Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS142046.roa
File:                     AS142046.roa (raw, json)
Hash identifier:          G4nEUBt1XC0+LDvvIhWYLRBHK+Xx9sKtapgzGywMZ0A=
Subject key identifier:   E8:A9:51:C7:4C:E1:A7:0E:7F:10:76:72:AE:8F:22:6C:0B:2C:E9:2D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4E61D8E3A4AA8E14C40514077A29BAE471AEDE38
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS142046.roa
Signing time:             Tue 17 Sep 2024 04:26:36 +0000
ROA not before:           Tue 17 Sep 2024 04:21:36 +0000
ROA not after:            Tue 16 Sep 2025 04:26:36 +0000
asID:                     142046
IP address blocks:        2a0f:85c1:298::/48 maxlen: 48
                          2a0f:85c1:393::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:61:d8:e3:a4:aa:8e:14:c4:05:14:07:7a:29:ba:e4:71:ae:de:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:21:36 2024 GMT
            Not After : Sep 16 04:26:36 2025 GMT
        Subject: CN=E8A951C74CE1A70E7F107672AE8F226C0B2CE92D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cc:cc:00:58:b3:98:d4:32:09:d1:f5:00:e6:
                    1c:e9:a0:1e:95:01:5d:69:41:7e:cb:76:36:53:7e:
                    f3:e5:7d:4d:3c:30:1c:ee:82:e7:3d:ff:1e:e2:2c:
                    19:a9:53:2c:c9:c7:8b:0d:3a:59:1d:1d:0e:57:6a:
                    00:57:04:19:a3:e4:5a:09:25:1c:a6:2d:2f:28:c2:
                    8f:72:3b:20:81:85:8b:b7:aa:75:65:a4:c2:2e:1d:
                    dc:82:8c:c0:13:44:7d:d4:22:c2:28:7c:b1:bb:92:
                    7f:bf:b1:29:17:02:9d:44:e2:c1:ce:00:3a:41:38:
                    98:32:59:e6:9b:a1:ac:29:de:01:7a:16:9b:d9:f0:
                    5d:ec:a1:84:1f:4f:e1:8c:b2:68:82:96:53:68:2c:
                    d7:35:59:00:9a:62:fd:1b:a5:75:12:4d:09:50:7b:
                    a1:59:a3:32:8e:28:e4:ff:23:16:75:cd:25:d5:de:
                    d5:51:b0:43:de:53:54:09:d9:da:fe:96:b7:fa:36:
                    1c:17:ca:04:89:2f:cc:f0:8e:19:fa:81:ff:1a:f2:
                    e3:f1:31:bc:c0:ae:90:5c:13:b6:e9:a1:2f:5c:5b:
                    e5:74:02:56:cd:6a:ab:ef:73:4c:68:89:f8:b1:11:
                    03:c3:2c:4a:9c:52:08:07:88:97:ed:9a:19:73:08:
                    60:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A9:51:C7:4C:E1:A7:0E:7F:10:76:72:AE:8F:22:6C:0B:2C:E9:2D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS142046.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:298::/48
                  2a0f:85c1:393::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:b8:79:f8:a0:b7:f0:6f:4e:e8:11:fb:ae:6d:04:05:13:1c:
         40:c2:a0:60:f7:b1:7d:eb:c2:ef:82:93:25:a3:58:53:e2:9b:
         dd:d2:40:05:e5:14:6e:96:53:5e:06:77:a3:c9:56:6e:0b:9c:
         84:15:4a:76:1f:38:8a:62:f1:39:ab:1d:8a:c3:e5:25:f2:96:
         46:56:0b:7d:93:54:fe:67:5c:4d:1e:5a:24:0e:cd:30:fd:24:
         46:44:0a:a2:c0:7d:46:05:03:d1:6c:84:23:a6:60:95:98:c0:
         1a:6d:67:7e:55:f7:ad:88:76:d1:2e:9b:24:c8:d5:fd:ee:36:
         0a:7b:d8:8f:6e:bc:63:1e:2a:b8:df:d3:91:c5:b5:c2:b9:86:
         9d:0d:d2:10:49:27:6f:87:e4:4d:17:92:cd:55:30:47:0c:12:
         c6:4a:dc:46:59:aa:44:18:c8:2e:06:ca:4f:ed:56:15:40:78:
         de:e9:0d:40:3e:89:c6:09:13:26:8e:a9:30:88:8d:4e:bc:c9:
         54:6d:ba:57:00:85:26:f0:38:3e:72:c6:cb:f0:12:bc:27:a1:
         2f:4b:53:77:f7:3b:f5:51:89:e3:ad:95:c7:81:65:78:5f:2e:
         e6:46:2b:f2:e7:a5:05:11:2d:87:c9:76:a9:f8:5a:58:11:aa:
         63:6b:4b:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUTmHY46SqjhTEBRQHeim65HGu3jgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIxMzZaFw0yNTA5MTYwNDI2MzZaMDMxMTAvBgNV
BAMTKEU4QTk1MUM3NENFMUE3MEU3RjEwNzY3MkFFOEYyMjZDMEIyQ0U5MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1zMwAWLOY1DIJ0fUA5hzpoB6V
AV1pQX7LdjZTfvPlfU08MBzuguc9/x7iLBmpUyzJx4sNOlkdHQ5XagBXBBmj5FoJ
JRymLS8owo9yOyCBhYu3qnVlpMIuHdyCjMATRH3UIsIofLG7kn+/sSkXAp1E4sHO
ADpBOJgyWeaboawp3gF6FpvZ8F3soYQfT+GMsmiCllNoLNc1WQCaYv0bpXUSTQlQ
e6FZozKOKOT/IxZ1zSXV3tVRsEPeU1QJ2dr+lrf6NhwXygSJL8zwjhn6gf8a8uPx
MbzArpBcE7bpoS9cW+V0AlbNaqvvc0xoifixEQPDLEqcUggHiJftmhlzCGCXAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU6KlRx0zhpw5/EHZyro8ibAss6S0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTQyMDQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQKYAwcAKg+FwQOTMA0GCSqGSIb3DQEBCwUAA4IBAQBFuHn4oLfwb07oEfuubQQF
ExxAwqBg97F968LvgpMlo1hT4pvd0kAF5RRullNeBnejyVZuC5yEFUp2HziKYvE5
qx2Kw+Ul8pZGVgt9k1T+Z1xNHlokDs0w/SRGRAqiwH1GBQPRbIQjpmCVmMAabWd+
VfetiHbRLpskyNX97jYKe9iPbrxjHiq439ORxbXCuYadDdIQSSdvh+RNF5LNVTBH
DBLGStxGWapEGMguBspP7VYVQHje6Q1APonGCRMmjqkwiI1OvMlUbbpXAIUm8Dg+
csbL8BK8J6EvS1N39zv1UYnjrZXHgWV4Xy7mRivy56UFES2HyXap+FpYEapja0u1
-----END CERTIFICATE-----