Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38312e302f32342d3234203d3e20313336373837.roa
File:                     3135352e3133332e38312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5btF8Zrk9bmL9rdIypDJbjJCXneLyh+KF37dlc3XWBA=
Subject key identifier:   3F:02:90:41:8E:64:D7:5E:83:23:A7:89:EF:00:A6:EB:A0:39:3C:B7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2881151664AD70E268AE880FAF82E31E3A6A4941
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:11 +0000
ROA not before:           Sat 02 Mar 2024 21:49:11 +0000
ROA not after:            Sat 01 Mar 2025 21:54:11 +0000
asID:                     136787
IP address blocks:        155.133.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:81:15:16:64:ad:70:e2:68:ae:88:0f:af:82:e3:1e:3a:6a:49:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  2 21:49:11 2024 GMT
            Not After : Mar  1 21:54:11 2025 GMT
        Subject: CN=3F0290418E64D75E8323A789EF00A6EBA0393CB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3a:0f:26:da:eb:f8:2f:48:31:82:39:36:f9:
                    37:e5:6b:8d:56:29:06:e0:39:31:d7:03:69:79:8b:
                    05:4c:ef:5f:f8:03:d7:7d:dd:06:7a:b2:9a:81:e2:
                    51:15:6c:a4:0a:da:e4:d7:1d:c0:50:c7:b4:2f:c5:
                    02:9d:46:50:41:36:31:11:6e:8f:44:29:61:e5:6f:
                    cd:3f:da:64:ba:66:a3:6f:4f:69:56:da:57:b7:e4:
                    51:57:6b:d3:05:ab:25:e2:85:48:68:f6:a5:73:d4:
                    7d:9b:d6:69:04:44:9a:52:a5:0f:54:f9:6f:90:a2:
                    44:31:cc:e3:e9:94:93:8a:20:3a:5b:21:94:9f:f3:
                    9c:67:89:db:bf:0b:49:ba:bd:be:c1:95:66:88:01:
                    49:74:d3:a5:42:b4:ea:74:1e:ef:2b:a6:08:b1:e8:
                    22:8f:a2:e6:18:60:15:c2:2a:be:25:d9:2a:1f:b8:
                    3c:17:aa:b9:57:da:29:d4:9d:35:ee:4d:28:ea:c2:
                    dc:00:46:b1:73:02:30:56:0b:f4:da:d0:95:b8:05:
                    ca:c0:51:d3:38:15:6b:c1:48:f3:de:6a:ec:b2:7a:
                    25:4a:1a:a4:73:fa:18:10:02:f9:f2:51:f9:69:cd:
                    3b:10:ac:6f:ec:34:ee:09:86:9a:9c:10:4e:cb:22:
                    06:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:02:90:41:8E:64:D7:5E:83:23:A7:89:EF:00:A6:EB:A0:39:3C:B7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135352e3133332e38312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:6e:30:cc:61:db:65:95:44:0a:24:c1:1e:14:8e:5c:a3:ae:
         0c:de:82:3c:5c:33:a3:2f:ed:92:1e:6a:c6:56:e6:4e:5d:68:
         a7:18:76:47:e0:1f:6e:3a:f2:92:9e:8b:d5:5e:fb:87:73:df:
         b3:9b:cf:ca:e3:2d:82:ab:65:b7:30:9f:aa:b5:ef:be:a0:0b:
         c5:51:5d:e4:cb:7c:ec:41:9c:75:9c:b7:9b:ef:45:22:a2:24:
         d8:84:c8:02:6e:c5:08:3b:09:56:80:db:c3:8a:45:75:c0:1c:
         c4:25:81:ba:9f:03:bb:27:b8:30:f3:3c:71:b1:9b:72:b0:c2:
         44:2a:9b:d2:cc:cf:42:e0:96:02:6f:a5:a4:24:45:35:8a:6f:
         70:d0:c6:62:33:81:e2:38:25:42:13:8a:77:db:4e:3b:7e:03:
         5e:42:fc:90:06:e8:c2:99:f4:2f:61:d7:85:b4:e0:2d:e8:3c:
         db:4b:fb:34:89:42:d9:d9:99:e7:15:82:39:83:bd:73:1a:d0:
         be:d4:42:5f:1a:eb:0a:26:b4:c1:7f:71:92:29:f4:88:82:25:
         88:7b:4f:47:20:26:e6:84:73:63:87:b5:f0:42:58:b5:cf:cf:
         2f:95:a7:b6:37:a1:28:dd:05:97:87:e3:a6:db:35:c8:22:fb:
         a0:74:5a:11
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUKIEVFmStcOJorogPr4LjHjpqSUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDIyMTQ5MTFaFw0yNTAzMDEyMTU0MTFaMDMxMTAvBgNV
BAMTKDNGMDI5MDQxOEU2NEQ3NUU4MzIzQTc4OUVGMDBBNkVCQTAzOTNDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKOg8m2uv4L0gxgjk2+Tfla41W
KQbgOTHXA2l5iwVM71/4A9d93QZ6spqB4lEVbKQK2uTXHcBQx7QvxQKdRlBBNjER
bo9EKWHlb80/2mS6ZqNvT2lW2le35FFXa9MFqyXihUho9qVz1H2b1mkERJpSpQ9U
+W+QokQxzOPplJOKIDpbIZSf85xnidu/C0m6vb7BlWaIAUl006VCtOp0Hu8rpgix
6CKPouYYYBXCKr4l2SofuDwXqrlX2inUnTXuTSjqwtwARrFzAjBWC/Ta0JW4BcrA
UdM4FWvBSPPeauyyeiVKGqRz+hgQAvnyUflpzTsQrG/sNO4JhpqcEE7LIgYxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUPwKQQY5k116DI6eJ7wCm66A5PLcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM1MmUzMTMzMzMyZTM4
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACbhVEwDQYJKoZIhvcNAQELBQADggEBAHduMMxh22WVRAokwR4Ujlyjrgzegjxc
M6Mv7ZIeasZW5k5daKcYdkfgH2468pKei9Ve+4dz37Obz8rjLYKrZbcwn6q1776g
C8VRXeTLfOxBnHWct5vvRSKiJNiEyAJuxQg7CVaA28OKRXXAHMQlgbqfA7snuDDz
PHGxm3KwwkQqm9LMz0LglgJvpaQkRTWKb3DQxmIzgeI4JUITinfbTjt+A15C/JAG
6MKZ9C9h14W04C3oPNtL+zSJQtnZmecVgjmDvXMa0L7UQl8a6womtMF/cZIp9IiC
JYh7T0cgJuaEc2OHtfBCWLXPzy+Vp7Y3oSjdBZeH46bbNcgi+6B0WhE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org