Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/3134362e3234372e36322e302f32342d3234203d3e203234383531.roa
File:                     3134362e3234372e36322e302f32342d3234203d3e203234383531.roa (raw, json)
Hash identifier:          +PLAO2XIwguBRxzLFbPvt9N4SUTwvCxYRNjOC/9N7/Y=
Subject key identifier:   00:DC:F2:83:68:7B:E4:B1:C8:40:24:74:B5:4D:B8:1A:DB:C3:BB:13
Certificate issuer:       /CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
Certificate serial:       61C9F9CA6827B1E0F1D4D451C3441A1081CE8070
Authority key identifier: A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/3134362e3234372e36322e302f32342d3234203d3e203234383531.roa
Signing time:             Mon 25 Dec 2023 12:05:08 +0000
ROA not before:           Mon 25 Dec 2023 12:00:08 +0000
ROA not after:            Mon 23 Dec 2024 12:05:08 +0000
asID:                     24851
IP address blocks:        146.247.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:c9:f9:ca:68:27:b1:e0:f1:d4:d4:51:c3:44:1a:10:81:ce:80:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
        Validity
            Not Before: Dec 25 12:00:08 2023 GMT
            Not After : Dec 23 12:05:08 2024 GMT
        Subject: CN=00DCF283687BE4B1C8402474B54DB81ADBC3BB13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7a:19:58:6e:88:a2:81:52:9b:d9:ba:1f:26:
                    f3:ea:8d:98:8e:c5:b0:b6:17:43:3f:5b:8c:2c:b1:
                    34:46:6f:8b:f8:c9:93:9b:ac:69:e5:94:1e:3e:ef:
                    0a:f1:8c:93:f8:1f:a3:79:bd:3f:ae:f9:49:88:ba:
                    4e:78:c1:82:1d:59:f6:a6:c5:e4:1e:f5:b2:e1:e9:
                    8a:fa:91:5a:47:49:7c:6d:46:58:2a:43:22:58:4d:
                    d8:b4:70:37:8c:a9:f8:4c:8c:3b:6f:20:90:3b:ee:
                    d8:91:7b:f2:49:ef:a1:e7:b0:28:85:7e:74:e8:c3:
                    93:40:82:aa:02:30:f8:97:ff:75:75:86:96:0c:c8:
                    0b:7a:20:04:8a:cc:3b:ff:0f:72:9c:81:e1:f1:f1:
                    d0:bd:48:e7:2c:da:1b:21:24:c4:27:6c:66:1f:42:
                    f2:93:76:f0:84:37:36:fe:2a:32:08:aa:3a:42:ef:
                    f7:bd:14:f8:30:08:e8:c3:6d:f8:de:d9:20:5f:24:
                    3a:58:47:9d:29:8a:9a:23:e3:0f:f8:88:c2:66:9b:
                    66:cd:35:12:d8:61:f6:08:d5:04:12:bc:a5:de:a9:
                    c5:9c:cc:30:1c:91:42:6e:b7:a9:a1:75:8f:bd:f2:
                    e0:15:12:17:41:4f:89:a8:52:3a:39:5c:ec:64:d5:
                    03:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DC:F2:83:68:7B:E4:B1:C8:40:24:74:B5:4D:B8:1A:DB:C3:BB:13
            X509v3 Authority Key Identifier:
                keyid:A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/3134362e3234372e36322e302f32342d3234203d3e203234383531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:17:37:05:00:31:6e:a2:43:44:33:8b:e7:7b:e2:1a:f8:7c:
