Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313432313131.roa
File:                     3134362e31392e35332e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          W4yW8LsuFkIBFxpYHDWaUVkWQGqjlpSw8bNYVc2/mcI=
Subject key identifier:   3C:A4:0B:57:43:C8:9F:AF:9F:1E:34:25:D5:5D:7B:AC:B0:AD:5B:3B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       645A2F212685A05DC166F75A1EE50923023E3459
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313432313131.roa
Signing time:             Wed 06 Dec 2023 08:13:06 +0000
ROA not before:           Wed 06 Dec 2023 08:08:06 +0000
ROA not after:            Wed 04 Dec 2024 08:13:06 +0000
asID:                     142111
IP address blocks:        146.19.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:5a:2f:21:26:85:a0:5d:c1:66:f7:5a:1e:e5:09:23:02:3e:34:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec  6 08:08:06 2023 GMT
            Not After : Dec  4 08:13:06 2024 GMT
        Subject: CN=3CA40B5743C89FAF9F1E3425D55D7BACB0AD5B3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cd:6f:be:cc:b0:c6:26:0b:a1:ac:4e:d9:57:
                    b3:83:49:ea:2c:3a:c5:9d:f2:ef:ea:03:d6:86:18:
                    b8:92:fa:30:5d:4b:a4:02:8f:06:30:82:16:e5:c2:
                    46:92:95:eb:d2:d8:76:56:a0:04:9d:bb:83:e7:25:
                    49:eb:ea:17:9f:cd:cd:6c:d3:ac:19:16:fe:7e:cc:
                    02:4f:c8:bb:a7:0a:61:c7:f1:6b:0c:08:c8:d7:77:
                    7c:5d:f4:f8:0f:cb:fe:eb:8f:83:f4:a4:0d:8d:5c:
                    e4:49:6a:18:12:dc:9e:00:54:a8:14:bb:de:d4:92:
                    2c:3b:04:c9:d0:2e:ec:8d:1f:a8:db:21:f5:99:ae:
                    11:2d:9d:16:a4:29:96:3f:de:ae:5f:ef:a3:76:7b:
                    e2:0d:7e:f7:af:b2:fe:7c:43:34:e7:2f:a8:f3:61:
                    c4:1d:67:fe:6b:fe:d8:96:60:a2:f9:45:f3:92:e7:
                    79:91:21:c9:51:c5:89:5a:33:23:20:a0:c6:ed:68:
                    f2:4e:8a:1f:3b:a0:c2:37:56:58:81:c5:04:62:68:
                    75:e5:00:17:bd:7b:c8:3f:80:d8:d0:c9:2a:2a:c1:
                    0b:c0:95:c5:b3:df:81:5c:15:61:f5:78:d2:10:bb:
                    ba:e8:92:52:b8:2e:ec:ff:0e:72:24:e2:e4:dd:83:
                    bf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A4:0B:57:43:C8:9F:AF:9F:1E:34:25:D5:5D:7B:AC:B0:AD:5B:3B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:39:0c:3a:9c:d6:b0:dd:6e:f0:1e:0b:5d:5b:17:b6:d6:88:
         28:4d:11:5d:0a:5b:c2:ac:9b:a7:c0:c6:f2:3b:e8:e1:d3:7c:
         58:d6:ec:1d:cf:b0:46:dc:dd:fd:e1:3c:6f:17:f7:2f:7a:dd:
         22:d8:86:8a:02:62:5c:00:50:5c:d3:ff:98:dc:4a:c4:9b:18:
         30:52:c3:b9:92:75:31:c7:63:90:bf:4b:62:c0:c8:15:df:cf:
         de:21:bd:95:f9:2c:ae:df:58:64:8b:f4:96:c8:25:99:67:93:
         9e:15:ab:d7:a2:6a:38:90:a3:fe:ec:71:eb:3e:97:0d:cd:e9:
         58:f9:b7:1b:cf:70:f4:2b:dd:3c:f6:48:88:7c:8c:d6:6b:9d:
         76:68:f9:df:4e:5d:22:7f:ea:99:9d:0f:d7:ad:67:c6:2c:cd:
         a9:c5:10:96:9e:bf:e6:97:8a:b4:a2:1e:84:a1:33:cb:a2:df:
         20:57:6b:e6:ed:19:bc:ad:eb:2c:c8:1c:93:0e:d3:84:de:86:
         77:ce:4e:d7:c4:9c:46:03:bf:db:9f:1a:1e:00:46:f7:cd:37:
         5c:e6:8d:5c:f9:70:85:a0:bf:34:9e:ba:d9:11:f6:7b:45:85:
         ad:df:d4:25:50:95:30:1c:aa:c2:7b:f5:d6:f2:86:9d:8f:20:
         86:18:a0:9d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUZFovISaFoF3BZvdaHuUJIwI+NFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMDYwODA4MDZaFw0yNDEyMDQwODEzMDZaMDMxMTAvBgNV
BAMTKDNDQTQwQjU3NDNDODlGQUY5RjFFMzQyNUQ1NUQ3QkFDQjBBRDVCM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCizW++zLDGJguhrE7ZV7ODSeos
OsWd8u/qA9aGGLiS+jBdS6QCjwYwghblwkaSlevS2HZWoASdu4PnJUnr6hefzc1s
06wZFv5+zAJPyLunCmHH8WsMCMjXd3xd9PgPy/7rj4P0pA2NXORJahgS3J4AVKgU
u97Ukiw7BMnQLuyNH6jbIfWZrhEtnRakKZY/3q5f76N2e+INfvevsv58QzTnL6jz
YcQdZ/5r/tiWYKL5RfOS53mRIclRxYlaMyMgoMbtaPJOih87oMI3VliBxQRiaHXl
ABe9e8g/gNjQySoqwQvAlcWz34FcFWH1eNIQu7roklK4Luz/DnIk4uTdg7/tAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUPKQLV0PIn6+fHjQl1V17rLCtWzswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDMyMzEzMTMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
khM1MA0GCSqGSIb3DQEBCwUAA4IBAQBlOQw6nNaw3W7wHgtdWxe21ogoTRFdClvC
rJunwMbyO+jh03xY1uwdz7BG3N394TxvF/cvet0i2IaKAmJcAFBc0/+Y3ErEmxgw
UsO5knUxx2OQv0tiwMgV38/eIb2V+Syu31hki/SWyCWZZ5OeFavXomo4kKP+7HHr
PpcNzelY+bcbz3D0K9089kiIfIzWa512aPnfTl0if+qZnQ/XrWfGLM2pxRCWnr/m
l4q0oh6EoTPLot8gV2vm7Rm8ressyByTDtOE3oZ3zk7XxJxGA7/bnxoeAEb3zTdc
5o1c+XCFoL80nrrZEfZ7RYWt39QlUJUwHKrCe/XW8oadjyCGGKCd
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org