Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30456.roa
File:                     AS30456.roa (raw, json)
Hash identifier:          hwXa+CYJgksgJmaAjkifNUYHL3eCBTc1yykFe6Y2Bns=
Subject key identifier:   35:C4:91:10:14:76:FE:A8:6F:97:49:B2:43:70:55:3A:A2:B6:C2:87
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       43AAF86D21E3EA1B1384569DC7FF7462ABEC2C2F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30456.roa
Signing time:             Wed 24 Apr 2024 00:25:17 +0000
ROA not before:           Wed 24 Apr 2024 00:20:17 +0000
ROA not after:            Wed 23 Apr 2025 00:25:17 +0000
asID:                     30456
IP address blocks:        185.135.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:aa:f8:6d:21:e3:ea:1b:13:84:56:9d:c7:ff:74:62:ab:ec:2c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 24 00:20:17 2024 GMT
            Not After : Apr 23 00:25:17 2025 GMT
        Subject: CN=35C491101476FEA86F9749B24370553AA2B6C287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:3e:1e:4f:4d:5d:86:8b:87:93:7a:97:5f:57:
                    b9:bf:f3:13:b5:65:fa:23:a2:62:ef:9a:ed:2b:d5:
                    2c:9d:1c:9a:83:91:a3:da:17:09:54:9a:69:d4:99:
                    1f:b7:c7:95:fd:5d:c3:2b:50:2e:9b:e1:64:aa:49:
                    51:32:d9:2d:41:8d:cf:bc:ea:47:73:b4:cc:d6:b8:
                    53:a0:dc:d1:d0:9f:9a:e7:54:b9:73:08:00:45:12:
                    05:ff:65:af:18:88:6a:e1:2c:21:d9:7c:8f:37:f2:
                    97:f1:74:ca:10:6d:c9:ed:e7:c4:0c:f0:bf:44:d9:
                    b6:86:3e:ed:bf:01:78:d4:f0:dd:f3:fc:3e:63:61:
                    84:40:bb:76:ad:9e:da:f9:1c:98:89:64:74:86:49:
                    f3:35:57:63:17:43:aa:9d:aa:32:14:aa:af:f0:8f:
                    dd:f8:8f:30:5b:f1:58:f3:55:67:e1:fe:3f:26:9f:
                    7b:b6:5e:2e:ef:c8:af:a7:ae:64:b3:0a:1e:b9:44:
                    c5:9d:b6:2c:2e:54:2e:7c:af:26:49:14:d1:39:e0:
                    9d:81:96:bb:a4:f5:51:2e:30:8b:c0:71:15:8d:16:
                    58:96:cb:be:a6:0b:86:88:96:5b:d7:01:09:74:8e:
                    1c:ca:22:75:6c:31:f5:c4:c5:33:6a:6d:13:de:61:
                    6e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C4:91:10:14:76:FE:A8:6F:97:49:B2:43:70:55:3A:A2:B6:C2:87
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30456.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:65:7b:aa:29:21:b2:86:66:66:23:bf:21:f1:41:e7:6f:f3:
         60:32:1a:72:9c:2e:7f:0b:a8:41:06:41:37:e5:cb:cf:45:b9:
         a2:f3:18:88:9b:04:11:9f:25:14:58:d5:fb:1e:7e:d0:58:62:
         ad:96:b8:62:58:8f:58:09:b6:3c:56:b8:3a:28:8d:6d:70:84:
         3c:fd:73:92:26:ff:de:73:4b:72:a2:d7:e2:fe:4c:b9:1f:01:
         2a:01:3e:6d:93:42:57:b2:10:f7:55:c0:27:49:ad:97:3b:17:
         68:a0:ba:34:84:44:76:18:8b:83:6a:b1:b2:bf:c6:3d:a8:6d:
         5c:de:d8:aa:f6:04:61:4b:cd:77:29:5a:a4:a8:81:d8:7b:67:
         d4:f9:fa:d9:17:d4:75:0e:03:ac:a7:3c:c2:e9:9a:c6:89:7c:
         f6:52:1d:12:bf:d7:f0:d4:a4:52:f0:84:3f:b4:ab:b1:4b:45:
         0a:7b:4a:53:fc:0e:c4:45:87:ea:0a:44:49:5d:b2:ac:70:56:
         ae:00:57:41:31:bd:c9:e2:2d:d6:03:95:5b:e0:8b:9b:f6:57:
         23:2c:f2:c1:52:41:7b:8f:13:f6:1b:20:87:74:47:98:95:f8:
         c5:7a:e9:e6:c0:4f:3e:7e:21:e3:fa:11:3a:8a:1b:60:5f:e6:
         45:0f:49:7b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQ6r4bSHj6hsThFadx/90YqvsLC8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjQwMDIwMTdaFw0yNTA0MjMwMDI1MTdaMDMxMTAvBgNV
BAMTKDM1QzQ5MTEwMTQ3NkZFQTg2Rjk3NDlCMjQzNzA1NTNBQTJCNkMyODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3Ph5PTV2Gi4eTepdfV7m/8xO1
ZfojomLvmu0r1SydHJqDkaPaFwlUmmnUmR+3x5X9XcMrUC6b4WSqSVEy2S1Bjc+8
6kdztMzWuFOg3NHQn5rnVLlzCABFEgX/Za8YiGrhLCHZfI838pfxdMoQbcnt58QM
8L9E2baGPu2/AXjU8N3z/D5jYYRAu3atntr5HJiJZHSGSfM1V2MXQ6qdqjIUqq/w
j934jzBb8VjzVWfh/j8mn3u2Xi7vyK+nrmSzCh65RMWdtiwuVC58ryZJFNE54J2B
lruk9VEuMIvAcRWNFliWy76mC4aIllvXAQl0jhzKInVsMfXExTNqbRPeYW5tAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNcSREBR2/qhvl0myQ3BVOqK2wocwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzA0NTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5h54w
DQYJKoZIhvcNAQELBQADggEBADRle6opIbKGZmYjvyHxQedv82AyGnKcLn8LqEEG
QTfly89FuaLzGIibBBGfJRRY1fseftBYYq2WuGJYj1gJtjxWuDoojW1whDz9c5Im
/95zS3Ki1+L+TLkfASoBPm2TQleyEPdVwCdJrZc7F2igujSERHYYi4NqsbK/xj2o
bVze2Kr2BGFLzXcpWqSogdh7Z9T5+tkX1HUOA6ynPMLpmsaJfPZSHRK/1/DUpFLw
hD+0q7FLRQp7SlP8DsRFh+oKREldsqxwVq4AV0ExvcniLdYDlVvgi5v2VyMs8sFS
QXuPE/YbIId0R5iV+MV66ebATz5+IeP6ETqKG2Bf5kUPSXs=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:37 2024 by rpki-client on console-ams.rpki-client.org