Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3137362e3132362e3130352e302f32342d3234203d3e20313532363732.roa
File:                     3137362e3132362e3130352e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          Dw21SQRvhIStUdj4CbmqnMuwZh/qcP2IvzyF3pxoeJQ=
Subject key identifier:   4A:9D:C2:BE:DC:21:EF:85:69:43:D1:E4:31:0C:88:5F:8C:77:9D:0A
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       0DCE3602EF4BF3DE354AC9ADE71674E9A5414443
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3137362e3132362e3130352e302f32342d3234203d3e20313532363732.roa
Signing time:             Sun 12 May 2024 03:27:00 +0000
ROA not before:           Sun 12 May 2024 03:22:00 +0000
ROA not after:            Sun 11 May 2025 03:27:00 +0000
asID:                     152672
IP address blocks:        176.126.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ce:36:02:ef:4b:f3:de:35:4a:c9:ad:e7:16:74:e9:a5:41:44:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May 12 03:22:00 2024 GMT
            Not After : May 11 03:27:00 2025 GMT
        Subject: CN=4A9DC2BEDC21EF856943D1E4310C885F8C779D0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9e:53:3a:fe:c3:0e:d8:90:c5:09:b1:e3:d1:
                    d0:93:41:20:d2:c5:31:f6:72:53:4f:8e:39:65:06:
                    0c:75:15:a5:c6:c2:9d:3c:6e:a3:3b:97:1a:cb:75:
                    27:86:b1:fa:e3:29:85:df:22:e3:f7:e3:a7:f1:b3:
                    fe:16:46:92:f0:2d:e9:65:42:a5:80:de:32:df:45:
                    40:2d:6a:8a:2f:fa:df:c3:54:60:9f:79:07:10:93:
                    a8:c7:7e:04:9a:04:af:42:a6:fd:9a:e2:f8:46:c6:
                    ba:ad:4f:60:97:21:a6:8e:0d:7b:fe:81:76:4d:61:
                    89:ad:24:8e:dd:5d:32:9e:5a:06:b4:34:0f:c9:60:
                    86:c6:47:7c:c7:fd:3c:37:9b:c9:db:67:95:95:2b:
                    e3:ed:52:eb:a2:4c:07:56:50:92:00:1b:f6:cd:21:
                    c9:45:f2:e1:40:78:c4:ea:6f:3a:5e:a4:90:f5:1c:
                    f6:81:f1:67:c9:15:e0:c1:b2:32:5d:33:cc:3f:4a:
                    5d:f3:20:d9:12:9d:2a:57:7a:d9:3d:f9:d7:34:f6:
                    c2:85:35:92:b0:d7:49:ae:a4:ac:82:af:16:fe:c0:
                    2a:16:4e:c8:a2:b8:53:1c:30:bc:75:f9:19:a8:d8:
                    a8:27:57:aa:ac:e9:e5:08:87:8c:8f:1a:5a:71:ad:
                    9f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9D:C2:BE:DC:21:EF:85:69:43:D1:E4:31:0C:88:5F:8C:77:9D:0A
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3137362e3132362e3130352e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:75:f7:a2:ac:41:d6:56:af:4b:43:78:52:c2:3a:c4:02:3b:
         fb:60:ad:63:0c:8a:8b:e6:d2:ff:63:49:ef:17:3e:e9:f1:c1:
         82:d7:33:d9:d8:09:d6:43:fb:fa:78:ad:7b:19:7c:d0:43:a4:
         ee:f1:c4:54:77:34:37:2e:ce:f4:54:76:08:71:94:98:b3:70:
         fa:19:8a:5a:7a:f9:71:59:e8:65:12:39:94:8b:a8:ac:ae:a3:
         19:6d:e4:aa:9b:78:a3:10:87:58:c7:70:d8:fa:4f:86:da:12:
         1a:1b:ef:3d:24:47:7d:39:b0:a2:f7:dd:ca:4c:06:51:71:d6:
         39:43:73:64:ad:66:72:f5:5f:f0:05:e5:77:c9:32:4e:94:af:
         9a:09:2f:3b:48:0b:ff:bc:db:5c:5a:59:a4:b3:0f:16:88:e2:
         15:3b:38:71:b2:88:bd:e7:de:76:a5:58:0b:e9:ed:4d:38:b6:
         1d:ba:15:81:48:e1:bc:23:3b:a9:ad:02:22:d0:71:1d:8c:1d:
         23:47:61:31:6e:82:80:92:7d:6f:36:d7:ff:35:82:45:8c:dd:
         e7:dd:96:2f:25:20:63:db:44:72:51:d7:48:a9:22:aa:23:14:
         fd:17:20:e8:b3:58:38:d8:bb:1e:2f:a9:c9:82:f2:61:18:2d:
         07:7a:4a:1b
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUDc42Au9L8941Ssmt5xZ06aVBREMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA1MTIwMzIyMDBaFw0yNTA1MTEwMzI3MDBaMDMxMTAvBgNV
BAMTKDRBOURDMkJFREMyMUVGODU2OTQzRDFFNDMxMEM4ODVGOEM3NzlEMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxnlM6/sMO2JDFCbHj0dCTQSDS
xTH2clNPjjllBgx1FaXGwp08bqM7lxrLdSeGsfrjKYXfIuP346fxs/4WRpLwLell
QqWA3jLfRUAtaoov+t/DVGCfeQcQk6jHfgSaBK9Cpv2a4vhGxrqtT2CXIaaODXv+
gXZNYYmtJI7dXTKeWga0NA/JYIbGR3zH/Tw3m8nbZ5WVK+PtUuuiTAdWUJIAG/bN
IclF8uFAeMTqbzpepJD1HPaB8WfJFeDBsjJdM8w/Sl3zINkSnSpXetk9+dc09sKF
NZKw10mupKyCrxb+wCoWTsiiuFMcMLx1+Rmo2KgnV6qs6eUIh4yPGlpxrZ8nAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUSp3Cvtwh74VpQ9HkMQyIX4x3nQowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNzM2MmUzMTMyMzYyZTMx
MzAzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMjM2MzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALB+aTANBgkqhkiG9w0BAQsFAAOCAQEAVnX3oqxB1lavS0N4UsI6xAI7+2Ct
YwyKi+bS/2NJ7xc+6fHBgtcz2dgJ1kP7+nitexl80EOk7vHEVHc0Ny7O9FR2CHGU
mLNw+hmKWnr5cVnoZRI5lIuorK6jGW3kqpt4oxCHWMdw2PpPhtoSGhvvPSRHfTmw
ovfdykwGUXHWOUNzZK1mcvVf8AXld8kyTpSvmgkvO0gL/7zbXFpZpLMPFojiFTs4
cbKIvefedqVYC+ntTTi2HboVgUjhvCM7qa0CItBxHYwdI0dhMW6CgJJ9bzbX/zWC
RYzd592WLyUgY9tEclHXSKkiqiMU/Rcg6LNYONi7Hi+pyYLyYRgtB3pKGw==
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org