Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e362e302f32342d3234203d3e20313336373837.roa
File:                     3135352e3133332e362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          EsdNPwB5x60AJMpMF3/eDCsb8kerHFqItvlquc6yNTc=
Subject key identifier:   12:8C:8F:7B:3A:71:2A:32:E3:9E:4E:F2:2C:5F:2D:B7:DF:61:AE:68
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       202E5921A48E2EE7FF1AD986E0C55D3A01B711C2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e362e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:37 +0000
ROA not before:           Sun 12 May 2024 10:58:37 +0000
ROA not after:            Sun 11 May 2025 11:03:37 +0000
asID:                     136787
IP address blocks:        155.133.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:2e:59:21:a4:8e:2e:e7:ff:1a:d9:86:e0:c5:5d:3a:01:b7:11:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 12 10:58:37 2024 GMT
            Not After : May 11 11:03:37 2025 GMT
        Subject: CN=128C8F7B3A712A32E39E4EF22C5F2DB7DF61AE68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c3:5d:0e:07:db:5a:53:2f:d6:b8:20:6d:1f:
                    a4:c5:33:2b:09:c6:a1:55:db:62:d3:86:79:db:f9:
                    b7:b8:a1:ed:1e:93:c9:74:6e:3e:b3:33:45:a2:2a:
                    74:34:6f:4f:59:a9:97:77:35:f7:a1:64:2b:0b:aa:
                    7e:75:28:ab:58:d6:3c:03:1a:95:3d:c0:66:70:6a:
                    5c:2d:45:7f:63:88:b4:9c:b4:81:30:09:03:af:52:
                    8e:68:26:20:0f:99:01:f4:36:ee:71:f0:b0:26:ef:
                    e1:ba:25:34:e2:90:15:3d:93:a7:2d:66:fd:d2:e6:
                    00:7e:ea:66:2d:f1:9a:fc:d7:ab:34:5f:5c:40:c8:
                    0e:55:2b:64:28:c8:cc:71:da:95:b2:81:fd:34:a7:
                    9d:ad:f5:2e:8a:d4:8c:ca:9d:f0:1b:7a:89:68:e7:
                    60:f3:72:a0:e2:63:48:35:cb:c8:f8:c1:ec:6e:07:
                    28:9f:64:90:fe:c4:b6:09:81:cf:26:49:cb:b3:a6:
                    e3:c5:4a:88:04:3d:ab:fd:8c:26:7c:23:1a:14:ca:
                    7a:09:b6:07:dc:67:27:95:37:ed:31:8c:24:8f:57:
                    ee:eb:1e:ef:4c:c7:8a:9d:bf:e7:2f:10:3d:8f:31:
                    61:b2:03:2a:f9:94:c3:df:07:ef:c0:34:8a:55:aa:
                    d9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8C:8F:7B:3A:71:2A:32:E3:9E:4E:F2:2C:5F:2D:B7:DF:61:AE:68
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:79:2b:0c:13:f1:d7:d7:ef:1c:75:d9:42:f5:1a:e6:ce:85:
         0c:4c:48:fb:bd:46:a9:a1:d4:d6:d3:b6:2c:37:b2:4a:15:d3:
         b5:f5:61:22:8d:07:c5:38:36:d5:c2:6d:1a:06:1a:18:7b:d0:
         8a:24:67:c3:e5:19:c0:9a:87:c7:23:96:7d:56:0a:1a:f6:d7:
         c9:2e:76:01:b9:b5:3c:9b:f6:43:81:ac:b2:9f:b5:4c:eb:47:
         d6:a2:a0:57:d0:08:a8:d4:17:86:2b:22:1c:10:81:42:dd:90:
         b3:f1:de:e2:8c:07:2b:c6:c9:05:18:8e:42:9a:41:e6:ba:7b:
         aa:12:d8:f0:ae:ff:51:f8:cd:89:94:ff:e7:43:a5:20:85:f9:
         80:ec:f1:6d:6f:47:a9:2b:14:6a:27:d8:cc:c7:b6:55:23:17:
         72:f1:13:22:9d:01:04:75:fb:90:67:04:3c:46:0d:23:b0:13:
         8e:c4:b7:64:72:f1:c7:d5:e6:79:39:25:2e:79:82:f4:3c:0c:
         86:64:c7:98:65:a3:cd:76:50:80:b1:49:4a:87:95:5c:d9:ea:
         50:37:31:18:0f:1c:ad:d8:c3:d4:86:e5:36:4b:f5:f2:5d:8a:
         f9:58:26:06:af:43:b8:ab:84:df:84:e0:1a:5f:88:5c:7f:ba:
         4f:96:eb:2b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUIC5ZIaSOLuf/GtmG4MVdOgG3EcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTIxMDU4MzdaFw0yNTA1MTExMTAzMzdaMDMxMTAvBgNV
BAMTKDEyOEM4RjdCM0E3MTJBMzJFMzlFNEVGMjJDNUYyREI3REY2MUFFNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcw10OB9taUy/WuCBtH6TFMysJ
xqFV22LThnnb+be4oe0ek8l0bj6zM0WiKnQ0b09ZqZd3NfehZCsLqn51KKtY1jwD
GpU9wGZwalwtRX9jiLSctIEwCQOvUo5oJiAPmQH0Nu5x8LAm7+G6JTTikBU9k6ct
Zv3S5gB+6mYt8Zr816s0X1xAyA5VK2QoyMxx2pWygf00p52t9S6K1IzKnfAbeolo
52DzcqDiY0g1y8j4wexuByifZJD+xLYJgc8mScuzpuPFSogEPav9jCZ8IxoUynoJ
tgfcZyeVN+0xjCSPV+7rHu9Mx4qdv+cvED2PMWGyAyr5lMPfB+/ANIpVqtn/AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUEoyPezpxKjLjnk7yLF8tt99hrmgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
m4UGMA0GCSqGSIb3DQEBCwUAA4IBAQA6eSsME/HX1+8cddlC9RrmzoUMTEj7vUap
odTW07YsN7JKFdO19WEijQfFODbVwm0aBhoYe9CKJGfD5RnAmofHI5Z9Vgoa9tfJ
LnYBubU8m/ZDgayyn7VM60fWoqBX0Aio1BeGKyIcEIFC3ZCz8d7ijAcrxskFGI5C
mkHmunuqEtjwrv9R+M2JlP/nQ6UghfmA7PFtb0epKxRqJ9jMx7ZVIxdy8RMinQEE
dfuQZwQ8Rg0jsBOOxLdkcvHH1eZ5OSUueYL0PAyGZMeYZaPNdlCAsUlKh5Vc2epQ
NzEYDxyt2MPUhuU2S/XyXYr5WCYGr0O4q4TfhOAaX4hcf7pPlusr
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org