Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e20323039323432.roa
File:                     3134362e31392e32322e302f32342d3234203d3e20323039323432.roa (raw, json)
Hash identifier:          nL30/SazlOWahAmVI/pbnsb+mfZTKIWVeGTyenHGWdI=
Subject key identifier:   23:1C:ED:9C:EF:FD:C6:E8:6D:36:4E:8A:56:D0:07:B8:68:4D:80:1A
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1A2FA6188B3548B57E6E2BB6749577D4BCCF6ACD
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e20323039323432.roa
Signing time:             Sun 26 Nov 2023 08:12:31 +0000
ROA not before:           Sun 26 Nov 2023 08:07:31 +0000
ROA not after:            Sun 24 Nov 2024 08:12:31 +0000
asID:                     209242
IP address blocks:        146.19.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:2f:a6:18:8b:35:48:b5:7e:6e:2b:b6:74:95:77:d4:bc:cf:6a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov 26 08:07:31 2023 GMT
            Not After : Nov 24 08:12:31 2024 GMT
        Subject: CN=231CED9CEFFDC6E86D364E8A56D007B8684D801A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fe:17:56:00:b0:b8:6e:a0:30:40:de:bb:ae:
                    c3:0c:f0:76:37:92:0c:d0:60:28:8d:ea:04:59:62:
                    80:db:01:6c:96:cc:04:e8:43:d1:d6:8e:b8:03:31:
                    b3:0a:fe:23:ba:a0:0e:b4:f7:4f:20:7b:d3:2e:04:
                    19:cb:cd:99:ad:85:1c:0e:a2:6a:8a:38:d7:71:03:
                    5f:cd:90:25:dc:dc:cf:d9:16:f6:30:ac:d5:fa:be:
                    b8:c0:51:e7:9a:27:b2:cd:c1:85:86:8e:1c:b2:ce:
                    7f:91:fe:cf:22:a6:a0:1c:47:4f:61:e0:a2:b8:b3:
                    3c:28:62:34:86:e5:16:dc:2e:ab:90:ba:af:d8:37:
                    5d:8f:3c:9b:ee:51:eb:85:d5:61:17:89:db:87:34:
                    6e:93:e0:ee:b4:f8:53:4f:06:04:d6:1d:6b:a2:81:
                    7f:d3:93:70:e6:c4:59:4b:12:ff:3b:bd:0b:5f:21:
                    61:41:53:05:d0:23:82:24:c7:94:ed:d2:74:46:f9:
                    95:dd:c7:24:f1:63:07:ea:5d:81:a7:67:d3:a6:a5:
                    24:1a:2b:c9:bb:f0:37:b0:68:64:0b:52:9e:dc:2c:
                    92:09:66:85:15:a7:fe:62:f9:a4:65:92:ef:18:e1:
                    62:28:be:25:34:c4:86:1e:93:a0:60:65:e0:85:58:
                    cb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:1C:ED:9C:EF:FD:C6:E8:6D:36:4E:8A:56:D0:07:B8:68:4D:80:1A
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e20323039323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:cf:ae:ba:92:98:ee:3a:43:ae:37:b7:b5:e9:c4:a7:35:d1:
         ce:69:37:62:d6:ff:2a:77:90:7d:2f:14:78:6b:ef:e9:9b:1c:
         c9:f4:fe:fa:ce:de:7f:ae:7d:3a:e8:1d:2e:f2:08:7d:27:84:
         ce:3c:8e:33:85:04:1c:28:84:25:70:4e:76:3e:3b:eb:cb:85:
         31:93:5f:23:0f:00:17:49:aa:b8:7d:de:84:bd:25:d4:09:08:
         a3:46:c6:eb:02:50:69:7a:e8:43:b2:ff:36:12:a6:a2:e4:d9:
         e1:fc:31:ab:a1:a2:ea:c6:04:88:87:f0:d7:35:30:83:a3:1e:
         8c:a0:f1:f0:cf:5d:e0:01:3a:61:e1:f9:df:75:63:8c:ec:6b:
         44:66:33:06:24:cd:5e:2d:0d:91:d6:82:cd:9d:e2:1b:15:ee:
         5e:5d:3c:f2:33:2a:41:f0:43:f5:10:09:7c:b0:df:26:bf:1b:
         04:01:68:5a:09:1b:01:55:ff:9e:f0:bb:0b:ac:78:93:1d:e8:
         a4:c8:cd:c6:93:f2:df:a3:4f:9b:d0:2b:b7:a5:30:fc:b0:3b:
         74:b9:f7:e1:a9:ca:1f:35:70:dd:cd:72:f6:2f:e4:f5:4f:5f:
         84:9e:cd:bc:83:6a:0f:65:bd:ba:b0:e9:e4:e4:c9:1e:d4:15:
         3d:e1:ba:58
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGi+mGIs1SLV+biu2dJV31LzPas0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzExMjYwODA3MzFaFw0yNDExMjQwODEyMzFaMDMxMTAvBgNV
BAMTKDIzMUNFRDlDRUZGREM2RTg2RDM2NEU4QTU2RDAwN0I4Njg0RDgwMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hdWALC4bqAwQN67rsMM8HY3
kgzQYCiN6gRZYoDbAWyWzAToQ9HWjrgDMbMK/iO6oA60908ge9MuBBnLzZmthRwO
omqKONdxA1/NkCXc3M/ZFvYwrNX6vrjAUeeaJ7LNwYWGjhyyzn+R/s8ipqAcR09h
4KK4szwoYjSG5RbcLquQuq/YN12PPJvuUeuF1WEXiduHNG6T4O60+FNPBgTWHWui
gX/Tk3DmxFlLEv87vQtfIWFBUwXQI4Ikx5Tt0nRG+ZXdxyTxYwfqXYGnZ9OmpSQa
K8m78DewaGQLUp7cLJIJZoUVp/5i+aRlku8Y4WIoviU0xIYek6BgZeCFWMuVAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUIxztnO/9xuhtNk6KVtAHuGhNgBowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM5MzIzNDMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
khMWMA0GCSqGSIb3DQEBCwUAA4IBAQCHz666kpjuOkOuN7e16cSnNdHOaTdi1v8q
d5B9LxR4a+/pmxzJ9P76zt5/rn066B0u8gh9J4TOPI4zhQQcKIQlcE52Pjvry4Ux
k18jDwAXSaq4fd6EvSXUCQijRsbrAlBpeuhDsv82Eqai5Nnh/DGroaLqxgSIh/DX
NTCDox6MoPHwz13gATph4fnfdWOM7GtEZjMGJM1eLQ2R1oLNneIbFe5eXTzyMypB
8EP1EAl8sN8mvxsEAWhaCRsBVf+e8LsLrHiTHeikyM3Gk/Lfo0+b0Cu3pTD8sDt0
uffhqcofNXDdzXL2L+T1T1+Ens28g2oPZb26sOnk5Mke1BU94bpY
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org