Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e3231352e302f32342d3234203d3e203432383331.roa
File:                     3134362e31392e3231352e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          uvmMBNllNoZIX6cr/5dje9RcJtxr21QBZf3O1Ag28zI=
Subject key identifier:   92:1F:D8:F2:E4:37:4B:38:E0:95:F2:04:5F:C7:0C:D9:3D:BE:80:60
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       59B7AC56CB445C1947870ADC8EEF3FC1F14C6E60
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e3231352e302f32342d3234203d3e203432383331.roa
Signing time:             Wed 21 Feb 2024 20:05:13 +0000
ROA not before:           Wed 21 Feb 2024 20:00:13 +0000
ROA not after:            Wed 19 Feb 2025 20:05:13 +0000
asID:                     42831
IP address blocks:        146.19.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:b7:ac:56:cb:44:5c:19:47:87:0a:dc:8e:ef:3f:c1:f1:4c:6e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Feb 21 20:00:13 2024 GMT
            Not After : Feb 19 20:05:13 2025 GMT
        Subject: CN=921FD8F2E4374B38E095F2045FC70CD93DBE8060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:44:21:c5:f1:41:bd:9e:cd:4a:d5:3a:93:
                    dd:d8:d9:9a:43:a6:a5:fc:a1:dc:7b:f3:05:d5:86:
                    d6:59:9e:7b:ff:a4:61:7a:b3:37:2d:18:7a:07:29:
                    03:d3:f6:b0:53:28:f2:f4:2b:83:91:8e:0e:94:92:
                    0f:dc:7f:e4:ff:78:75:0b:60:54:b8:a4:f4:26:6b:
                    e0:e4:a2:c6:4f:96:63:9f:5c:cf:ca:3e:87:9a:6b:
                    15:22:f2:0d:02:cb:ba:a2:ab:69:ff:68:df:c5:e6:
                    bf:7b:11:ed:98:d1:60:b5:48:04:3e:4d:49:6d:9a:
                    84:de:88:85:e4:b6:18:32:64:85:52:2d:0c:76:33:
                    95:ed:53:fd:4d:b3:3b:0f:1c:67:1a:b9:85:ef:25:
                    67:f7:ba:ab:cd:11:c7:32:8f:16:6e:b5:aa:d2:ba:
                    aa:f8:b0:4e:50:aa:3d:a8:d2:0a:a2:a6:b4:ab:94:
                    ee:74:1f:8f:b4:f4:d0:32:09:c0:9d:8a:be:f7:ce:
                    02:9a:a9:b8:a7:e2:8e:e6:c1:1d:8e:36:74:76:62:
                    77:48:6b:74:25:c8:08:57:c0:8e:6a:72:b6:fa:bd:
                    ea:f1:73:9a:23:4c:a2:99:0f:c3:92:95:61:46:f5:
                    55:47:45:5d:e9:4c:02:c7:45:67:9c:fb:ea:05:48:
                    c0:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1F:D8:F2:E4:37:4B:38:E0:95:F2:04:5F:C7:0C:D9:3D:BE:80:60
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e3231352e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:7f:73:cd:b7:2a:4e:f7:ea:db:7a:f4:9f:f6:ea:c3:c8:45:
         18:d4:02:95:48:df:89:c5:91:88:1b:81:0a:00:54:9d:b5:81:
         77:2e:a1:90:48:cb:32:07:0f:79:46:a3:29:11:e4:d2:b5:6d:
         ab:86:bb:a4:f2:24:59:84:58:c8:9f:d4:0a:99:e5:c2:7c:d1:
         0a:c7:64:96:19:63:e9:a4:12:a1:9f:5e:12:2e:e7:b5:99:7b:
         60:77:7e:fa:3b:62:ff:8c:31:06:0f:58:d5:90:fa:f4:01:3e:
         76:9a:de:34:d6:29:1c:7d:24:ad:63:e4:a6:82:0b:33:5c:ab:
         af:3f:25:b9:3d:61:92:61:d2:8f:3c:48:89:7d:66:2b:24:6c:
         9e:f0:4d:9f:54:2c:5b:8f:bf:50:89:a1:a7:a5:59:ed:49:43:
         c5:af:ed:89:0f:34:c7:b4:42:9e:1b:a7:e7:db:b2:62:9a:cf:
         5c:2d:6b:e7:51:d3:30:11:f8:7a:e2:bf:60:79:44:9c:ea:93:
         a6:15:63:23:b2:83:df:41:be:b8:de:7f:0e:ab:ab:e0:fc:1d:
         64:3a:84:75:26:c6:6c:cb:f5:65:20:35:d1:4e:f9:71:81:42:
         fa:6a:09:3b:49:73:4d:d6:7d:c3:68:c3:5b:29:04:2a:89:c2:
         0f:f8:ff:86
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWbesVstEXBlHhwrcju8/wfFMbmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDAyMjEyMDAwMTNaFw0yNTAyMTkyMDA1MTNaMDMxMTAvBgNV
BAMTKDkyMUZEOEYyRTQzNzRCMzhFMDk1RjIwNDVGQzcwQ0Q5M0RCRTgwNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvR0QhxfFBvZ7NStU6k93Y2ZpD
pqX8odx78wXVhtZZnnv/pGF6szctGHoHKQPT9rBTKPL0K4ORjg6Ukg/cf+T/eHUL
YFS4pPQma+DkosZPlmOfXM/KPoeaaxUi8g0Cy7qiq2n/aN/F5r97Ee2Y0WC1SAQ+
TUltmoTeiIXkthgyZIVSLQx2M5XtU/1NszsPHGcauYXvJWf3uqvNEccyjxZutarS
uqr4sE5Qqj2o0gqiprSrlO50H4+09NAyCcCdir73zgKaqbin4o7mwR2ONnR2YndI
a3QlyAhXwI5qcrb6verxc5ojTKKZD8OSlWFG9VVHRV3pTALHRWec++oFSMBzAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUkh/Y8uQ3SzjglfIEX8cM2T2+gGAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMx
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMyMzgzMzMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
khPXMA0GCSqGSIb3DQEBCwUAA4IBAQBAf3PNtypO9+rbevSf9urDyEUY1AKVSN+J
xZGIG4EKAFSdtYF3LqGQSMsyBw95RqMpEeTStW2rhruk8iRZhFjIn9QKmeXCfNEK
x2SWGWPppBKhn14SLue1mXtgd376O2L/jDEGD1jVkPr0AT52mt401ikcfSStY+Sm
ggszXKuvPyW5PWGSYdKPPEiJfWYrJGye8E2fVCxbj79QiaGnpVntSUPFr+2JDzTH
tEKeG6fn27Jims9cLWvnUdMwEfh64r9geUSc6pOmFWMjsoPfQb643n8Oq6vg/B1k
OoR1JsZsy/VlIDXRTvlxgUL6agk7SXNN1n3DaMNbKQQqicIP+P+G
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org