Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131392e302f32342d3234203d3e20313336373837.roa
File:                     352e3133332e3131392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          dr0/VpxdgI2aUHbz5LrssXRfOtMK4b60iu7PCz4qLKQ=
Subject key identifier:   76:61:8C:50:E3:45:51:F9:4A:EC:3C:C3:A1:78:09:28:05:D7:0F:42
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       62BD2F6A43ED5C067D144289E46385AF4BCB821B
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131392e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:47 +0000
ROA not before:           Tue 13 Feb 2024 12:49:47 +0000
ROA not after:            Tue 11 Feb 2025 12:54:47 +0000
asID:                     136787
IP address blocks:        5.133.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:bd:2f:6a:43:ed:5c:06:7d:14:42:89:e4:63:85:af:4b:cb:82:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:47 2024 GMT
            Not After : Feb 11 12:54:47 2025 GMT
        Subject: CN=76618C50E34551F94AEC3CC3A178092805D70F42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c7:8c:0d:dc:9c:a3:90:29:fe:35:cb:da:45:
                    61:13:9e:3b:60:18:fe:cf:53:db:ad:d4:aa:ef:9d:
                    ed:23:36:a7:f8:89:bf:9f:65:ce:9d:d5:df:c3:8d:
                    74:82:00:45:42:25:8a:3c:54:8e:32:f2:25:77:00:
                    e3:31:01:58:d9:75:15:7d:60:3e:61:d8:6f:ad:9a:
                    6f:15:7d:44:b8:b9:ce:f6:94:f9:f3:3a:61:54:00:
                    f3:fa:dd:f1:1c:6f:d3:bc:c5:59:2e:af:70:89:4a:
                    19:6a:15:37:e4:b9:ea:ae:19:cc:b9:3a:4e:89:21:
                    37:62:ab:4c:34:ac:b8:6a:6c:0c:2d:65:3d:1a:e7:
                    6d:04:4f:7c:e1:84:f8:f3:b1:23:dc:bf:1f:2a:68:
                    b9:65:09:55:a6:1e:e0:43:f6:be:6e:69:de:0c:f8:
                    73:24:e4:06:83:c1:88:4a:b3:dc:cf:1e:95:4d:bf:
                    d9:03:8c:e5:ed:65:0d:ba:b4:21:e2:7e:aa:9a:2b:
                    f5:12:e9:ce:6c:e0:c0:1f:7e:4a:fc:c1:dc:45:a7:
                    7b:21:e0:72:25:75:44:53:c7:97:14:5d:12:c1:b8:
                    14:14:29:3d:8d:c3:4a:d6:bd:3d:de:ae:6f:a8:2d:
                    11:b3:dc:c7:e1:af:61:fe:01:24:5f:bc:a4:b6:cf:
                    ea:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:61:8C:50:E3:45:51:F9:4A:EC:3C:C3:A1:78:09:28:05:D7:0F:42
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3133332e3131392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:1c:9a:30:50:0b:60:9d:8d:b3:40:94:1c:87:64:f0:af:99:
         e1:94:6f:4c:dd:23:2f:b0:f9:12:9a:e9:81:12:74:73:0c:83:
         65:84:93:18:3c:91:62:31:e5:8a:9a:85:ad:15:a2:c0:23:ad:
         46:c2:c3:e3:64:f1:7d:12:e3:27:e0:9f:5b:4c:6c:ac:b5:a5:
         1d:c0:e3:cf:18:a2:d5:1a:16:a9:70:58:54:32:d2:cd:b0:0e:
         7c:b9:c3:97:89:bd:74:ed:75:6d:bb:e0:32:ba:a6:13:fa:d7:
         f1:1a:15:a4:23:0b:f0:ed:2d:49:41:61:fd:29:5f:3e:f1:28:
         6a:3c:f6:fb:b9:70:04:8f:48:83:dc:76:9d:db:5c:c9:34:b6:
         a7:5a:c1:84:e0:42:b0:43:fc:67:ea:79:8f:69:6a:a1:b7:67:
         22:0a:3e:37:64:3d:d9:8e:48:92:3d:31:fa:ef:a4:e1:28:42:
         fa:83:52:c0:bd:05:f6:fc:a4:6a:09:71:27:55:0e:86:58:98:
         c3:4e:f2:ee:35:68:e6:c6:21:9e:e2:d4:f5:64:68:38:6e:8a:
         7d:1e:b1:9f:66:6e:92:2a:8c:57:c1:97:37:97:1c:4a:0e:54:
         4c:61:35:0c:7f:71:76:f7:f3:a7:a5:9d:25:9a:7a:87:d7:b8:
         f5:a8:af:2a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUYr0vakPtXAZ9FEKJ5GOFr0vLghswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NDdaFw0yNTAyMTExMjU0NDdaMDMxMTAvBgNV
BAMTKDc2NjE4QzUwRTM0NTUxRjk0QUVDM0NDM0ExNzgwOTI4MDVENzBGNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCax4wN3JyjkCn+NcvaRWETnjtg
GP7PU9ut1Krvne0jNqf4ib+fZc6d1d/DjXSCAEVCJYo8VI4y8iV3AOMxAVjZdRV9
YD5h2G+tmm8VfUS4uc72lPnzOmFUAPP63fEcb9O8xVkur3CJShlqFTfkuequGcy5
Ok6JITdiq0w0rLhqbAwtZT0a520ET3zhhPjzsSPcvx8qaLllCVWmHuBD9r5uad4M
+HMk5AaDwYhKs9zPHpVNv9kDjOXtZQ26tCHifqqaK/US6c5s4MAffkr8wdxFp3sh
4HIldURTx5cUXRLBuBQUKT2Nw0rWvT3erm+oLRGz3Mfhr2H+ASRfvKS2z+qlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUdmGMUONFUflK7DzDoXgJKAXXD0IwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzUyZTMxMzMzMzJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BYV3MA0GCSqGSIb3DQEBCwUAA4IBAQAZHJowUAtgnY2zQJQch2Twr5nhlG9M3SMv
sPkSmumBEnRzDINlhJMYPJFiMeWKmoWtFaLAI61GwsPjZPF9EuMn4J9bTGystaUd
wOPPGKLVGhapcFhUMtLNsA58ucOXib107XVtu+AyuqYT+tfxGhWkIwvw7S1JQWH9
KV8+8ShqPPb7uXAEj0iD3Had21zJNLanWsGE4EKwQ/xn6nmPaWqht2ciCj43ZD3Z
jkiSPTH676ThKEL6g1LAvQX2/KRqCXEnVQ6GWJjDTvLuNWjmxiGe4tT1ZGg4bop9
HrGfZm6SKoxXwZc3lxxKDlRMYTUMf3F29/OnpZ0lmnqH17j1qK8q
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org