Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37362e302f32342d3234203d3e20313336373837.roa
File:                     3137362e3131332e37362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          Qz8PGMRl0fxFNydoeCJdaE+pO2cH8Bll9RUgsnhAyBI=
Subject key identifier:   D0:FE:5F:60:60:EA:3F:40:57:63:C6:A5:04:22:19:99:A6:B3:70:7C
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       46CABCB7DBDEEBC401A08AF0174AE6C160E008F7
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37362e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:10 +0000
ROA not before:           Tue 13 Feb 2024 12:49:10 +0000
ROA not after:            Tue 11 Feb 2025 12:54:10 +0000
asID:                     136787
IP address blocks:        176.113.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:ca:bc:b7:db:de:eb:c4:01:a0:8a:f0:17:4a:e6:c1:60:e0:08:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:10 2024 GMT
            Not After : Feb 11 12:54:10 2025 GMT
        Subject: CN=D0FE5F6060EA3F405763C6A504221999A6B3707C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f4:98:e8:6f:ce:dd:19:af:b3:06:48:cd:c1:
                    dc:bf:eb:49:61:ae:e9:61:91:06:ed:3e:10:d9:f3:
                    c7:eb:2a:51:cf:42:d5:f5:07:3f:d3:ba:33:85:7a:
                    63:f3:c4:6a:1b:6c:a8:74:f8:32:e4:73:a1:3a:43:
                    ce:e4:50:af:62:0b:72:27:17:c8:1a:82:39:68:06:
                    d5:7d:89:a3:4c:1a:5c:00:e5:47:5a:94:bd:89:6a:
                    4a:d0:6c:ac:87:50:ce:1b:41:ca:48:c5:a5:35:48:
                    20:a1:06:7d:54:fd:50:b0:38:27:66:be:24:24:f0:
                    72:99:6f:b5:13:ce:73:78:a6:81:5b:fe:88:3c:3c:
                    41:f8:e6:3d:6c:45:00:4e:b6:39:b4:e5:12:c8:30:
                    0d:7d:9b:d0:01:ae:1a:72:89:cd:20:1a:aa:a1:a4:
                    25:ab:6e:c0:eb:b6:f6:ee:eb:00:1e:85:53:57:77:
                    2a:c5:fd:b6:84:22:6f:7b:8b:fe:04:0a:60:5b:05:
                    5c:ac:1b:cf:94:03:04:54:67:16:b3:73:55:4e:55:
                    f1:c7:aa:2d:51:63:50:92:5e:93:5b:31:1f:6e:3e:
                    81:bc:5c:92:85:07:48:c9:ad:fe:95:1b:53:a1:94:
                    33:ac:f8:a4:f1:3c:df:0d:8d:34:83:17:dd:ac:b0:
                    d3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FE:5F:60:60:EA:3F:40:57:63:C6:A5:04:22:19:99:A6:B3:70:7C
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:c5:48:47:fb:22:ee:0c:1d:86:95:51:61:83:fa:a0:72:f7:
         77:2d:ed:7e:55:81:8d:76:e0:dc:0e:dd:04:a2:fa:d8:7f:97:
         86:cf:a0:17:46:53:65:a5:a0:8d:94:fd:c1:04:7c:81:55:3a:
         88:b8:60:bb:4e:cb:0b:c7:54:d9:ad:81:c9:f1:cd:f6:75:13:
         ac:8c:a9:34:43:87:e0:42:32:4e:36:17:a7:68:d8:18:a3:59:
         9e:2c:1b:a0:34:90:2b:f1:eb:51:02:cd:c9:9d:c2:df:a8:3d:
         4f:2f:29:32:c5:70:63:f4:6d:5b:ba:b2:f8:17:b2:e9:81:09:
         6d:53:fb:fb:b6:14:35:32:33:bc:99:26:0a:2e:39:a9:fe:f7:
         bd:31:ac:4e:99:d1:8c:bb:ba:b9:f9:a4:27:1d:70:ee:36:ea:
         6d:e1:8b:fe:f0:f8:71:69:61:23:ca:f1:93:ed:48:3e:fa:cf:
         7b:e6:d0:b5:ec:fb:be:1e:32:b3:94:35:3a:24:40:af:57:4e:
         2c:6a:39:22:18:67:59:55:ba:5a:7b:c2:d0:d1:86:47:56:65:
         70:c5:0d:bb:11:14:fb:ad:66:43:0c:5d:09:c7:e9:69:4b:2d:
         75:bc:ca:0a:eb:66:d7:12:07:63:09:8b:49:9a:02:48:7e:35:
         3b:ab:26:24
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURsq8t9ve68QBoIrwF0rmwWDgCPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MTBaFw0yNTAyMTExMjU0MTBaMDMxMTAvBgNV
BAMTKEQwRkU1RjYwNjBFQTNGNDA1NzYzQzZBNTA0MjIxOTk5QTZCMzcwN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD9Jjob87dGa+zBkjNwdy/60lh
rulhkQbtPhDZ88frKlHPQtX1Bz/TujOFemPzxGobbKh0+DLkc6E6Q87kUK9iC3In
F8gagjloBtV9iaNMGlwA5UdalL2JakrQbKyHUM4bQcpIxaU1SCChBn1U/VCwOCdm
viQk8HKZb7UTznN4poFb/og8PEH45j1sRQBOtjm05RLIMA19m9ABrhpyic0gGqqh
pCWrbsDrtvbu6wAehVNXdyrF/baEIm97i/4ECmBbBVysG8+UAwRUZxazc1VOVfHH
qi1RY1CSXpNbMR9uPoG8XJKFB0jJrf6VG1OhlDOs+KTxPN8NjTSDF92ssNM5AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU0P5fYGDqP0BXY8alBCIZmaazcHwwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzNzM2MmUzMTMxMzMyZTM3
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACwcUwwDQYJKoZIhvcNAQELBQADggEBADDFSEf7Iu4MHYaVUWGD+qBy93ct7X5V
gY124NwO3QSi+th/l4bPoBdGU2WloI2U/cEEfIFVOoi4YLtOywvHVNmtgcnxzfZ1
E6yMqTRDh+BCMk42F6do2BijWZ4sG6A0kCvx61ECzcmdwt+oPU8vKTLFcGP0bVu6
svgXsumBCW1T+/u2FDUyM7yZJgouOan+970xrE6Z0Yy7urn5pCcdcO426m3hi/7w
+HFpYSPK8ZPtSD76z3vm0LXs+74eMrOUNTokQK9XTixqOSIYZ1lVulp7wtDRhkdW
ZXDFDbsRFPutZkMMXQnH6WlLLXW8ygrrZtcSB2MJi0maAkh+NTurJiQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org