Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa
File:                     3135352e3133332e352e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          3Is7+Y47hpjwU8uaCE6hqvcDapDe+UN+hkhaQZ25W2M=
Subject key identifier:   2D:16:BF:92:9A:EB:47:1F:F2:A5:4A:1E:67:BF:83:33:63:4C:F1:C5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       50B730596ED53C1E5C945CE8991FFF70F971E816
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 26 Feb 2024 08:53:12 +0000
ROA not before:           Mon 26 Feb 2024 08:48:12 +0000
ROA not after:            Mon 24 Feb 2025 08:53:12 +0000
asID:                     62240
IP address blocks:        155.133.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b7:30:59:6e:d5:3c:1e:5c:94:5c:e8:99:1f:ff:70:f9:71:e8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:12 2024 GMT
            Not After : Feb 24 08:53:12 2025 GMT
        Subject: CN=2D16BF929AEB471FF2A54A1E67BF8333634CF1C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c0:c6:16:47:5d:9a:67:c7:c1:1b:8f:29:bf:
                    2f:41:9e:ec:12:96:f4:79:2c:21:02:f4:b7:bd:40:
                    b9:d4:3a:41:8a:08:f1:ff:f9:fe:bc:52:93:47:a4:
                    18:d8:d3:bf:08:f9:27:6a:a4:70:54:39:f5:5c:67:
                    39:67:69:3c:a7:8c:c7:ee:2c:f3:75:35:b5:ae:7c:
                    22:c7:ba:6d:9b:0d:b0:b6:05:17:08:7d:d5:42:e4:
                    9f:c3:3c:99:f5:e7:31:21:fe:58:90:79:92:ab:0a:
                    b0:72:02:93:69:02:34:cc:31:d5:cd:5d:e2:ec:8b:
                    5a:e8:93:04:7e:8b:4c:15:69:62:d9:66:76:ec:16:
                    d8:2f:ae:84:5f:dd:3c:8f:47:3b:8b:15:a6:5c:78:
                    5d:e5:aa:13:77:e0:b5:db:d0:be:ea:5d:8e:a3:9e:
                    d7:63:2c:6d:18:c7:21:0c:47:ce:2b:79:b9:33:1b:
                    75:0e:e4:79:eb:e6:d1:57:bc:37:9d:3a:26:c5:28:
                    68:f5:1f:bf:17:e6:1d:74:13:80:00:b8:9d:28:50:
                    d8:72:8b:09:0f:01:1e:84:da:61:f2:1d:15:61:c1:
                    3b:78:0c:62:dd:e1:34:46:33:6d:07:4d:7b:0a:6b:
                    b1:68:49:ae:e4:cf:62:55:46:b0:2c:55:d2:66:dc:
                    e7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:16:BF:92:9A:EB:47:1F:F2:A5:4A:1E:67:BF:83:33:63:4C:F1:C5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e352e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c1:58:dc:c7:07:a1:5a:6e:31:df:6d:f3:d1:01:52:b0:32:
         a9:f1:b4:37:5c:9d:45:d9:79:a5:02:86:3e:95:2d:14:fe:bd:
         f2:71:5d:94:ce:af:f7:24:ae:91:4b:1e:38:a9:e7:64:b5:0d:
         85:cd:ad:65:37:bf:81:96:21:8c:51:13:d0:89:33:62:ff:1f:
         c2:80:9f:f4:a0:b8:26:ca:81:b2:fd:7d:04:5b:51:8d:08:3d:
         9e:f6:f4:17:0d:89:3f:ea:c5:7d:fb:bf:7f:77:6b:4c:89:e6:
         fb:9f:dd:c4:41:27:f0:ee:c4:d3:e6:64:3c:04:50:13:70:ea:
         80:f1:25:d7:6e:03:11:da:56:42:8a:8e:cf:2c:52:21:2b:8e:
         e2:a9:f2:4f:22:61:ac:31:6b:6e:c0:f6:d1:ec:f3:da:97:f5:
         f7:14:56:fa:00:e2:bb:19:f3:da:6b:2f:90:58:00:1a:39:83:
         6e:71:6e:cb:73:09:0d:d6:54:3b:1c:fc:3e:39:7a:6d:1f:e1:
         83:6b:b7:5e:b7:c7:f2:e2:1e:02:d9:ff:f2:fc:d2:f1:6c:c4:
         78:1f:7f:03:62:a9:08:ba:9b:9b:58:9f:69:56:6b:5b:fc:b3:
         17:5f:ef:ee:30:79:c3:5a:cd:78:95:7b:a5:94:6c:84:5f:0f:
         dd:31:d2:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUULcwWW7VPB5clFzomR//cPlx6BYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTJaFw0yNTAyMjQwODUzMTJaMDMxMTAvBgNV
BAMTKDJEMTZCRjkyOUFFQjQ3MUZGMkE1NEExRTY3QkY4MzMzNjM0Q0YxQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wMYWR12aZ8fBG48pvy9BnuwS
lvR5LCEC9Le9QLnUOkGKCPH/+f68UpNHpBjY078I+SdqpHBUOfVcZzlnaTynjMfu
LPN1NbWufCLHum2bDbC2BRcIfdVC5J/DPJn15zEh/liQeZKrCrByApNpAjTMMdXN
XeLsi1rokwR+i0wVaWLZZnbsFtgvroRf3TyPRzuLFaZceF3lqhN34LXb0L7qXY6j
ntdjLG0YxyEMR84rebkzG3UO5Hnr5tFXvDedOibFKGj1H78X5h10E4AAuJ0oUNhy
iwkPAR6E2mHyHRVhwTt4DGLd4TRGM20HTXsKa7FoSa7kz2JVRrAsVdJm3OevAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULRa/kprrRx/ypUoeZ7+DM2NM8cUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJuF
BTANBgkqhkiG9w0BAQsFAAOCAQEACsFY3McHoVpuMd9t89EBUrAyqfG0N1ydRdl5
pQKGPpUtFP698nFdlM6v9ySukUseOKnnZLUNhc2tZTe/gZYhjFET0IkzYv8fwoCf
9KC4JsqBsv19BFtRjQg9nvb0Fw2JP+rFffu/f3drTInm+5/dxEEn8O7E0+ZkPARQ
E3DqgPEl124DEdpWQoqOzyxSISuO4qnyTyJhrDFrbsD20ezz2pf19xRW+gDiuxnz
2msvkFgAGjmDbnFuy3MJDdZUOxz8Pjl6bR/hg2u3XrfH8uIeAtn/8vzS8WzEeB9/
A2KpCLqbm1ifaVZrW/yzF1/v7jB5w1rNeJV7pZRshF8P3THS5A==
-----END CERTIFICATE-----