Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa
File:                     AS54004.roa (raw, json)
Hash identifier:          yI2SJzfrBSKqGFw4KSD6Jh0uWBF5djx4fQn9rl2l31w=
Subject key identifier:   B7:BC:6F:3D:46:AD:38:0D:63:46:EF:0D:55:B1:68:B7:25:7D:F3:93
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       64D029EF39186F31228B10A6E4E21EFC3EF0521F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     54004
IP address blocks:        147.79.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d0:29:ef:39:18:6f:31:22:8b:10:a6:e4:e2:1e:fc:3e:f0:52:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=B7BC6F3D46AD380D6346EF0D55B168B7257DF393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a3:3f:14:e7:53:26:ad:49:5a:f4:53:ff:db:
                    36:39:b5:b4:77:4a:a8:1a:92:ce:89:df:9f:2c:dd:
                    09:15:12:65:a2:2a:40:c2:c6:48:2e:56:c0:b3:08:
                    dc:e7:58:7c:46:e4:3a:90:47:90:ac:46:3e:c7:d5:
                    66:ae:67:cd:99:a1:8a:bb:3a:96:cc:ce:70:df:97:
                    a7:9b:06:3a:ad:25:02:6d:42:bd:28:12:78:d3:8c:
                    7f:06:e8:05:19:dd:f5:e9:33:7e:54:5c:f0:26:cb:
                    58:36:7d:25:d0:99:4f:b2:b9:71:ff:db:45:6c:5f:
                    95:d0:cb:78:c4:f4:95:04:72:d5:b5:ab:77:5e:58:
                    61:11:07:04:d0:6a:0e:81:41:c8:4d:71:6f:a1:b3:
                    6f:69:e9:fb:16:01:5a:76:c9:29:3f:fb:d5:e3:31:
                    76:99:80:ed:2c:b4:2c:a7:ba:e6:e2:c7:f2:d0:19:
                    b1:5a:8a:6f:34:39:f9:33:75:32:a2:d9:7a:60:26:
                    6e:07:29:c5:d8:6d:40:6d:99:87:f2:9a:ae:1d:13:
                    7d:01:37:dd:a3:d2:9e:fe:6d:53:d9:51:62:1b:c0:
                    f9:36:dd:83:b7:07:29:d8:c2:ea:60:53:49:bc:6c:
                    42:0d:46:78:f1:a2:16:0e:55:f9:a6:1a:d2:1d:e7:
                    8e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BC:6F:3D:46:AD:38:0D:63:46:EF:0D:55:B1:68:B7:25:7D:F3:93
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         68:6f:75:bb:95:ea:7f:94:3a:dd:eb:cb:42:ea:1b:ad:68:60:
         65:79:6d:51:b5:3b:36:36:e2:f0:7f:6d:f4:09:fe:b9:33:ad:
         2e:b7:d4:de:b5:30:90:a9:de:6e:9c:9c:02:05:ee:d8:c9:5c:
         15:28:9c:70:1c:4a:e7:bb:ad:42:d6:cb:f0:17:d3:61:e9:9a:
         15:7c:d5:08:72:88:ea:81:28:d6:81:6d:bd:39:2d:a6:eb:9d:
         dd:7f:64:76:db:94:1a:92:bd:a6:01:bb:f7:a0:78:c2:72:39:
         af:69:6a:c8:8e:40:82:10:cc:54:49:66:16:89:b5:6c:a0:37:
         2b:50:41:31:95:26:90:e6:41:41:2c:4a:df:6a:df:93:e7:be:
         32:89:95:eb:73:81:80:35:cb:c0:bd:ab:83:02:ef:b7:e3:a5:
         03:ff:76:1c:65:f6:09:7c:99:e7:00:87:89:eb:2f:f0:3f:f6:
         63:59:34:11:6d:00:27:a4:ca:17:60:aa:ad:69:2b:c7:a2:58:
         d9:fd:ee:9f:16:14:23:ef:bc:fd:da:11:91:68:f5:3f:84:da:
         51:37:05:44:f2:95:cf:3e:fe:57:07:68:88:1a:4d:62:f2:4d:
         41:4e:a7:4e:61:54:13:52:ef:72:db:c5:64:27:b3:6f:3c:c9:
         fa:3b:ce:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZNAp7zkYbzEiixCm5OIe/D7wUh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKEI3QkM2RjNENDZBRDM4MEQ2MzQ2RUYwRDU1QjE2OEI3MjU3REYzOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtoz8U51MmrUla9FP/2zY5tbR3
Sqgaks6J358s3QkVEmWiKkDCxkguVsCzCNznWHxG5DqQR5CsRj7H1WauZ82ZoYq7
OpbMznDfl6ebBjqtJQJtQr0oEnjTjH8G6AUZ3fXpM35UXPAmy1g2fSXQmU+yuXH/
20VsX5XQy3jE9JUEctW1q3deWGERBwTQag6BQchNcW+hs29p6fsWAVp2ySk/+9Xj
MXaZgO0stCynuubix/LQGbFaim80OfkzdTKi2XpgJm4HKcXYbUBtmYfymq4dE30B
N92j0p7+bVPZUWIbwPk23YO3BynYwupgU0m8bEINRnjxohYOVfmmGtId545rAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUt7xvPUatOA1jRu8NVbFotyV985MwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTQwMDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASTTyAw
DQYJKoZIhvcNAQELBQADggEBAGhvdbuV6n+UOt3ry0LqG61oYGV5bVG1OzY24vB/
bfQJ/rkzrS631N61MJCp3m6cnAIF7tjJXBUonHAcSue7rULWy/AX02HpmhV81Qhy
iOqBKNaBbb05Labrnd1/ZHbblBqSvaYBu/egeMJyOa9pasiOQIIQzFRJZhaJtWyg
NytQQTGVJpDmQUEsSt9q35PnvjKJletzgYA1y8C9q4MC77fjpQP/dhxl9gl8mecA
h4nrL/A/9mNZNBFtACekyhdgqq1pK8eiWNn97p8WFCPvvP3aEZFo9T+E2lE3BUTy
lc8+/lcHaIgaTWLyTUFOp05hVBNS73LbxWQns288yfo7zgk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:22:33 2024 by rpki-client on console-fra.rpki-client.org