Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa
File:                     AS14445.roa (raw, json)
Hash identifier:          1P+uu2FfUqepequvvBcChed74L953KPt2KzXUakNsK8=
Subject key identifier:   F1:4A:9E:6E:84:FA:D3:31:E0:0B:DF:D0:AD:00:A7:24:CC:D3:BE:2B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5F6FCB80E9AFB170A1E449A3C8068A846536256B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa
Signing time:             Sun 01 Dec 2024 11:50:07 +0000
ROA not before:           Sun 01 Dec 2024 11:45:07 +0000
ROA not after:            Sun 30 Nov 2025 11:50:07 +0000
asID:                     14445
IP address blocks:        92.242.184.0/24 maxlen: 24
                          181.214.101.0/24 maxlen: 24
                          191.101.239.0/24 maxlen: 24
                          193.58.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Jan 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:6f:cb:80:e9:af:b1:70:a1:e4:49:a3:c8:06:8a:84:65:36:25:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  1 11:45:07 2024 GMT
            Not After : Nov 30 11:50:07 2025 GMT
        Subject: CN=F14A9E6E84FAD331E00BDFD0AD00A724CCD3BE2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:da:3d:04:a4:5b:5d:e6:22:53:a1:17:32:10:
                    10:87:24:08:b3:6a:63:51:f4:89:fc:41:d8:af:d4:
                    a7:8b:31:3f:dc:2c:b1:be:a0:64:41:40:d6:09:22:
                    e9:92:80:57:5e:6a:01:b1:75:e6:dc:65:c4:1a:be:
                    b7:93:60:08:cb:ed:89:9b:10:a8:fb:dc:ac:0b:0a:
                    78:20:74:79:36:77:45:67:d9:03:ff:10:bb:84:36:
                    b0:dc:74:eb:39:00:1e:d2:ff:26:49:40:db:f8:16:
                    1d:19:a4:12:9c:95:d2:d0:f3:b2:0c:88:cf:84:0b:
                    c4:53:6b:a8:8c:7b:8a:f2:97:5e:5e:0b:4b:2d:4c:
                    e9:15:12:f2:29:81:6a:5d:a9:c4:e4:5e:07:1f:ae:
                    c0:95:3d:a3:35:86:f4:0a:2f:c6:9f:90:d3:2d:35:
                    91:f3:56:3a:e2:be:43:8a:bf:6d:53:a5:1d:43:a6:
                    7d:e8:ad:d9:2a:28:36:b2:80:32:05:fe:da:fe:be:
                    c9:41:cc:5e:6e:ad:39:42:90:b6:c9:5a:24:60:3f:
                    df:c7:10:69:a3:ef:b0:e5:83:4d:a1:dc:86:0e:57:
                    5d:14:6e:5c:18:f9:e1:4e:62:dc:08:1e:06:19:e9:
                    34:46:ce:fe:ce:1d:e4:c9:f0:85:85:ee:e8:cf:36:
                    9c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:4A:9E:6E:84:FA:D3:31:E0:0B:DF:D0:AD:00:A7:24:CC:D3:BE:2B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.184.0/24
                  181.214.101.0/24
                  191.101.239.0/24
                  193.58.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:aa:c4:d0:b2:cd:d4:c6:77:40:01:c0:90:ba:de:7c:f4:42:
         84:65:6f:8d:38:54:aa:e3:4b:0e:03:10:1e:17:e2:dc:d2:1a:
         51:b7:ce:7e:03:45:47:68:9d:dd:1a:44:7a:ec:f0:ba:b8:0b:
         1d:f1:c8:eb:ae:35:d4:44:35:5c:f6:fa:93:31:44:20:ce:c9:
         26:2c:1b:96:f5:d2:fe:51:9b:5c:a0:a7:40:22:b8:36:be:96:
         59:77:1c:89:a9:cb:62:b3:11:52:cf:b5:c9:d9:a5:8f:ad:79:
         88:36:a7:9c:5f:7e:9a:ac:77:6d:2f:9f:05:79:a3:14:45:44:
         d6:42:52:4e:55:d2:a1:5c:ed:9b:6a:2d:33:fb:59:a3:4d:00:
         68:b6:6b:46:d2:b2:a2:7b:ad:dd:fa:f1:92:5a:0b:26:9c:9c:
         f3:43:3d:b1:4a:84:73:d2:cf:c0:9f:2e:a9:e5:94:d5:d1:bf:
         aa:c7:cf:5f:0d:29:d8:a1:67:c2:aa:6f:7f:60:4c:f5:a0:46:
         45:17:88:34:b0:8c:df:7f:43:9b:9c:6a:8c:8c:ee:f3:ab:e0:
         a1:02:e9:e7:27:e0:75:6f:32:f7:bb:45:0d:aa:1a:89:cc:62:
         a8:28:9c:df:cb:8f:64:ae:2a:8f:25:6a:58:fd:e9:85:f0:99:
         e2:fd:3c:aa
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUX2/LgOmvsXCh5EmjyAaKhGU2JWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDExMTQ1MDdaFw0yNTExMzAxMTUwMDdaMDMxMTAvBgNV
BAMTKEYxNEE5RTZFODRGQUQzMzFFMDBCREZEMEFEMDBBNzI0Q0NEM0JFMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ2j0EpFtd5iJToRcyEBCHJAiz
amNR9In8Qdiv1KeLMT/cLLG+oGRBQNYJIumSgFdeagGxdebcZcQavreTYAjL7Ymb
EKj73KwLCnggdHk2d0Vn2QP/ELuENrDcdOs5AB7S/yZJQNv4Fh0ZpBKcldLQ87IM
iM+EC8RTa6iMe4ryl15eC0stTOkVEvIpgWpdqcTkXgcfrsCVPaM1hvQKL8afkNMt
NZHzVjrivkOKv21TpR1Dpn3ordkqKDaygDIF/tr+vslBzF5urTlCkLbJWiRgP9/H
EGmj77Dlg02h3IYOV10UblwY+eFOYtwIHgYZ6TRGzv7OHeTJ8IWF7ujPNpwnAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQU8UqeboT60zHgC9/QrQCnJMzTviswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ0NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABc8rgD
BAC11mUDBAC/Ze8DBADBOmowDQYJKoZIhvcNAQELBQADggEBAFOqxNCyzdTGd0AB
wJC63nz0QoRlb404VKrjSw4DEB4X4tzSGlG3zn4DRUdond0aRHrs8Lq4Cx3xyOuu
NdRENVz2+pMxRCDOySYsG5b10v5Rm1ygp0AiuDa+lll3HImpy2KzEVLPtcnZpY+t
eYg2p5xffpqsd20vnwV5oxRFRNZCUk5V0qFc7ZtqLTP7WaNNAGi2a0bSsqJ7rd36
8ZJaCyacnPNDPbFKhHPSz8CfLqnllNXRv6rHz18NKdihZ8Kqb39gTPWgRkUXiDSw
jN9/Q5ucaoyM7vOr4KEC6ecn4HVvMve7RQ2qGonMYqgonN/Lj2SuKo8lalj96YXw
meL9PKo=
-----END CERTIFICATE-----
Generated at Fri Jan 24 06:16:14 2025 by rpki-client on console-fra.rpki-client.org