Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e37312e302f32342d3234203d3e20313336373837.roa
File:                     3135352e3133332e37312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          MxzYpwzN9c0yT6Z6xi0TCYJ1QYecqIFWvTvbT/ZgpQk=
Subject key identifier:   CE:E2:03:0E:C6:4E:81:11:B0:D8:F2:06:EE:9A:18:FB:6E:5E:C6:41
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7D723B898E613CF9D27439EF80ADE78FB3ED01CC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e37312e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:07 +0000
ROA not before:           Mon 26 Feb 2024 08:48:07 +0000
ROA not after:            Mon 24 Feb 2025 08:53:07 +0000
asID:                     136787
IP address blocks:        155.133.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:72:3b:89:8e:61:3c:f9:d2:74:39:ef:80:ad:e7:8f:b3:ed:01:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:07 2024 GMT
            Not After : Feb 24 08:53:07 2025 GMT
        Subject: CN=CEE2030EC64E8111B0D8F206EE9A18FB6E5EC641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cf:74:97:22:ab:0d:76:e9:03:04:b9:63:2c:
                    3d:cb:5b:26:7f:4a:1b:30:89:cd:37:97:5c:6d:81:
                    df:17:e1:87:b8:d6:63:ca:52:e0:e6:c5:cd:a8:84:
                    df:29:6b:86:9b:7e:b8:7c:50:80:47:65:71:59:7b:
                    e9:61:9c:2c:7b:16:a6:23:c9:70:96:f4:f1:04:4b:
                    a0:5e:cd:77:be:3b:68:c6:b3:5e:2a:b2:98:b0:fd:
                    cf:99:a5:f5:6c:05:93:90:c1:5a:d1:c4:4f:33:16:
                    f5:e9:56:74:97:55:18:c7:8c:cc:ba:f8:67:94:9f:
                    bc:6c:5b:8c:6c:2e:4e:2f:3a:00:5c:ca:ed:35:5a:
                    15:70:de:bf:d2:2f:64:b3:4d:dc:9a:19:d6:48:b9:
                    39:9d:ec:2d:5d:b5:28:e5:cb:c4:fa:e5:91:e9:21:
                    38:94:e2:a1:d5:12:03:a2:64:5a:68:0f:ae:86:8a:
                    f6:a3:87:23:b5:a9:59:22:c7:ce:66:22:76:61:18:
                    02:f9:75:37:67:dd:d8:e5:40:7a:c2:7a:86:f9:87:
                    a3:59:7b:81:7f:ec:e6:b1:7d:01:d2:2e:3c:e4:72:
                    bd:e4:f0:24:19:0a:bc:84:b7:01:bc:41:3c:01:2a:
                    13:48:88:4e:55:d0:41:25:d9:60:db:b5:e2:6e:e8:
                    cb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E2:03:0E:C6:4E:81:11:B0:D8:F2:06:EE:9A:18:FB:6E:5E:C6:41
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e37312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:70:3f:e7:dc:bd:33:75:46:5d:23:47:72:80:62:2f:6d:ac:
         b4:04:39:1b:c5:8e:79:1f:b2:ac:7a:c2:f9:56:b9:51:dc:ba:
         fd:b7:e4:76:d2:05:a6:8c:cc:43:8e:70:f5:6f:30:c2:53:ac:
         01:4b:34:fe:19:8c:28:0d:1a:d9:01:00:e0:67:22:3c:2d:cd:
         c7:b2:cd:c7:f6:39:97:73:d8:02:d7:3d:ac:7c:09:47:18:fc:
         2b:a5:24:a2:25:49:c5:d9:02:b5:6c:ea:1d:00:ff:d5:90:1f:
         cb:15:d2:2e:a6:8c:00:9d:27:f4:3a:7d:96:66:85:f0:a5:e3:
         bd:68:63:91:b8:9a:e7:30:3d:48:2f:ef:3d:09:0c:e4:ea:cf:
         e2:f5:31:18:a5:71:12:7d:ce:ee:e4:fa:ca:ca:cb:32:d4:ee:
         7d:0e:9f:a4:e9:7c:f8:da:2e:6b:5a:33:be:f6:3e:6a:4f:0f:
         b3:aa:5f:d2:ba:77:ed:7c:48:2b:8d:56:02:95:bc:ab:34:26:
         54:1a:1e:4f:2f:5c:4c:4f:d5:3b:1f:50:d6:b7:c0:f2:46:18:
         33:5b:b3:15:0b:32:cf:ab:9b:7d:cb:d8:c8:ef:e0:a6:65:70:
         e9:a0:a7:bb:de:0d:33:52:ad:fd:17:a7:e6:97:b4:27:f4:18:
         bb:5f:16:40
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUfXI7iY5hPPnSdDnvgK3nj7PtAcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDdaFw0yNTAyMjQwODUzMDdaMDMxMTAvBgNV
BAMTKENFRTIwMzBFQzY0RTgxMTFCMEQ4RjIwNkVFOUExOEZCNkU1RUM2NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfz3SXIqsNdukDBLljLD3LWyZ/
Shswic03l1xtgd8X4Ye41mPKUuDmxc2ohN8pa4abfrh8UIBHZXFZe+lhnCx7FqYj
yXCW9PEES6BezXe+O2jGs14qspiw/c+ZpfVsBZOQwVrRxE8zFvXpVnSXVRjHjMy6
+GeUn7xsW4xsLk4vOgBcyu01WhVw3r/SL2SzTdyaGdZIuTmd7C1dtSjly8T65ZHp
ITiU4qHVEgOiZFpoD66GivajhyO1qVkix85mInZhGAL5dTdn3djlQHrCeob5h6NZ
e4F/7OaxfQHSLjzkcr3k8CQZCryEtwG8QTwBKhNIiE5V0EEl2WDbteJu6MtdAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUzuIDDsZOgRGw2PIG7poY+25exkEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM3
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACbhUcwDQYJKoZIhvcNAQELBQADggEBAIRwP+fcvTN1Rl0jR3KAYi9trLQEORvF
jnkfsqx6wvlWuVHcuv235HbSBaaMzEOOcPVvMMJTrAFLNP4ZjCgNGtkBAOBnIjwt
zceyzcf2OZdz2ALXPax8CUcY/CulJKIlScXZArVs6h0A/9WQH8sV0i6mjACdJ/Q6
fZZmhfCl471oY5G4mucwPUgv7z0JDOTqz+L1MRilcRJ9zu7k+srKyzLU7n0On6Tp
fPjaLmtaM772PmpPD7OqX9K6d+18SCuNVgKVvKs0JlQaHk8vXExP1TsfUNa3wPJG
GDNbsxULMs+rm33L2Mjv4KZlcOmgp7veDTNSrf0Xp+aXtCf0GLtfFkA=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:55 2024 by rpki-client on console-fra.rpki-client.org