Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35382e302f32342d3234203d3e20343030303339.roa
File:                     34352e3135382e35382e302f32342d3234203d3e20343030303339.roa (raw, json)
Hash identifier:          aiQc4+4sMokVlw3JGb1Fi6xOrCFwI4vwpH3VcBRRKfc=
Subject key identifier:   31:EB:0F:A8:AA:0C:9E:17:08:73:07:B4:F0:5A:05:97:99:BD:35:03
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       573A694B59503C7D4B5DC0BDA0B0707BC1AAFE9D
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35382e302f32342d3234203d3e20343030303339.roa
Signing time:             Wed 21 Feb 2024 19:05:12 +0000
ROA not before:           Wed 21 Feb 2024 19:00:12 +0000
ROA not after:            Wed 19 Feb 2025 19:05:12 +0000
asID:                     400039
IP address blocks:        45.158.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:3a:69:4b:59:50:3c:7d:4b:5d:c0:bd:a0:b0:70:7b:c1:aa:fe:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:12 2024 GMT
            Not After : Feb 19 19:05:12 2025 GMT
        Subject: CN=31EB0FA8AA0C9E17087307B4F05A059799BD3503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:60:8e:29:ae:cc:66:70:5a:13:9a:93:06:01:
                    9a:ad:a9:ba:aa:2a:d5:07:b9:59:68:07:3c:2b:7e:
                    62:dd:0f:34:02:fc:18:68:a2:76:f1:42:7f:40:cf:
                    eb:0c:6b:ea:ab:25:33:e4:f0:0f:0d:d1:c3:af:06:
                    cd:67:bd:d0:c0:0e:94:f3:b8:5f:98:70:7d:53:3d:
                    a7:60:46:1c:ce:ba:64:9d:d0:ef:45:33:c2:b6:0d:
                    74:0a:4b:57:3f:47:0f:65:ad:ca:f8:4a:65:5e:7c:
                    30:9b:39:00:6f:d1:7b:1e:bd:c5:93:2a:08:e5:3b:
                    28:cd:91:09:5d:74:a1:cf:c7:27:34:4f:1c:0c:a0:
                    4f:37:b1:4b:de:e2:56:a2:cf:36:0d:9f:d9:af:4c:
                    21:de:ee:c2:13:26:dc:84:b8:61:fb:b7:94:fa:2f:
                    e7:88:fe:70:95:87:ef:d0:0f:6e:b1:bc:98:95:41:
                    ff:0e:39:ab:18:65:3d:d6:cc:08:f6:2d:09:42:54:
                    1a:5a:ea:3b:a5:df:75:d8:93:15:bd:fa:37:8c:6a:
                    b9:60:e0:35:52:2e:33:74:cb:e9:5d:bb:46:08:23:
                    bf:e7:d0:72:ed:43:47:65:0e:ef:28:e0:26:d7:a5:
                    08:b2:05:e7:76:01:92:4f:d0:ae:45:9c:71:43:9f:
                    ea:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EB:0F:A8:AA:0C:9E:17:08:73:07:B4:F0:5A:05:97:99:BD:35:03
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35382e302f32342d3234203d3e20343030303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:37:57:e8:2b:db:11:62:f3:01:db:f3:dd:25:ba:5a:43:72:
         a7:ef:d5:7d:33:f5:bd:d8:95:dc:67:35:fd:cd:8c:a3:32:d7:
         e6:04:b1:dc:67:4c:a3:ef:de:50:c1:98:51:52:23:d6:ec:a8:
         27:99:03:52:47:b1:63:ee:f7:19:c7:c8:36:56:3d:db:e7:f3:
         40:8d:59:9c:53:cf:59:18:80:ac:52:ba:70:ef:eb:9e:4d:54:
         38:0c:ba:68:ae:fb:91:18:8c:5c:80:7f:e4:47:be:0d:da:d3:
         ce:c2:b5:a4:ed:15:95:96:20:f8:9d:12:c8:de:47:d3:61:23:
         da:9f:68:e9:57:6f:f6:1c:a0:70:75:4f:7c:29:d4:24:83:69:
         3f:58:82:68:d6:b1:42:8b:80:17:9c:37:84:ff:0a:80:4b:cd:
         ec:ed:e9:1b:48:46:e0:0d:f4:2f:b7:92:7f:26:3b:52:54:43:
         92:2a:3c:2d:6c:e5:37:93:66:7d:40:b7:8e:33:86:00:c0:cc:
         cf:f6:2f:22:2f:a1:9d:8f:21:4d:a0:39:eb:4c:96:18:40:a1:
         a7:11:10:9c:c4:a2:2b:d7:b4:12:6a:49:24:bb:8f:c4:44:09:
         53:c6:37:ca:2a:1b:a2:92:00:75:2c:b5:81:71:e1:01:95:2c:
         80:81:08:5b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUVzppS1lQPH1LXcC9oLBwe8Gq/p0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTJaFw0yNTAyMTkxOTA1MTJaMDMxMTAvBgNV
BAMTKDMxRUIwRkE4QUEwQzlFMTcwODczMDdCNEYwNUEwNTk3OTlCRDM1MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3YI4prsxmcFoTmpMGAZqtqbqq
KtUHuVloBzwrfmLdDzQC/BhoonbxQn9Az+sMa+qrJTPk8A8N0cOvBs1nvdDADpTz
uF+YcH1TPadgRhzOumSd0O9FM8K2DXQKS1c/Rw9lrcr4SmVefDCbOQBv0XsevcWT
KgjlOyjNkQlddKHPxyc0TxwMoE83sUve4laizzYNn9mvTCHe7sITJtyEuGH7t5T6
L+eI/nCVh+/QD26xvJiVQf8OOasYZT3WzAj2LQlCVBpa6jul33XYkxW9+jeMarlg
4DVSLjN0y+ldu0YII7/n0HLtQ0dlDu8o4CbXpQiyBed2AZJP0K5FnHFDn+pZAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUMesPqKoMnhcIcwe08FoFl5m9NQMwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDMwMzAzMzM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZ46MA0GCSqGSIb3DQEBCwUAA4IBAQCYN1foK9sRYvMB2/PdJbpaQ3Kn79V9M/W9
2JXcZzX9zYyjMtfmBLHcZ0yj795QwZhRUiPW7KgnmQNSR7Fj7vcZx8g2Vj3b5/NA
jVmcU89ZGICsUrpw7+ueTVQ4DLporvuRGIxcgH/kR74N2tPOwrWk7RWVliD4nRLI
3kfTYSPan2jpV2/2HKBwdU98KdQkg2k/WIJo1rFCi4AXnDeE/wqAS83s7ekbSEbg
DfQvt5J/JjtSVEOSKjwtbOU3k2Z9QLeOM4YAwMzP9i8iL6GdjyFNoDnrTJYYQKGn
ERCcxKIr17QSakkku4/ERAlTxjfKKhuikgB1LLWBceEBlSyAgQhb
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:43:33 2024 by rpki-client on console-fra.rpki-client.org