Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e39302e302f32342d3234203d3e20313336373837.roa
File:                     3135362e36372e39302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          40b04zSa06bVrowpIvBJJK1jVHSTa30nSLPfYTe42bY=
Subject key identifier:   D3:E5:4A:DE:74:90:0C:0E:E3:2E:98:7C:51:DE:0D:64:A9:F7:6E:AF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6931CC38D56122D78C6DCDC2EEC3B301E0D4364B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e39302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:38 +0000
ROA not before:           Sun 12 May 2024 10:58:38 +0000
ROA not after:            Sun 11 May 2025 11:03:38 +0000
asID:                     136787
IP address blocks:        156.67.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:31:cc:38:d5:61:22:d7:8c:6d:cd:c2:ee:c3:b3:01:e0:d4:36:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 12 10:58:38 2024 GMT
            Not After : May 11 11:03:38 2025 GMT
        Subject: CN=D3E54ADE74900C0EE32E987C51DE0D64A9F76EAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f9:95:7d:ac:f1:7d:87:91:2f:fc:c6:bc:a3:
                    7c:56:5d:22:c8:53:27:43:5e:88:69:05:5b:de:2e:
                    86:36:b0:d5:98:03:c2:b3:d8:91:0c:6a:30:8b:2a:
                    2f:08:d5:55:7c:3c:87:e7:e7:a9:5f:a7:4a:72:8e:
                    54:5b:8f:83:b7:f7:d0:13:16:ab:aa:6a:90:1e:85:
                    c5:b4:a1:ef:18:fd:c6:6f:cd:6d:c5:25:4a:9c:3d:
                    0e:d7:c3:b0:e3:d7:16:b1:38:b0:3a:b1:8b:aa:99:
                    59:8d:e8:f5:d9:c4:79:95:45:0c:3a:86:b4:3e:c7:
                    28:a9:62:6e:17:9c:d2:ae:25:34:e3:b2:6a:44:1c:
                    04:1c:7b:b2:ec:e7:fd:ff:d8:6f:34:e5:11:d6:81:
                    4a:34:28:2b:b1:fa:4c:1d:9a:7c:87:c5:b9:00:0b:
                    6d:ad:6b:51:16:ec:c9:57:0d:23:01:c2:48:4a:5a:
                    9e:59:a9:d5:13:43:3b:de:52:61:1e:8c:69:42:7a:
                    ba:6b:f5:3d:38:b5:04:73:77:2d:fc:ca:50:99:95:
                    f0:64:37:bf:a1:fb:2d:f7:7c:ef:f2:56:b6:a9:99:
                    08:f8:4f:ad:65:2e:8b:90:17:0b:df:22:66:e8:20:
                    27:96:ce:7b:13:43:b9:6b:51:54:67:ed:bc:ac:83:
                    57:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E5:4A:DE:74:90:0C:0E:E3:2E:98:7C:51:DE:0D:64:A9:F7:6E:AF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e39302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5f:3b:06:d8:6b:d8:ee:d6:48:02:df:54:98:66:0b:0c:db:
         ca:89:20:4d:03:8e:56:3f:9c:55:d7:77:b6:25:7a:13:7d:eb:
         75:ba:49:3d:79:6d:7c:5a:2a:97:e5:d3:b2:1c:64:1e:14:91:
         47:46:74:da:c9:9f:b8:1f:f5:30:d1:c9:05:f6:b7:cc:49:2b:
         26:54:b7:d0:55:40:66:82:34:91:35:5e:af:56:9c:89:fe:cf:
         84:ba:8d:a0:8b:f5:1f:da:ce:0d:26:bc:3c:60:38:05:e4:cd:
         b6:78:6d:24:4d:69:6e:99:f3:99:bf:49:9d:39:dc:a9:a4:47:
         61:87:5b:db:59:f8:85:94:d7:90:e5:5b:6a:ed:a3:32:c8:1d:
         ac:5c:c5:34:5f:10:13:20:e2:1a:5b:6d:61:4b:f8:e0:60:19:
         49:30:8b:1a:bc:2a:88:b1:ef:cf:84:d7:c6:b9:c8:25:b1:fe:
         aa:60:f0:0e:62:e3:b5:9b:de:3f:3f:7f:f1:50:d7:02:30:7c:
         b5:20:fe:86:5d:27:25:2c:54:b5:d6:6c:b5:2e:4a:14:19:0e:
         e9:ca:dc:ec:9a:41:d5:a6:3a:70:71:87:a4:e9:60:9e:53:07:
         2b:f8:d8:7b:f8:6b:db:80:f2:fa:a9:3a:d8:a0:30:fe:65:20:
         1a:13:bf:59
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUaTHMONVhIteMbc3C7sOzAeDUNkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTIxMDU4MzhaFw0yNTA1MTExMTAzMzhaMDMxMTAvBgNV
BAMTKEQzRTU0QURFNzQ5MDBDMEVFMzJFOTg3QzUxREUwRDY0QTlGNzZFQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY+ZV9rPF9h5Ev/Ma8o3xWXSLI
UydDXohpBVveLoY2sNWYA8Kz2JEMajCLKi8I1VV8PIfn56lfp0pyjlRbj4O399AT
FquqapAehcW0oe8Y/cZvzW3FJUqcPQ7Xw7Dj1xaxOLA6sYuqmVmN6PXZxHmVRQw6
hrQ+xyipYm4XnNKuJTTjsmpEHAQce7Ls5/3/2G805RHWgUo0KCux+kwdmnyHxbkA
C22ta1EW7MlXDSMBwkhKWp5ZqdUTQzveUmEejGlCerpr9T04tQRzdy38ylCZlfBk
N7+h+y33fO/yVrapmQj4T61lLouQFwvfImboICeWznsTQ7lrUVRn7bysg1eLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU0+VK3nSQDA7jLph8Ud4NZKn3bq8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM2MmUzNjM3MmUzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
nENaMA0GCSqGSIb3DQEBCwUAA4IBAQB1XzsG2GvY7tZIAt9UmGYLDNvKiSBNA45W
P5xV13e2JXoTfet1ukk9eW18WiqX5dOyHGQeFJFHRnTayZ+4H/Uw0ckF9rfMSSsm
VLfQVUBmgjSRNV6vVpyJ/s+Euo2gi/Uf2s4NJrw8YDgF5M22eG0kTWlumfOZv0md
OdyppEdhh1vbWfiFlNeQ5Vtq7aMyyB2sXMU0XxATIOIaW21hS/jgYBlJMIsavCqI
se/PhNfGucglsf6qYPAOYuO1m94/P3/xUNcCMHy1IP6GXSclLFS11my1LkoUGQ7p
ytzsmkHVpjpwcYek6WCeUwcr+Nh7+GvbgPL6qTrYoDD+ZSAaE79Z
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:12 2024 by rpki-client on console-ams.rpki-client.org