Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e3230342e34352e302f32342d3234203d3e20313336373837.roa
File:                     36322e3230342e34352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          3EaLvdDkiYHNKyID+GTHYrAjS4yJFZ0rBPv0TRo6P6M=
Subject key identifier:   49:EA:07:6D:24:9B:FD:F2:C3:61:06:FA:6A:34:29:4D:FF:F3:92:16
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       3EFB9FBC4961C78F03B2AF35DA8D394C2DBB92F2
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e3230342e34352e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 27 Dec 2023 14:45:52 +0000
ROA not before:           Wed 27 Dec 2023 14:40:52 +0000
ROA not after:            Wed 25 Dec 2024 14:45:52 +0000
asID:                     136787
IP address blocks:        62.204.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:fb:9f:bc:49:61:c7:8f:03:b2:af:35:da:8d:39:4c:2d:bb:92:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Dec 27 14:40:52 2023 GMT
            Not After : Dec 25 14:45:52 2024 GMT
        Subject: CN=49EA076D249BFDF2C36106FA6A34294DFFF39216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9a:23:56:dc:c0:c2:c2:d6:ba:65:08:92:d6:
                    1c:a9:0c:2e:60:d7:01:e5:28:de:58:1d:75:7b:66:
                    62:e4:75:61:96:9b:4c:1e:70:98:8d:b7:d9:6c:91:
                    4e:9b:fb:ed:de:eb:5e:c5:db:57:90:c5:a4:46:99:
                    cb:29:87:fc:ba:22:02:db:cc:9d:bb:76:05:f3:31:
                    7c:4e:db:86:09:ad:b1:30:0d:9d:d1:fc:88:91:31:
                    d4:57:cb:08:97:2f:5d:fc:10:d0:71:ea:4c:15:cc:
                    c7:6f:ae:e1:67:ee:04:2e:af:13:67:8e:bf:56:5e:
                    61:6d:46:69:77:a7:95:50:76:ea:cb:98:f6:91:54:
                    e4:9e:d4:db:c4:c8:08:93:e4:9b:9b:38:6c:40:b7:
                    28:7a:4d:4c:10:13:78:56:bd:8a:44:f1:a6:89:01:
                    b5:63:87:a6:34:a1:5f:56:15:7a:a9:4b:b8:bc:6c:
                    8b:33:78:39:6c:92:70:1d:a1:bc:74:4c:0c:a1:12:
                    6e:45:59:b3:13:47:76:8d:97:1d:a9:f4:52:e0:72:
                    a7:ea:78:2f:1e:d6:78:40:36:f6:4e:ec:46:48:67:
                    bc:bd:61:20:32:52:00:24:49:e1:2b:04:9f:cc:83:
                    0d:f2:9c:ca:b0:1a:64:b9:34:2f:08:a7:cd:59:74:
                    cb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EA:07:6D:24:9B:FD:F2:C3:61:06:FA:6A:34:29:4D:FF:F3:92:16
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e3230342e34352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:69:1d:d0:c2:25:c5:c9:ca:d8:85:bb:99:87:ed:0f:8f:78:
         0b:5f:83:46:3a:7c:63:f6:8c:8d:b1:14:a3:24:7c:45:7a:46:
         01:6b:e8:19:6e:0e:6b:f6:73:d2:b3:fa:84:0c:64:ca:3e:48:
         5a:6e:57:13:a9:7d:b5:44:37:cb:14:a7:89:12:50:12:a9:ba:
         9b:08:c0:ae:8a:86:b1:2a:bc:e1:75:d6:57:2f:fd:00:6d:f7:
         74:8e:aa:2d:d9:00:a1:3a:86:8c:25:72:9d:b9:2f:7b:c0:ea:
         cf:42:5a:41:2e:ef:db:44:39:63:b3:2e:05:18:6f:b9:db:fc:
         50:2e:33:10:49:34:25:ae:cd:5e:77:c4:ed:f9:30:64:03:e1:
         30:81:1a:e6:7c:0a:77:a9:dd:fd:de:f4:d0:a7:b3:4b:a0:a5:
         cb:86:cd:89:12:1c:b5:1b:c8:85:e2:6c:73:9e:b3:84:5d:d3:
         2c:93:c5:3a:ff:6d:df:00:93:44:0e:fa:ca:5c:65:67:08:f9:
         a0:0c:c2:48:ff:79:00:38:36:a8:e8:c0:01:3b:99:99:19:87:
         71:a5:3f:46:07:32:43:59:52:49:cb:17:32:8b:22:45:26:4c:
         3d:e4:b0:b7:83:5e:72:e5:4e:a2:f1:49:6b:e1:de:8f:2b:5f:
         34:82:ce:a1
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUPvufvElhx48Dsq812o05TC27kvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzEyMjcxNDQwNTJaFw0yNDEyMjUxNDQ1NTJaMDMxMTAvBgNV
BAMTKDQ5RUEwNzZEMjQ5QkZERjJDMzYxMDZGQTZBMzQyOTRERkZGMzkyMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmmiNW3MDCwta6ZQiS1hypDC5g
1wHlKN5YHXV7ZmLkdWGWm0wecJiNt9lskU6b++3e617F21eQxaRGmcsph/y6IgLb
zJ27dgXzMXxO24YJrbEwDZ3R/IiRMdRXywiXL138ENBx6kwVzMdvruFn7gQurxNn
jr9WXmFtRml3p5VQdurLmPaRVOSe1NvEyAiT5JubOGxAtyh6TUwQE3hWvYpE8aaJ
AbVjh6Y0oV9WFXqpS7i8bIszeDlsknAdobx0TAyhEm5FWbMTR3aNlx2p9FLgcqfq
eC8e1nhANvZO7EZIZ7y9YSAyUgAkSeErBJ/Mgw3ynMqwGmS5NC8Ip81ZdMt9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUSeoHbSSb/fLDYQb6ajQpTf/zkhYwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzYzMjJlMzIzMDM0MmUzNDM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
PswtMA0GCSqGSIb3DQEBCwUAA4IBAQCSaR3QwiXFycrYhbuZh+0Pj3gLX4NGOnxj
9oyNsRSjJHxFekYBa+gZbg5r9nPSs/qEDGTKPkhablcTqX21RDfLFKeJElASqbqb
CMCuioaxKrzhddZXL/0Abfd0jqot2QChOoaMJXKduS97wOrPQlpBLu/bRDljsy4F
GG+52/xQLjMQSTQlrs1ed8Tt+TBkA+EwgRrmfAp3qd393vTQp7NLoKXLhs2JEhy1
G8iF4mxznrOEXdMsk8U6/23fAJNEDvrKXGVnCPmgDMJI/3kAODao6MABO5mZGYdx
pT9GBzJDWVJJyxcyiyJFJkw95LC3g15y5U6i8Ulr4d6PK180gs6h
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org