Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131362e302f32342d3234203d3e20313336373837.roa
File:                     352e3133332e3131362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          MKPaLwFJCoQ8+pMh48CX5p6uR/+B0V50iztl2yS/S9o=
Subject key identifier:   8E:DE:CE:4F:30:18:8E:10:A2:83:E7:8F:AE:82:CE:C1:6A:FA:EA:A2
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       595197CCCC5F625A81596D669C5D16958000D297
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131362e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:42 +0000
ROA not before:           Tue 13 Feb 2024 12:49:42 +0000
ROA not after:            Tue 11 Feb 2025 12:54:42 +0000
asID:                     136787
IP address blocks:        5.133.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:51:97:cc:cc:5f:62:5a:81:59:6d:66:9c:5d:16:95:80:00:d2:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:42 2024 GMT
            Not After : Feb 11 12:54:42 2025 GMT
        Subject: CN=8EDECE4F30188E10A283E78FAE82CEC16AFAEAA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:db:77:bc:ee:ac:4c:71:f1:2a:2a:a5:35:b8:
                    c5:7b:16:35:10:10:f4:08:35:61:45:8a:38:65:31:
                    18:2b:26:50:5a:ac:46:40:6f:db:73:95:a0:9e:2d:
                    71:93:06:7f:b9:69:07:3e:c7:aa:1d:6e:3d:25:1c:
                    cd:1e:0c:91:bf:4a:3c:3d:cf:df:ef:ce:08:1c:1e:
                    d6:38:36:1d:64:b5:82:09:bc:9a:5c:82:4c:9c:73:
                    95:b0:0b:d2:e1:fd:10:d1:2f:a1:a8:9a:fe:91:35:
                    81:37:31:19:f8:37:f8:bf:e3:ff:10:a6:11:c1:96:
                    55:48:e0:a6:0d:6a:8b:76:cb:4a:29:3d:fe:0a:dd:
                    03:ec:5d:1b:ed:bc:8f:5d:99:c8:1e:8c:54:6a:c2:
                    86:47:32:07:22:b2:7a:15:7e:1c:c0:31:a6:b6:e8:
                    ff:85:73:99:a8:42:71:c2:cb:f2:e4:77:2b:aa:c8:
                    86:60:95:b0:5d:18:9a:dc:10:86:06:96:e4:8d:05:
                    14:27:51:59:fc:d7:a9:56:f4:7a:ab:35:ea:48:21:
                    53:97:70:4a:d5:a3:15:8e:4f:79:21:90:db:97:45:
                    08:ea:e2:12:c9:b8:68:95:6f:84:47:06:f7:56:0c:
                    7f:30:4c:2a:e4:8a:65:52:8d:60:4e:a0:a0:8c:20:
                    36:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DE:CE:4F:30:18:8E:10:A2:83:E7:8F:AE:82:CE:C1:6A:FA:EA:A2
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ab:46:7f:bc:3b:4c:d5:8b:a7:11:da:ec:ca:e9:44:38:22:
         3f:05:10:40:dc:05:68:fd:b3:6d:41:2b:12:bb:81:55:9e:6e:
         c0:28:83:ca:dd:15:53:e4:6d:66:04:4b:be:39:8b:12:af:99:
         aa:84:a6:ed:ac:1d:63:02:df:56:99:46:fe:13:63:d9:67:5c:
         bf:a8:c9:3c:6a:6a:4b:93:76:ef:43:65:c1:b3:93:c8:ae:39:
         1d:00:71:9e:53:0a:8f:3c:6b:d1:75:90:42:a8:66:69:d0:ff:
         5f:0a:bd:cc:4b:8c:0a:57:86:10:d1:7b:f7:39:ae:36:1d:6d:
         b0:7d:a2:c7:aa:df:b1:1a:92:89:3b:7f:14:2a:89:b0:dc:1a:
         6b:3b:60:65:76:23:6f:fb:44:a3:e3:c7:09:68:b5:86:54:48:
         d5:b8:1e:09:24:8a:78:82:26:99:6e:9c:05:88:c5:1a:90:eb:
         ee:3e:89:03:94:0e:d5:fc:08:4c:95:f5:28:03:c2:d3:cd:c2:
         a3:96:47:61:1e:ec:33:0e:d3:15:5d:5f:11:ca:8a:f6:84:85:
         81:da:c7:97:be:64:f9:29:d0:a9:92:37:55:be:a9:c0:95:ac:
         2b:5d:a6:b3:57:60:7c:d3:bc:4d:bc:2c:fa:0e:7a:a4:7f:af:
         bf:49:df:1c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWVGXzMxfYlqBWW1mnF0WlYAA0pcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NDJaFw0yNTAyMTExMjU0NDJaMDMxMTAvBgNV
BAMTKDhFREVDRTRGMzAxODhFMTBBMjgzRTc4RkFFODJDRUMxNkFGQUVBQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG23e87qxMcfEqKqU1uMV7FjUQ
EPQINWFFijhlMRgrJlBarEZAb9tzlaCeLXGTBn+5aQc+x6odbj0lHM0eDJG/Sjw9
z9/vzggcHtY4Nh1ktYIJvJpcgkycc5WwC9Lh/RDRL6Gomv6RNYE3MRn4N/i/4/8Q
phHBllVI4KYNaot2y0opPf4K3QPsXRvtvI9dmcgejFRqwoZHMgcisnoVfhzAMaa2
6P+Fc5moQnHCy/LkdyuqyIZglbBdGJrcEIYGluSNBRQnUVn816lW9HqrNepIIVOX
cErVoxWOT3khkNuXRQjq4hLJuGiVb4RHBvdWDH8wTCrkimVSjWBOoKCMIDa9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUjt7OTzAYjhCig+eProLOwWr66qIwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzUyZTMxMzMzMzJlMzEzMTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BYV0MA0GCSqGSIb3DQEBCwUAA4IBAQCuq0Z/vDtM1YunEdrsyulEOCI/BRBA3AVo
/bNtQSsSu4FVnm7AKIPK3RVT5G1mBEu+OYsSr5mqhKbtrB1jAt9WmUb+E2PZZ1y/
qMk8ampLk3bvQ2XBs5PIrjkdAHGeUwqPPGvRdZBCqGZp0P9fCr3MS4wKV4YQ0Xv3
Oa42HW2wfaLHqt+xGpKJO38UKomw3BprO2BldiNv+0Sj48cJaLWGVEjVuB4JJIp4
giaZbpwFiMUakOvuPokDlA7V/AhMlfUoA8LTzcKjlkdhHuwzDtMVXV8Ryor2hIWB
2seXvmT5KdCpkjdVvqnAlawrXaazV2B807xNvCz6Dnqkf6+/Sd8c
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org