Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa
File:                     AS46450.roa (raw, json)
Hash identifier:          /U7XsmUdEzCBXLKz8d6FeyXHq5hioE02y2aW+IdL1ZM=
Subject key identifier:   C9:01:21:B3:47:FE:59:FA:70:EB:49:2E:3B:A3:F3:4F:4D:B2:BB:39
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       07FCD058E53E45AD6B3042A280E0A0AAB6F51C95
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa
Signing time:             Sun 19 May 2024 15:46:13 +0000
ROA not before:           Sun 19 May 2024 15:41:13 +0000
ROA not after:            Sun 18 May 2025 15:46:13 +0000
asID:                     46450
IP address blocks:        140.150.152.0/21 maxlen: 24
                          140.150.184.0/21 maxlen: 24
                          140.150.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:fc:d0:58:e5:3e:45:ad:6b:30:42:a2:80:e0:a0:aa:b6:f5:1c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 19 15:41:13 2024 GMT
            Not After : May 18 15:46:13 2025 GMT
        Subject: CN=C90121B347FE59FA70EB492E3BA3F34F4DB2BB39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:9c:3e:57:fd:ae:89:ae:9e:68:9a:c4:c4:
                    bd:dc:47:24:04:5f:e5:5c:cd:03:cf:16:6e:be:99:
                    e3:09:2f:32:0e:7c:8f:c8:89:31:0b:d7:a4:41:be:
                    d5:35:72:74:f3:ea:fb:2b:69:37:9e:e9:d3:5c:cf:
                    cb:26:4d:18:17:02:53:32:0f:cc:95:35:1c:ec:c9:
                    57:48:bc:06:99:5a:60:2c:09:88:34:1b:4c:50:36:
                    52:b3:82:32:59:51:0c:b4:c1:bf:20:16:1d:ff:bb:
                    3c:1e:22:07:db:8e:b9:41:fd:40:59:f9:3b:04:4e:
                    35:e2:66:37:96:24:81:a8:37:80:83:6f:3d:b7:a5:
                    08:ba:b0:cd:03:98:7b:b8:d0:fa:18:d0:71:de:53:
                    9a:3d:b5:a9:55:b6:00:1a:cc:73:25:ee:f0:bf:76:
                    d8:a0:bb:57:e5:da:0c:a7:12:8f:1d:d7:53:33:ef:
                    18:bd:6e:78:35:2e:91:10:cb:e5:d2:ce:33:f6:5a:
                    a0:22:3c:45:25:81:9e:82:54:7c:6d:17:1e:8e:4f:
                    b1:bb:e9:79:3c:8c:0c:e7:52:ef:0e:e2:4d:06:e4:
                    a1:9b:bc:ba:58:15:47:f6:d0:77:ad:5b:e3:54:56:
                    41:d1:50:7a:e8:20:f9:a9:47:05:d3:b3:62:c9:cf:
                    e4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:01:21:B3:47:FE:59:FA:70:EB:49:2E:3B:A3:F3:4F:4D:B2:BB:39
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.152.0/21
                  140.150.184.0/21
                  140.150.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:8a:27:02:a9:0b:74:ef:3b:52:71:7c:5a:c7:2c:47:3b:74:
         26:eb:b2:de:90:51:4d:8a:28:92:1b:1e:03:50:01:38:30:9d:
         0f:07:17:63:0b:4a:42:c5:73:67:a8:14:80:64:44:bd:8e:24:
         8a:e1:ea:0c:6f:b5:4b:9c:d1:85:5f:cf:f0:43:80:93:ef:6c:
         d0:bf:01:2e:27:d4:c3:a7:1a:a0:7f:70:b6:e4:39:41:bb:50:
         70:13:3f:af:01:ed:09:da:c2:8b:cf:94:b5:ce:e3:5a:f0:60:
         b7:33:6e:97:98:11:90:ea:11:0f:7f:cb:8e:94:54:4a:a6:61:
         c2:82:53:51:13:5c:f3:ad:11:6a:ad:07:27:57:d1:39:0f:6b:
         da:69:f9:6c:2e:d3:dc:4e:07:21:67:9c:06:4d:86:83:84:a6:
         72:0c:3a:13:bd:c8:10:f4:04:72:fc:91:9a:d3:77:18:9c:db:
         e4:33:2d:a0:ab:8a:0a:7b:4d:7f:7b:5e:b3:f5:08:d1:b8:cc:
         31:a3:00:f7:36:2d:cc:5d:cd:3b:49:29:c9:00:50:7c:66:f8:
         43:c1:f7:c8:77:75:34:c5:a0:4c:ed:c7:0a:14:5f:8f:03:97:
         61:be:a9:b4:64:f3:bf:d5:b0:d1:c0:8d:b0:7d:d5:b9:2b:72:
         41:ba:38:ab
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUB/zQWOU+Ra1rMEKigOCgqrb1HJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MTkxNTQxMTNaFw0yNTA1MTgxNTQ2MTNaMDMxMTAvBgNV
BAMTKEM5MDEyMUIzNDdGRTU5RkE3MEVCNDkyRTNCQTNGMzRGNERCMkJCMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC38Zw+V/2uia6eaJrExL3cRyQE
X+VczQPPFm6+meMJLzIOfI/IiTEL16RBvtU1cnTz6vsraTee6dNcz8smTRgXAlMy
D8yVNRzsyVdIvAaZWmAsCYg0G0xQNlKzgjJZUQy0wb8gFh3/uzweIgfbjrlB/UBZ
+TsETjXiZjeWJIGoN4CDbz23pQi6sM0DmHu40PoY0HHeU5o9talVtgAazHMl7vC/
dtigu1fl2gynEo8d11Mz7xi9bng1LpEQy+XSzjP2WqAiPEUlgZ6CVHxtFx6OT7G7
6Xk8jAznUu8O4k0G5KGbvLpYFUf20HetW+NUVkHRUHroIPmpRwXTs2LJz+RdAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUyQEhs0f+Wfpw60kuO6PzT02yuzkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDY0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAOMlpgD
BAOMlrgDBAKMluQwDQYJKoZIhvcNAQELBQADggEBAKyKJwKpC3TvO1JxfFrHLEc7
dCbrst6QUU2KKJIbHgNQATgwnQ8HF2MLSkLFc2eoFIBkRL2OJIrh6gxvtUuc0YVf
z/BDgJPvbNC/AS4n1MOnGqB/cLbkOUG7UHATP68B7QnawovPlLXO41rwYLczbpeY
EZDqEQ9/y46UVEqmYcKCU1ETXPOtEWqtBydX0TkPa9pp+Wwu09xOByFnnAZNhoOE
pnIMOhO9yBD0BHL8kZrTdxic2+QzLaCrigp7TX97XrP1CNG4zDGjAPc2LcxdzTtJ
KckAUHxm+EPB98h3dTTFoEztxwoUX48Dl2G+qbRk87/VsNHAjbB91bkrckG6OKs=
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:14:19 2024 by rpki-client on console-ams.rpki-client.org