Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39362e302f32342d3234203d3e20313338303936.roa
File:                     34352e3133372e39362e302f32342d3234203d3e20313338303936.roa (raw, json)
Hash identifier:          BIc+6Y3044UpH7h8LmkAMPDP8XOc9A7P0X9ryDlFdFE=
Subject key identifier:   FA:28:85:43:2B:22:E5:72:19:5B:06:96:5A:9A:7D:E2:A6:FA:76:EA
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       0F4A26182F23E11707EC463D51B25B540D29FB39
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39362e302f32342d3234203d3e20313338303936.roa
Signing time:             Tue 30 Apr 2024 02:39:15 +0000
ROA not before:           Tue 30 Apr 2024 02:34:15 +0000
ROA not after:            Tue 29 Apr 2025 02:39:15 +0000
asID:                     138096
IP address blocks:        45.137.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:4a:26:18:2f:23:e1:17:07:ec:46:3d:51:b2:5b:54:0d:29:fb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr 30 02:34:15 2024 GMT
            Not After : Apr 29 02:39:15 2025 GMT
        Subject: CN=FA2885432B22E572195B06965A9A7DE2A6FA76EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:03:77:12:d6:f9:7d:2e:2d:a1:f9:c1:87:3b:
                    84:d3:b9:16:4c:43:13:74:7a:3a:d5:8e:e7:53:e9:
                    cd:9b:9e:61:34:ad:66:30:59:3a:ce:d7:46:dc:48:
                    c6:b6:2b:c4:4f:bb:45:4d:fd:36:42:4e:65:bb:6f:
                    31:6a:d1:88:bf:e1:3b:23:b7:ca:5e:6f:9b:73:9b:
                    56:a2:60:32:5a:be:23:67:86:10:bd:8c:6f:76:61:
                    52:fd:14:3b:3a:12:b4:52:80:03:0c:0f:7d:03:54:
                    60:a8:a2:4d:ea:21:de:06:f9:7a:fe:aa:47:9b:5a:
                    70:91:3a:f8:56:be:33:24:0d:1b:69:8a:21:2b:f6:
                    8e:f7:3b:99:17:0e:c0:ab:e2:4a:20:c4:a0:67:d3:
                    be:b8:dc:4f:f4:09:31:a2:b9:eb:f7:fb:d3:c5:5f:
                    ab:fa:4a:ab:d2:f4:df:60:0f:7a:df:fd:2e:d2:04:
                    c3:19:b6:93:53:85:e0:64:63:0c:2f:55:b9:77:de:
                    32:c2:67:ca:ff:26:d3:1d:d5:42:12:76:06:3a:59:
                    bd:f8:e4:61:ea:bd:8b:41:06:05:8a:51:f2:ac:db:
                    c1:e0:60:df:9d:c0:83:fc:8c:d4:5c:00:63:af:bd:
                    37:55:2d:9e:84:9e:e3:e1:e1:15:c0:2b:4f:a6:bd:
                    98:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:28:85:43:2B:22:E5:72:19:5B:06:96:5A:9A:7D:E2:A6:FA:76:EA
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39362e302f32342d3234203d3e20313338303936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:e6:21:f4:eb:45:e9:a8:9a:c9:dd:4f:bf:1a:53:6a:31:68:
         f7:62:c1:28:8f:1b:99:f6:19:d8:95:92:23:a7:89:98:dc:96:
         7b:95:23:56:61:66:a4:14:ee:73:95:34:1b:1a:98:95:af:75:
         62:0c:c1:73:c6:e0:53:25:73:dd:2b:11:50:84:b0:30:5c:ce:
         5d:8d:21:4b:bc:da:25:d9:5a:92:75:f5:d8:7e:6f:98:57:34:
         e5:70:e6:c4:cc:29:b2:14:46:93:39:af:07:10:79:4f:61:0b:
         9f:8d:51:4c:65:f1:82:ee:8a:15:b6:87:c8:6c:d9:c4:0b:8a:
         18:c0:bb:10:7e:76:08:19:bc:a5:d8:db:ed:26:97:04:44:96:
         8a:95:0f:c1:41:f6:1e:30:e5:d7:46:a3:26:79:f3:60:ba:e4:
         3f:58:2f:cb:76:76:fe:c8:b0:86:c7:f4:a2:d0:66:ea:40:40:
         97:ae:f9:2d:8c:e9:bc:cb:00:73:3d:00:a4:86:a4:4f:2a:3f:
         1e:90:a0:d0:9a:e6:55:8f:5d:29:75:4a:6f:c4:7f:92:76:4c:
         16:27:fd:80:b6:7c:a6:4a:1c:13:cd:c8:ab:78:ee:2c:f2:09:
         e4:49:c1:20:a3:5f:1b:a1:c9:6c:97:f6:12:c9:ac:40:20:e1:
         5e:f5:17:e6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUD0omGC8j4RcH7EY9UbJbVA0p+zkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA0MzAwMjM0MTVaFw0yNTA0MjkwMjM5MTVaMDMxMTAvBgNV
BAMTKEZBMjg4NTQzMkIyMkU1NzIxOTVCMDY5NjVBOUE3REUyQTZGQTc2RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkA3cS1vl9Li2h+cGHO4TTuRZM
QxN0ejrVjudT6c2bnmE0rWYwWTrO10bcSMa2K8RPu0VN/TZCTmW7bzFq0Yi/4Tsj
t8peb5tzm1aiYDJaviNnhhC9jG92YVL9FDs6ErRSgAMMD30DVGCook3qId4G+Xr+
qkebWnCROvhWvjMkDRtpiiEr9o73O5kXDsCr4kogxKBn07643E/0CTGiuev3+9PF
X6v6SqvS9N9gD3rf/S7SBMMZtpNTheBkYwwvVbl33jLCZ8r/JtMd1UISdgY6Wb34
5GHqvYtBBgWKUfKs28HgYN+dwIP8jNRcAGOvvTdVLZ6EnuPh4RXAK0+mvZgzAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU+iiFQysi5XIZWwaWWpp94qb6duowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMzM3MmUzOTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM4MzAzOTM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYlgMA0GCSqGSIb3DQEBCwUAA4IBAQBj5iH060XpqJrJ3U+/GlNqMWj3YsEojxuZ
9hnYlZIjp4mY3JZ7lSNWYWakFO5zlTQbGpiVr3ViDMFzxuBTJXPdKxFQhLAwXM5d
jSFLvNol2VqSdfXYfm+YVzTlcObEzCmyFEaTOa8HEHlPYQufjVFMZfGC7ooVtofI
bNnEC4oYwLsQfnYIGbyl2NvtJpcERJaKlQ/BQfYeMOXXRqMmefNguuQ/WC/Ldnb+
yLCGx/Si0GbqQECXrvktjOm8ywBzPQCkhqRPKj8ekKDQmuZVj10pdUpvxH+SdkwW
J/2AtnymShwTzcireO4s8gnkScEgo18boclsl/YSyaxAIOFe9Rfm
-----END CERTIFICATE-----
Generated at Sat Jun 15 15:40:53 2024 by rpki-client on console-ams.rpki-client.org