Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          B4kT8cxmGEsKlFZU3VX9eToVIfMFN5q5eTUC/R99wSk=
Subject key identifier:   DE:59:0D:79:D6:83:13:9F:72:85:E0:49:5F:C9:A0:B7:FF:C3:D5:4D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5ECF8477F740C2E18DADC7B80CAE7481389BA296
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa
Signing time:             Sun 12 May 2024 03:21:53 +0000
ROA not before:           Sun 12 May 2024 03:16:53 +0000
ROA not after:            Sun 11 May 2025 03:21:53 +0000
asID:                     152672
IP address blocks:        45.146.82.0/24 maxlen: 24
                          45.158.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:cf:84:77:f7:40:c2:e1:8d:ad:c7:b8:0c:ae:74:81:38:9b:a2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 12 03:16:53 2024 GMT
            Not After : May 11 03:21:53 2025 GMT
        Subject: CN=DE590D79D683139F7285E0495FC9A0B7FFC3D54D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:52:15:7a:8d:ba:35:76:90:53:6a:de:3c:68:
                    8d:d4:51:01:c5:6d:24:82:7c:62:16:6a:94:92:88:
                    d7:2a:38:52:ce:33:c1:24:33:72:d7:c4:49:4e:c3:
                    cd:a7:04:af:ec:c4:bc:70:01:86:9e:3b:b8:63:fb:
                    ad:a8:c3:4a:d1:54:b4:96:c2:9d:11:b4:f5:4b:6e:
                    6b:06:ea:11:de:a1:16:e8:0c:71:f6:d7:b9:ca:02:
                    b1:e8:9d:82:c9:5e:85:d5:b9:03:43:46:df:84:05:
                    86:87:74:24:6f:11:8c:42:2f:b5:5d:a5:93:7e:df:
                    22:41:e0:6c:9a:71:60:67:73:47:99:b8:f4:16:37:
                    f8:0c:5e:7e:fc:e6:55:cb:ba:1e:a8:83:0f:34:5d:
                    3e:8d:36:d8:98:ec:01:95:33:22:5a:66:e7:70:fb:
                    ec:5d:c8:7e:e8:88:b7:dc:84:d1:29:82:b9:8d:f9:
                    1b:0f:e2:51:e4:9e:4f:ab:cd:cd:db:6f:38:8b:ef:
                    8c:39:64:88:83:32:44:6b:ed:76:61:5f:6f:ef:db:
                    43:bd:af:fe:42:3d:34:47:a5:90:88:ac:d7:10:90:
                    23:8e:f5:ea:a1:66:f9:2c:62:db:03:8b:2f:5e:8e:
                    08:37:6c:34:23:e9:e1:e4:03:0f:75:49:9b:ea:86:
                    eb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:59:0D:79:D6:83:13:9F:72:85:E0:49:5F:C9:A0:B7:FF:C3:D5:4D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.82.0/24
                  45.158.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:c7:25:3f:55:4a:24:20:a7:2c:1c:e4:2e:94:d8:63:8a:5a:
         7f:5a:e3:44:f1:51:37:ba:1c:1c:b9:bd:01:b9:dd:2b:5f:47:
         56:11:6f:b9:3d:75:d1:9f:c0:eb:de:8a:f7:33:87:b1:94:e1:
         38:c8:1d:42:98:5f:5f:41:c9:64:60:3e:8b:3a:7a:6a:dd:04:
         84:8c:c5:a5:72:66:c0:8e:6f:d7:4e:5a:43:9c:6f:f8:c4:70:
         91:ea:38:a2:37:4c:e8:dc:05:0e:f7:37:e3:38:a1:3b:1b:dc:
         45:77:63:6c:d6:16:3c:fc:d2:aa:7a:df:8b:bf:d4:a8:6d:fe:
         bb:6a:a8:ca:c5:02:3a:1d:84:c6:3e:e1:6e:a1:6a:c9:e3:45:
         da:eb:ea:bc:6e:60:67:b3:5e:aa:64:f9:4f:4e:c6:67:b3:43:
         12:75:27:7b:ae:42:d0:2a:36:61:c8:3c:1d:e8:c9:fa:5b:78:
         47:64:af:57:51:b1:48:3f:92:94:f9:1d:5e:6f:2e:b0:c6:95:
         e3:34:ac:e8:ff:70:c4:88:2f:36:b1:42:40:eb:55:b3:1d:bf:
         3c:77:ff:98:30:c6:de:f9:9c:05:ec:79:0a:81:53:f1:d9:b4:
         f1:03:66:21:64:08:01:67:22:1d:b5:22:e5:f4:d1:b7:f0:00:
         0b:70:50:49
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUXs+Ed/dAwuGNrce4DK50gTibopYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MTIwMzE2NTNaFw0yNTA1MTEwMzIxNTNaMDMxMTAvBgNV
BAMTKERFNTkwRDc5RDY4MzEzOUY3Mjg1RTA0OTVGQzlBMEI3RkZDM0Q1NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJUhV6jbo1dpBTat48aI3UUQHF
bSSCfGIWapSSiNcqOFLOM8EkM3LXxElOw82nBK/sxLxwAYaeO7hj+62ow0rRVLSW
wp0RtPVLbmsG6hHeoRboDHH217nKArHonYLJXoXVuQNDRt+EBYaHdCRvEYxCL7Vd
pZN+3yJB4GyacWBnc0eZuPQWN/gMXn785lXLuh6ogw80XT6NNtiY7AGVMyJaZudw
++xdyH7oiLfchNEpgrmN+RsP4lHknk+rzc3bbziL74w5ZIiDMkRr7XZhX2/v20O9
r/5CPTRHpZCIrNcQkCOO9eqhZvksYtsDiy9ejgg3bDQj6eHkAw91SZvqhutdAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3lkNedaDE59yheBJX8mgt//D1U0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZJS
AwQALZ4LMA0GCSqGSIb3DQEBCwUAA4IBAQDVxyU/VUokIKcsHOQulNhjilp/WuNE
8VE3uhwcub0Bud0rX0dWEW+5PXXRn8Dr3or3M4exlOE4yB1CmF9fQclkYD6LOnpq
3QSEjMWlcmbAjm/XTlpDnG/4xHCR6jiiN0zo3AUO9zfjOKE7G9xFd2Ns1hY8/NKq
et+Lv9Sobf67aqjKxQI6HYTGPuFuoWrJ40Xa6+q8bmBns16qZPlPTsZns0MSdSd7
rkLQKjZhyDwd6Mn6W3hHZK9XUbFIP5KU+R1eby6wxpXjNKzo/3DEiC82sUJA61Wz
Hb88d/+YMMbe+ZwF7HkKgVPx2bTxA2YhZAgBZyIdtSLl9NG38AALcFBJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:15:23 2024 by rpki-client on console-ams.rpki-client.org