Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38302e302f32342d3234203d3e20313336373837.roa
File:                     3135352e3133332e38302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          /SpF9qjkEmv0OtGXJ/9z+ZOaBMuUKjinsv8wHysV/pg=
Subject key identifier:   62:0F:C3:0A:7F:5C:71:35:FA:28:91:5B:DB:F1:12:BA:4F:0B:90:C6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       27C9D8AA685DD784FC9C649302813263047349B3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:10 +0000
ROA not before:           Sat 02 Mar 2024 21:49:10 +0000
ROA not after:            Sat 01 Mar 2025 21:54:10 +0000
asID:                     136787
IP address blocks:        155.133.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:c9:d8:aa:68:5d:d7:84:fc:9c:64:93:02:81:32:63:04:73:49:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  2 21:49:10 2024 GMT
            Not After : Mar  1 21:54:10 2025 GMT
        Subject: CN=620FC30A7F5C7135FA28915BDBF112BA4F0B90C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:82:d2:d1:c2:26:be:02:2f:e0:47:60:09:a3:
                    e8:05:2a:cd:b0:9b:26:bc:5c:a4:59:2e:38:2b:f2:
                    c0:4c:a0:30:4e:ae:d7:e4:12:7f:2f:dd:46:cd:3b:
                    c0:09:72:b0:82:61:a9:4f:df:2b:36:e2:67:a4:c1:
                    94:08:06:6c:cb:4a:bd:cc:ab:90:54:2d:bf:2f:da:
                    51:7b:81:82:71:9a:76:a9:58:c1:9f:02:95:62:4e:
                    eb:eb:77:22:82:bb:23:f3:77:97:84:83:d3:7a:1d:
                    ac:41:23:0b:5f:84:2f:06:87:75:5d:50:d8:dd:28:
                    3f:42:98:d4:35:9d:f9:7b:26:19:04:87:7c:19:f1:
                    c5:2d:df:9a:16:1f:2a:cc:59:4b:9d:eb:da:03:1a:
                    31:c3:b7:4f:df:d2:ce:c4:8d:76:38:9b:e2:a8:ba:
                    6c:c4:db:ec:cd:06:3a:57:68:7e:a6:79:04:af:d2:
                    80:7e:79:93:f2:ac:c4:6b:10:6a:2e:be:5d:ce:31:
                    be:ab:92:6f:01:e6:eb:03:ad:15:d3:af:1f:cb:9f:
                    8c:73:d7:af:7f:32:6b:ae:5e:b9:12:82:b0:e5:30:
                    9b:64:9b:ba:90:6e:21:8f:40:b2:a0:c7:57:12:40:
                    3b:f1:9e:2e:b3:c9:9b:0b:97:5f:1a:ca:92:b1:4d:
                    c4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0F:C3:0A:7F:5C:71:35:FA:28:91:5B:DB:F1:12:BA:4F:0B:90:C6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:32:9c:10:09:07:e4:9e:03:ff:77:97:90:7c:35:8e:b3:c5:
         e3:89:77:08:d5:5a:85:c7:6a:7b:ac:a6:e2:3b:3d:37:0e:8f:
         d7:ba:e9:83:6f:68:52:2f:5b:11:a4:cc:f0:f4:ca:4b:07:6d:
         6f:64:23:2d:17:b1:18:d1:7b:b5:4e:0d:bc:3f:f5:26:d9:3a:
         cf:e0:84:b1:98:18:02:5a:57:2c:44:12:f8:e7:b5:bb:ef:c1:
         66:45:2b:29:36:45:d3:82:97:09:57:40:ac:9c:06:71:4d:e5:
         d1:16:d3:f6:13:e0:c5:86:e4:38:db:07:66:c9:5e:f7:3f:a6:
         6e:f1:ad:39:ea:9c:f0:47:2a:40:51:3f:4f:78:16:f6:cc:9e:
         76:e9:a5:b2:f9:d4:86:12:25:a4:6f:de:5a:26:c4:9f:9f:5e:
         e1:bc:cc:0f:86:e9:69:a9:68:4a:7b:3b:a2:da:1b:b8:5f:a3:
         f8:47:cb:88:b6:16:3c:e2:c4:8c:99:83:cf:30:18:d6:9d:bf:
         ef:7c:47:ab:03:45:a0:41:b8:7e:cb:60:88:8c:81:2d:22:58:
         2c:31:40:cc:03:37:cc:8c:a2:e7:67:01:e9:2e:fc:d8:15:10:
         21:da:6f:f8:3a:2d:4a:c8:2e:80:5a:b1:fe:09:f2:c9:e1:d7:
         09:98:f0:ec
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUJ8nYqmhd14T8nGSTAoEyYwRzSbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDIyMTQ5MTBaFw0yNTAzMDEyMTU0MTBaMDMxMTAvBgNV
BAMTKDYyMEZDMzBBN0Y1QzcxMzVGQTI4OTE1QkRCRjExMkJBNEYwQjkwQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDgtLRwia+Ai/gR2AJo+gFKs2w
mya8XKRZLjgr8sBMoDBOrtfkEn8v3UbNO8AJcrCCYalP3ys24mekwZQIBmzLSr3M
q5BULb8v2lF7gYJxmnapWMGfApViTuvrdyKCuyPzd5eEg9N6HaxBIwtfhC8Gh3Vd
UNjdKD9CmNQ1nfl7JhkEh3wZ8cUt35oWHyrMWUud69oDGjHDt0/f0s7EjXY4m+Ko
umzE2+zNBjpXaH6meQSv0oB+eZPyrMRrEGouvl3OMb6rkm8B5usDrRXTrx/Ln4xz
169/MmuuXrkSgrDlMJtkm7qQbiGPQLKgx1cSQDvxni6zyZsLl18aypKxTcSRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUYg/DCn9ccTX6KJFb2/ESuk8LkMYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM4
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACbhVAwDQYJKoZIhvcNAQELBQADggEBAD8ynBAJB+SeA/93l5B8NY6zxeOJdwjV
WoXHanuspuI7PTcOj9e66YNvaFIvWxGkzPD0yksHbW9kIy0XsRjRe7VODbw/9SbZ
Os/ghLGYGAJaVyxEEvjntbvvwWZFKyk2RdOClwlXQKycBnFN5dEW0/YT4MWG5Djb
B2bJXvc/pm7xrTnqnPBHKkBRP094FvbMnnbppbL51IYSJaRv3lomxJ+fXuG8zA+G
6WmpaEp7O6LaG7hfo/hHy4i2FjzixIyZg88wGNadv+98R6sDRaBBuH7LYIiMgS0i
WCwxQMwDN8yMoudnAeku/NgVECHab/g6LUrILoBasf4J8snh1wmY8Ow=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:12 2024 by rpki-client on console-ams.rpki-client.org