Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/32332e3137322e3132302e302f32342d3332203d3e203437323732.roa
File:                     32332e3137322e3132302e302f32342d3332203d3e203437323732.roa (raw, json)
Hash identifier:          ZNmpQT63YLDhV7GMsbO7+WxunQLAJQcopDCnQpT02uI=
Subject key identifier:   72:4C:BF:43:8A:16:66:AE:F6:C3:A8:3C:3B:AD:C7:12:B0:99:A0:E3
Certificate issuer:       /CN=f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa
Certificate serial:       074AABCE6CDDC67B6D476004000467C2D4CEF232
Authority key identifier: 6D:7A:26:67:30:92:8D:9D:FD:FD:AC:E3:6F:73:AC:89:E4:24:E2:28
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/32332e3137322e3132302e302f32342d3332203d3e203437323732.roa
Signing time:             Tue 27 Feb 2024 09:48:41 +0000
ROA not before:           Tue 27 Feb 2024 09:43:41 +0000
ROA not after:            Tue 25 Feb 2025 09:48:41 +0000
asID:                     47272
IP address blocks:        23.172.120.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/6D7A266730928D9DFDFDACE36F73AC89E424E228.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/6D7A266730928D9DFDFDACE36F73AC89E424E228.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/02c7706b-3baf-42cb-bdf7-782b036252b3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/02c7706b-3baf-42cb-bdf7-782b036252b3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Dec 2024 00:11:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:4a:ab:ce:6c:dd:c6:7b:6d:47:60:04:00:04:67:c2:d4:ce:f2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa
        Validity
            Not Before: Feb 27 09:43:41 2024 GMT
            Not After : Feb 25 09:48:41 2025 GMT
        Subject: CN=724CBF438A1666AEF6C3A83C3BADC712B099A0E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d0:d3:15:f0:35:53:9b:00:fc:f6:60:40:05:
                    1e:e1:91:4e:00:e3:b6:01:e1:03:d6:f1:e2:0d:6e:
                    25:b2:de:8a:36:65:f0:5a:b7:c7:a6:a9:6a:03:ca:
                    f2:60:81:c5:b7:0a:23:92:33:68:a4:a9:01:2f:59:
                    eb:57:2f:b9:04:87:00:b0:fe:81:f4:0b:0f:22:a6:
                    83:97:49:bf:d6:72:6f:c8:db:79:ee:78:85:c1:7f:
                    cc:5f:b6:76:31:9e:8e:f2:a4:b5:4a:50:df:0f:3b:
                    9e:42:90:01:11:5a:58:5d:b8:6c:e6:35:4e:cf:ce:
                    ef:87:18:1f:71:a7:f6:d7:c6:26:ba:09:30:0d:1d:
                    d5:f5:1c:47:7a:d9:a3:56:4c:44:d1:63:56:6d:ab:
                    59:ef:07:02:01:16:4a:09:18:69:63:67:62:65:24:
                    da:ea:ed:33:dd:e8:6b:8f:39:6a:71:b4:60:ea:43:
                    ee:1c:88:4d:ff:65:cc:e5:4c:3c:b7:76:46:82:a1:
                    73:29:a2:2f:30:65:06:af:08:9c:13:b7:cd:c4:8f:
                    b9:60:3f:1a:7a:8c:bb:ca:4e:e2:e0:db:95:cf:73:
                    9f:82:25:fe:a2:6a:b4:d1:30:d1:34:b3:4e:1c:6a:
                    bd:26:af:28:50:93:05:2f:66:01:22:1b:8d:54:07:
                    67:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4C:BF:43:8A:16:66:AE:F6:C3:A8:3C:3B:AD:C7:12:B0:99:A0:E3
            X509v3 Authority Key Identifier:
