Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e20313432353631.roa
File:                     33362e3235352e39322e302f32332d3234203d3e20313432353631.roa (raw, json)
Hash identifier:          1gIHZJcJcvpA+lInczo93Bq/EtwKfV+2lGg1HYidVrQ=
Subject key identifier:   50:4F:4C:D5:C2:54:76:34:03:FF:D4:EE:57:47:C4:1E:34:63:5C:72
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       069DA076A340648F4F2D5A2531370BBB3887959A
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e20313432353631.roa
Signing time:             Sat 20 Jan 2024 07:33:56 +0000
ROA not before:           Sat 20 Jan 2024 07:28:56 +0000
ROA not after:            Sat 18 Jan 2025 07:33:56 +0000
asID:                     142561
IP address blocks:        36.255.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:9d:a0:76:a3:40:64:8f:4f:2d:5a:25:31:37:0b:bb:38:87:95:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Jan 20 07:28:56 2024 GMT
            Not After : Jan 18 07:33:56 2025 GMT
        Subject: CN=504F4CD5C254763403FFD4EE5747C41E34635C72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:12:85:8b:a6:5a:66:62:7e:e1:93:db:c4:8a:
                    49:17:03:6c:50:4f:15:e3:23:87:bb:6f:d9:3b:fc:
                    65:4e:96:2e:c3:a3:e7:b2:84:7d:16:f8:23:a6:8a:
                    3d:49:72:5e:8d:9e:39:4f:88:96:3c:fb:0e:08:6e:
                    76:c7:75:70:01:b0:1e:15:a8:96:47:6f:3e:63:ea:
                    64:51:07:b5:c3:da:49:60:f2:6c:bb:3f:61:f7:dd:
                    ac:54:9c:61:66:3a:c4:62:80:67:89:d8:dc:88:c1:
                    60:d1:72:bd:ea:56:54:ca:28:a2:d3:f5:a4:07:e4:
                    73:b8:a5:ae:9d:af:05:aa:cb:91:be:a3:65:f8:69:
                    c9:0e:f3:07:35:96:a4:52:ee:66:01:9e:bd:9c:de:
                    2a:c4:0d:27:72:c5:1e:a5:ba:31:7e:b1:27:66:ed:
                    29:5a:4b:ad:37:6b:a3:33:63:ac:a9:12:1e:ff:43:
                    be:30:87:30:0b:ad:5d:cd:e1:cf:be:46:1e:30:dc:
                    e7:74:8a:f6:92:b3:fa:d4:31:d5:7e:dd:a2:85:86:
                    dc:8e:6e:18:22:ab:7e:b1:8e:81:6a:f3:24:05:a6:
                    76:81:bb:a9:55:82:61:95:12:09:c0:b9:aa:7c:53:
                    0a:db:21:9d:bb:1d:92:df:02:5a:aa:28:74:80:19:
                    54:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:4F:4C:D5:C2:54:76:34:03:FF:D4:EE:57:47:C4:1E:34:63:5C:72
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e20313432353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:13:13:7d:c5:f6:e7:c0:31:d2:c0:ab:6c:c3:81:f0:22:e7:
         27:32:35:49:3b:b1:01:25:3b:aa:59:a8:8a:90:e9:59:cb:36:
         62:ad:5d:1e:16:40:3f:8a:e8:cb:5e:2c:5c:f9:92:a7:3c:db:
         37:d7:87:dd:20:1e:50:92:74:15:18:4e:2f:5c:55:59:6f:76:
         04:75:4a:01:0c:2a:e7:77:71:ae:96:6e:85:a6:21:4c:60:c7:
         5a:63:8f:82:24:78:2f:a0:36:98:3c:10:e4:c2:2c:e5:11:c3:
         f9:70:ac:c7:a8:4e:ac:11:8e:3b:28:56:fa:fd:09:6d:e3:4d:
         5d:42:2c:3e:20:f7:be:98:7f:4f:0c:68:8a:9d:cb:d7:e2:41:
         56:21:a1:c4:b1:33:64:f1:52:25:eb:82:bc:f0:83:38:0f:22:
         04:fb:44:61:58:de:8c:50:4f:39:3a:d8:bd:4e:f6:b3:ea:0f:
         67:07:3e:53:1f:e1:55:0e:e6:8b:59:cd:30:99:d4:86:4e:cf:
         64:1e:f9:72:77:a9:3a:24:19:76:9f:05:f3:be:0e:76:e8:c7:
         f6:e3:1a:08:d5:74:3f:50:dd:8e:86:d6:cd:63:f0:94:38:aa:
         8c:4b:12:6f:7f:70:aa:2f:c9:f7:d2:00:29:63:4d:c9:ce:e1:
         63:c2:0a:c2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUBp2gdqNAZI9PLVolMTcLuziHlZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNDAxMjAwNzI4NTZaFw0yNTAxMTgwNzMzNTZaMDMxMTAvBgNV
BAMTKDUwNEY0Q0Q1QzI1NDc2MzQwM0ZGRDRFRTU3NDdDNDFFMzQ2MzVDNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVEoWLplpmYn7hk9vEikkXA2xQ
TxXjI4e7b9k7/GVOli7Do+eyhH0W+COmij1Jcl6NnjlPiJY8+w4IbnbHdXABsB4V
qJZHbz5j6mRRB7XD2klg8my7P2H33axUnGFmOsRigGeJ2NyIwWDRcr3qVlTKKKLT
9aQH5HO4pa6drwWqy5G+o2X4ackO8wc1lqRS7mYBnr2c3irEDSdyxR6lujF+sSdm
7SlaS603a6MzY6ypEh7/Q74whzALrV3N4c++Rh4w3Od0ivaSs/rUMdV+3aKFhtyO
bhgiq36xjoFq8yQFpnaBu6lVgmGVEgnAuap8UwrbIZ27HZLfAlqqKHSAGVSlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUUE9M1cJUdjQD/9TuV0fEHjRjXHIwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzMzNjJlMzIzNTM1MmUzOTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzEzNDMyMzUzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
JP9cMA0GCSqGSIb3DQEBCwUAA4IBAQCQExN9xfbnwDHSwKtsw4HwIucnMjVJO7EB
JTuqWaiKkOlZyzZirV0eFkA/iujLXixc+ZKnPNs314fdIB5QknQVGE4vXFVZb3YE
dUoBDCrnd3Gulm6FpiFMYMdaY4+CJHgvoDaYPBDkwizlEcP5cKzHqE6sEY47KFb6
/Qlt401dQiw+IPe+mH9PDGiKncvX4kFWIaHEsTNk8VIl64K88IM4DyIE+0RhWN6M
UE85Oti9Tvaz6g9nBz5TH+FVDuaLWc0wmdSGTs9kHvlyd6k6JBl2nwXzvg526Mf2
4xoI1XQ/UN2OhtbNY/CUOKqMSxJvf3CqL8n30gApY03JzuFjwgrC
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:32:54 2024 by rpki-client on console-ams.rpki-client.org