         13:02:e0:45:2c:24:b7:d3:f3:a8:a3:80:e3:bb:32:50:b1:84:
         1a:bd:83:c4:44:09:b3:fb:43:ba:c0:6e:96:c0:7b:82:92:ce:
         2a:32:95:a4:8d:a4:15:8f:c9:c5:0b:27:50:82:25:a6:8f:e5:
         f1:0a:9b:ca:a6:93:f3:fb:10:7d:20:b6:77:32:6b:61:a4:46:
         77:0e:21:60:25:bf:85:d3:68:e8:a8:b1:17:32:aa:07:96:b2:
         25:72:03:74:c0:a7:29:df:36:54:f5:6f:86:89:80:6e:1e:c5:
         f1:77:f9:f0:7e:52:6a:2a:fb:42:e5:de:fe:9b:ae:b6:4f:25:
         4a:1c:e1:50:7a:3f:5c:fa:96:6c:bf:72:8d:3d:de:88:1f:0b:
         4a:5f:81:d3:94:e3:a3:0b:bf:49:ea:8c:ff:20:4f:cb:ad:ff:
         fc:db:27:e5:94:55:1d:84:f0:03:8a:41:a6:8a:de:6d:29:b0:
         2b:7d:e5:d8:65:cc:d1:b0:69:a4:98:53:c8:dd:49:39:af:4e:
         55:a9:9d:ed:a9:3f:c0:d0:7a:39:23:b7:ad:9d:92:4d:07:e4:
         a7:47:09:79:b7:08:e7:04:e2:a6:26:36:11:44:26:8f:35:7a:
         25:a6:0f:e4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUYcn5ymgnseDx1NRRw0QaEIHOgHAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTZjNTA5YmE0OGU1YjUwNDk0NTcyZTA1YzQ1YzU4ZTdl
MTZkODdmYjAeFw0yMzEyMjUxMjAwMDhaFw0yNDEyMjMxMjA1MDhaMDMxMTAvBgNV
BAMTKDAwRENGMjgzNjg3QkU0QjFDODQwMjQ3NEI1NERCODFBREJDM0JCMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpehlYboiigVKb2bofJvPqjZiO
xbC2F0M/W4wssTRGb4v4yZObrGnllB4+7wrxjJP4H6N5vT+u+UmIuk54wYIdWfam
xeQe9bLh6Yr6kVpHSXxtRlgqQyJYTdi0cDeMqfhMjDtvIJA77tiRe/JJ76HnsCiF
fnTow5NAgqoCMPiX/3V1hpYMyAt6IASKzDv/D3KcgeHx8dC9SOcs2hshJMQnbGYf
QvKTdvCENzb+KjIIqjpC7/e9FPgwCOjDbfje2SBfJDpYR50pipoj4w/4iMJmm2bN
NRLYYfYI1QQSvKXeqcWczDAckUJut6mhdY+98uAVEhdBT4moUjo5XOxk1QPjAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUANzyg2h75LHIQCR0tU24GtvDuxMwHwYDVR0j
BBgwFoAUpsUJukjltQSUVy4FxFxY5+Fth/swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYtOTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1
NWM1LzEvQTZDNTA5QkE0OEU1QjUwNDk0NTcyRTA1QzQ1QzU4RTdFMTZEODdGQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3BzVUp1a2psdFFTVVZ5NEZ4RnhZNS1G
dGhfcy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYt
OTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1NWM1LzEvMzEzNDM2MmUzMjM0MzcyZTM2
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM0MzgzNTMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
kvc+MA0GCSqGSIb3DQEBCwUAA4IBAQA/FzcFADFuokNEM4vne+Ia+HwTAuBFLCS3
0/Ooo4DjuzJQsYQavYPERAmz+0O6wG6WwHuCks4qMpWkjaQVj8nFCydQgiWmj+Xx
CpvKppPz+xB9ILZ3MmthpEZ3DiFgJb+F02joqLEXMqoHlrIlcgN0wKcp3zZU9W+G
iYBuHsXxd/nwflJqKvtC5d7+m662TyVKHOFQej9c+pZsv3KNPd6IHwtKX4HTlOOj
C79J6oz/IE/Lrf/82yfllFUdhPADikGmit5tKbArfeXYZczRsGmkmFPI3Uk5r05V
qZ3tqT/A0Ho5I7etnZJNB+SnRwl5twjnBOKmJjYRRCaPNXolpg/k
-----END CERTIFICATE-----
Generated at Sat Jun 15 07:50:13 2024 by rpki-client on console-ams.rpki-client.org