:b4:ae:
         04:97:79:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUS/tm0KzyGHvRrSvMvHawBpAXPMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDRaFw0yNjAxMjYwOTQ1MDRaMDMxMTAvBgNV
BAMTKDVGNTg3OUM0NzcyMDNBMDFDRDlEOERBNjM0NjJCOUNFODIyOTZFM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9i3fI1+KG3+MkK/esS/My87vG
6l75s4fQsHVBBA4ZWnhn8cO4q1sej3rkr16zhgI8bEcibLB5Qu6/3dIlGFEAd6sf
RdIV+hUYAq9EUvnhXpEaQIOi6pyX2lvzxqEWGx68HDjtulMOxxwALYjBl3rUFeZi
Jk5aFezniW4qgQuJvJmCavEWh4TzUbQG7rUPFXm6iZJkwbRYBa4PWWGEYYHgrKZ/
vnVRyU+q5ks4+DEzSK2NJoJO+FNd2R0f4+pHujChUMPMxapcQKfrAHypnpfOgNQU
dT6c0hEmi+4W7+52W4G1SXkmCY6S5h6MV+1wBcrkl1TS6B//Z5CE1YHWIj0nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX1h5xHcgOgHNnY2mNGK5zoIpbj8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJuF
BTANBgkqhkiG9w0BAQsFAAOCAQEALq2EV21oiqNWHef2soS72b48tmOJrWlmMXvK
m69/j8RuNUEyCtXgUvW6mxk4//awdwnzWwtELLWfdhlGt5uWQVSaBP1b70GWPAWu
ljFYu0MdQiw5+lDMeCPfZ1X6+/OMPRNc134UcStdb51EvcSHBLlBxi9hbaOVGCnj
9QkGP57J7XJHeIK53NX1UWGj0B0+11j4lqv2U+aAYF1LTAb0BR09BIiKm6GebpN7
yNArZDziXyFWRL+3svlhDlw6WarMvgmPRJrH1/sLhuytPXNc3pjjX1XBcCZbzTh7
Fz9cPZua9Jy8q0gLZiAtG4LZr33O6rRIR1t0wCTHk7SuBJd5nQ==
-----END CERTIFICATE-----