Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313532363732.roa
File:                     3134362e31392e35332e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          RAiT+sOhjtRZEetwwE0sFAiRrEOBxRAIHI25K8S1t5M=
Subject key identifier:   71:3F:2B:2C:DF:49:B4:E5:F3:06:0A:CC:DC:33:8E:1A:B5:98:CC:23
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       43B395FFE0E14FC3D37DED805798A3C5C9B206DD
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313532363732.roa
Signing time:             Sun 12 May 2024 03:27:00 +0000
ROA not before:           Sun 12 May 2024 03:22:00 +0000
ROA not after:            Sun 11 May 2025 03:27:00 +0000
asID:                     152672
IP address blocks:        146.19.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:b3:95:ff:e0:e1:4f:c3:d3:7d:ed:80:57:98:a3:c5:c9:b2:06:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May 12 03:22:00 2024 GMT
            Not After : May 11 03:27:00 2025 GMT
        Subject: CN=713F2B2CDF49B4E5F3060ACCDC338E1AB598CC23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c0:27:78:10:d0:82:65:4d:13:55:d3:4d:ba:
                    06:49:48:2c:bb:3c:77:53:88:a2:f5:29:4c:63:0f:
                    2b:bd:54:1e:c0:6a:e5:76:33:b0:ea:20:71:eb:8c:
                    32:36:d4:14:95:12:10:a2:b7:e9:15:c0:a8:b2:b2:
                    8a:a2:01:c2:e5:53:fb:d0:8b:06:22:0c:be:3c:47:
                    97:59:95:20:40:fb:79:d3:ad:66:05:82:95:ab:11:
                    29:7d:07:79:39:e6:da:6f:c1:56:30:33:7c:1b:ea:
                    34:47:4b:fe:82:88:c5:7f:05:3e:af:7b:22:8a:9e:
                    a0:c1:6c:34:48:cb:94:1d:eb:2d:ca:d1:bd:c5:85:
                    c3:e6:91:3d:d5:b9:b3:ed:87:70:17:69:f8:b5:3b:
                    73:c3:16:d8:cb:24:73:c6:60:99:61:f7:12:10:01:
                    8a:65:d8:0b:e7:5a:62:83:05:82:32:f0:52:fc:b1:
                    67:54:ea:d9:4c:d6:1b:ad:d4:1e:c7:1f:f2:0c:49:
                    79:28:f2:da:47:ab:5d:2f:9c:c5:62:d5:ce:c6:82:
                    93:ab:68:31:40:a8:ad:65:48:74:ac:5e:e4:0f:f4:
                    43:ca:a3:0f:35:cf:35:db:60:24:d0:86:eb:59:90:
                    3b:73:01:3b:14:8e:8e:60:d1:76:f4:79:86:ab:be:
                    e1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:3F:2B:2C:DF:49:B4:E5:F3:06:0A:CC:DC:33:8E:1A:B5:98:CC:23
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:5e:3c:86:91:79:7d:10:44:96:57:97:e7:f6:1e:df:85:ec:
         a7:fe:2e:a6:a6:44:40:a4:10:59:70:d6:68:a2:6c:b6:5d:ab:
         7b:16:7b:98:df:58:ac:98:57:62:48:25:c1:6b:65:c6:ba:b5:
         91:5d:e6:72:a6:85:6e:ea:4b:5c:c5:41:d5:44:7c:d8:6a:e5:
         07:04:ef:57:73:1b:0b:b5:58:21:11:1c:16:ab:1d:57:9d:e0:
         c1:33:79:85:4c:21:cf:17:a2:70:c9:f3:45:2d:bb:5c:dc:90:
         b1:a4:7f:89:53:3c:c5:93:d3:02:81:86:87:cb:ff:e9:d3:ce:
         b6:fc:96:e7:2d:d3:d1:62:8a:f4:d0:eb:6f:7b:f6:07:f5:c9:
         9b:3c:b6:0e:3a:d8:a0:de:af:37:bb:dc:11:d0:35:89:52:35:
         d3:6c:0e:af:9d:f6:0c:8c:c8:69:43:a2:38:82:7a:ab:c8:a2:
         49:cc:cf:3f:eb:9c:fd:66:f4:23:cf:25:a9:86:8c:77:94:42:
         71:38:04:22:6b:82:06:5a:8d:81:48:04:d0:65:ed:4a:7e:f7:
         cc:4a:b7:2a:2f:5c:74:76:7b:14:d1:52:65:47:9c:ab:7a:f5:
         99:e1:7b:53:4d:14:fb:3f:a9:1f:cd:e0:22:fc:a5:c2:87:88:
         fb:47:1a:c3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQ7OV/+DhT8PTfe2AV5ijxcmyBt0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA1MTIwMzIyMDBaFw0yNTA1MTEwMzI3MDBaMDMxMTAvBgNV
BAMTKDcxM0YyQjJDREY0OUI0RTVGMzA2MEFDQ0RDMzM4RTFBQjU5OENDMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMwCd4ENCCZU0TVdNNugZJSCy7
PHdTiKL1KUxjDyu9VB7AauV2M7DqIHHrjDI21BSVEhCit+kVwKiysoqiAcLlU/vQ
iwYiDL48R5dZlSBA+3nTrWYFgpWrESl9B3k55tpvwVYwM3wb6jRHS/6CiMV/BT6v
eyKKnqDBbDRIy5Qd6y3K0b3FhcPmkT3VubPth3AXafi1O3PDFtjLJHPGYJlh9xIQ
AYpl2AvnWmKDBYIy8FL8sWdU6tlM1hut1B7HH/IMSXko8tpHq10vnMVi1c7GgpOr
aDFAqK1lSHSsXuQP9EPKow81zzXbYCTQhutZkDtzATsUjo5g0Xb0eYarvuEZAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUcT8rLN9JtOXzBgrM3DOOGrWYzCMwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTMyMzYzNzMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
khM1MA0GCSqGSIb3DQEBCwUAA4IBAQB5XjyGkXl9EESWV5fn9h7fheyn/i6mpkRA
pBBZcNZoomy2Xat7FnuY31ismFdiSCXBa2XGurWRXeZypoVu6ktcxUHVRHzYauUH
BO9XcxsLtVghERwWqx1XneDBM3mFTCHPF6JwyfNFLbtc3JCxpH+JUzzFk9MCgYaH
y//p0862/JbnLdPRYor00Otve/YH9cmbPLYOOtig3q83u9wR0DWJUjXTbA6vnfYM
jMhpQ6I4gnqryKJJzM8/65z9ZvQjzyWphox3lEJxOAQia4IGWo2BSATQZe1KfvfM
SrcqL1x0dnsU0VJlR5yrevWZ4XtTTRT7P6kfzeAi/KXCh4j7RxrD
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org