                keyid:6D:7A:26:67:30:92:8D:9D:FD:FD:AC:E3:6F:73:AC:89:E4:24:E2:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/6D7A266730928D9DFDFDACE36F73AC89E424E228.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/32332e3137322e3132302e302f32342d3332203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.172.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:8d:80:da:76:0d:fb:eb:e2:0c:ab:ff:ed:00:b1:c1:f4:29:
         26:cf:64:47:fd:12:7a:cb:33:2a:c2:bd:d5:2a:5d:0d:1c:45:
         ef:9c:7b:25:6d:b3:4e:10:90:90:79:88:cd:15:6e:81:c5:f6:
         32:4b:e8:59:68:7f:32:01:81:1a:fd:0a:f2:10:95:af:80:f3:
         98:36:c5:98:75:ad:e1:db:b6:9b:60:ff:21:e9:d7:78:ac:9b:
         83:91:bb:d6:a3:44:3c:c0:37:3a:f2:59:05:1a:06:10:42:32:
         22:d6:6b:cb:1b:52:30:1e:6c:12:82:9b:ee:39:9c:78:ab:4a:
         4b:04:be:5d:0d:75:2c:cf:61:77:2a:04:72:43:6d:3c:bb:8c:
         0e:de:1c:de:0c:66:c3:9f:87:f7:8f:a5:1c:51:1c:60:e9:a2:
         31:95:e9:6f:1f:c9:06:0c:3c:8e:15:90:98:df:75:83:c0:ce:
         1a:29:04:18:cf:f5:93:c3:d0:fe:d8:c6:6a:3d:0a:3f:cc:8e:
         b4:7a:cf:f5:cf:29:73:66:1f:ab:b1:20:be:fa:7b:df:37:37:
         4c:fb:e9:37:70:8a:f4:8a:a7:6e:89:f9:fc:8b:88:df:8b:99:
         63:f2:b7:46:e8:f4:ee:da:3b:88:1d:72:e2:79:0d:34:a1:ca:
         41:48:99:d1
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUB0qrzmzdxnttR2AEAARnwtTO8jIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjQ0YzgyZGFiYTY4YjQwZjY1Y2ZjMTc0NDVmODliMjE5
MmE1NzM3OWQ3ZjEzYmU4ZmEwHhcNMjQwMjI3MDk0MzQxWhcNMjUwMjI1MDk0ODQx
WjAzMTEwLwYDVQQDEyg3MjRDQkY0MzhBMTY2NkFFRjZDM0E4M0MzQkFEQzcxMkIw
OTlBMEUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9DTFfA1U5sA
/PZgQAUe4ZFOAOO2AeED1vHiDW4lst6KNmXwWrfHpqlqA8ryYIHFtwojkjNopKkB
L1nrVy+5BIcAsP6B9AsPIqaDl0m/1nJvyNt57niFwX/MX7Z2MZ6O8qS1SlDfDzue
QpABEVpYXbhs5jVOz87vhxgfcaf218YmugkwDR3V9RxHetmjVkxE0WNWbatZ7wcC
ARZKCRhpY2diZSTa6u0z3ehrjzlqcbRg6kPuHIhN/2XM5Uw8t3ZGgqFzKaIvMGUG
rwicE7fNxI+5YD8aeoy7yk7i4NuVz3OfgiX+omq00TDRNLNOHGq9Jq8oUJMFL2YB
IhuNVAdnyQIDAQABo4ICzTCCAskwHQYDVR0OBBYEFHJMv0OKFmau9sOoPDutxxKw
maDjMB8GA1UdIwQYMBaAFG16Jmcwko2d/f2s429zrInkJOIoMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzMyNTNkOTczLWQ1YmYtNDU0MS1iY2Mx
LTI3NjU0M2EyNWM3ZC80LzZEN0EyNjY3MzA5MjhEOURGREZEQUNFMzZGNzNBQzg5
RTQyNEUyMjguY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8wMmM3NzA2Yi0zYmFmLTQyY2ItYmRmNy03
ODJiMDM2MjUyYjMvZjQ0YzgyZGFiYTY4YjQwZjY1Y2ZjMTc0NDVmODliMjE5MmE1
NzM3OWQ3ZjEzYmU4ZmEuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUH
MAuGgY1yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzMyNTNkOTczLWQ1YmYtNDU0MS1iY2MxLTI3NjU0M2EyNWM3ZC80LzMyMzMyZTMx
MzczMjJlMzEzMjMwMmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzQzNzMyMzczMi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEABeseDANBgkqhkiG9w0BAQsFAAOCAQEAo42A2nYN++viDKv/7QCx
wfQpJs9kR/0SesszKsK91SpdDRxF75x7JW2zThCQkHmIzRVugcX2MkvoWWh/MgGB
Gv0K8hCVr4DzmDbFmHWt4du2m2D/IenXeKybg5G71qNEPMA3OvJZBRoGEEIyItZr
yxtSMB5sEoKb7jmceKtKSwS+XQ11LM9hdyoEckNtPLuMDt4c3gxmw5+H94+lHFEc
YOmiMZXpbx/JBgw8jhWQmN91g8DOGikEGM/1k8PQ/tjGaj0KP8yOtHrP9c8pc2Yf
q7Egvvp73zc3TPvpN3CK9Iqnbon5/IuI34uZY/K3Ruj07to7iB1y4nkNNKHKQUiZ
0Q==
-----END CERTIFICATE-----
Generated at Tue Dec 3 00:35:37 2024 by rpki-client on console-ams.rpki-client.org