Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/34362e3235302e3232342e302f32302d3234203d3e20313431393935.roa
File:                     34362e3235302e3232342e302f32302d3234203d3e20313431393935.roa (raw, json)
Hash identifier:          MLoOg0WMNnQbU5WWUbDbyND1vsRkEBjaulJny3LgQq0=
Subject key identifier:   ED:CB:0E:E7:36:2E:B2:9B:BD:91:23:12:84:39:4C:5D:E6:AA:DF:2C
Certificate issuer:       /CN=f29fbab4db867f6bd9a7eff6aa55d98c162e1aad
Certificate serial:       64FC0A01CDEDCF930540F13174BCBC3ACBEED311
Authority key identifier: F2:9F:BA:B4:DB:86:7F:6B:D9:A7:EF:F6:AA:55:D9:8C:16:2E:1A:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/34362e3235302e3232342e302f32302d3234203d3e20313431393935.roa
Signing time:             Fri 13 Oct 2023 09:32:22 +0000
ROA not before:           Fri 13 Oct 2023 09:27:22 +0000
ROA not after:            Fri 11 Oct 2024 09:32:22 +0000
asID:                     141995
IP address blocks:        46.250.224.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:fc:0a:01:cd:ed:cf:93:05:40:f1:31:74:bc:bc:3a:cb:ee:d3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f29fbab4db867f6bd9a7eff6aa55d98c162e1aad
        Validity
            Not Before: Oct 13 09:27:22 2023 GMT
            Not After : Oct 11 09:32:22 2024 GMT
        Subject: CN=EDCB0EE7362EB29BBD91231284394C5DE6AADF2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f9:93:f5:ee:44:4d:f7:21:a2:76:f3:69:a1:
                    2c:7b:d5:62:7a:97:fa:ef:88:b9:8a:71:88:a3:5d:
                    53:af:ad:46:1c:53:67:54:7e:9b:58:95:65:75:04:
                    1a:db:27:90:54:83:0e:b8:54:04:69:62:d0:95:36:
                    98:94:94:47:03:15:35:ec:81:3d:e9:a3:1d:fd:49:
                    f5:ea:9c:ad:22:36:0e:8b:16:2f:75:a8:62:75:9c:
                    4b:03:79:c2:ed:68:29:26:9b:42:40:8a:71:7c:76:
                    ee:70:e4:c7:10:b0:84:ec:80:19:17:9a:87:da:47:
                    8f:7d:23:82:b4:08:64:7e:e7:b9:67:cc:c6:b8:cc:
                    f6:e2:6b:9e:5a:27:77:17:83:04:a3:13:4d:92:f6:
                    bc:ed:4b:a5:0e:ee:f4:e6:2c:60:58:05:27:ed:3c:
                    08:f5:85:6d:2c:9d:97:79:b1:73:f9:77:86:ab:13:
                    79:92:63:50:79:94:c4:d5:db:2a:26:e2:d7:fc:66:
                    09:47:43:01:f8:7a:69:ac:57:5e:01:6f:e5:b7:0b:
                    69:3a:27:11:7a:f7:99:9d:1d:95:e1:bb:6d:8c:38:
                    87:73:14:f0:25:b6:36:b0:9a:b8:e5:9b:ee:c1:ec:
                    d4:1e:c7:2b:01:05:87:91:c8:92:1a:55:6a:2b:b0:
                    ca:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:CB:0E:E7:36:2E:B2:9B:BD:91:23:12:84:39:4C:5D:E6:AA:DF:2C
            X509v3 Authority Key Identifier:
                keyid:F2:9F:BA:B4:DB:86:7F:6B:D9:A7:EF:F6:AA:55:D9:8C:16:2E:1A:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/34362e3235302e3232342e302f32302d3234203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.250.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         07:e7:46:13:d3:9d:f9:93:f3:2f:2f:47:98:ca:7f:4b:05:99:
         22:05:2c:6d:7f:bf:f0:3a:f1:3e:a6:2a:3d:83:27:1a:83:b1:
         99:ce:38:63:95:3e:b0:36:2f:13:25:61:34:b8:f7:c8:9d:75:
         57:70:9e:7c:f2:d9:d6:8f:ee:44:b6:f9:91:98:25:b7:90:6d:
         e8:24:77:d1:3d:ac:96:36:db:e5:8b:7e:9f:08:42:82:7d:18:
         54:d0:13:c5:9d:c2:01:53:71:80:da:61:c7:3a:e8:28:45:52:
         63:ab:25:47:e6:c6:be:d3:65:8e:c2:80:79:90:f9:86:f9:3d:
         90:28:c2:9f:c1:4b:ba:01:24:16:4d:0d:4a:fc:fc:17:d4:95:
         7b:06:91:0f:a2:73:a2:aa:7e:54:98:70:91:56:bb:0a:d4:e8:
         7f:f3:24:09:ed:a5:d9:bb:7d:e5:67:58:1c:08:82:ca:94:c8:
         95:03:18:e9:83:28:39:fb:32:4f:f3:33:dd:91:5f:75:d5:34:
         97:d8:8e:79:92:a5:0d:45:f7:b6:a3:b6:2a:c5:01:fc:62:d9:
         aa:af:d3:f3:59:ee:41:a5:af:33:29:4d:3c:27:d1:4a:ce:c0:
         96:85:ed:73:0c:d7:cd:f2:75:93:f4:7f:69:99:b1:d3:79:72:
         69:05:6d:ed
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZPwKAc3tz5MFQPExdLy8Osvu0xEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjI5ZmJhYjRkYjg2N2Y2YmQ5YTdlZmY2YWE1NWQ5OGMx
NjJlMWFhZDAeFw0yMzEwMTMwOTI3MjJaFw0yNDEwMTEwOTMyMjJaMDMxMTAvBgNV
BAMTKEVEQ0IwRUU3MzYyRUIyOUJCRDkxMjMxMjg0Mzk0QzVERTZBQURGMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA+ZP17kRN9yGidvNpoSx71WJ6
l/rviLmKcYijXVOvrUYcU2dUfptYlWV1BBrbJ5BUgw64VARpYtCVNpiUlEcDFTXs
gT3pox39SfXqnK0iNg6LFi91qGJ1nEsDecLtaCkmm0JAinF8du5w5McQsITsgBkX
mofaR499I4K0CGR+57lnzMa4zPbia55aJ3cXgwSjE02S9rztS6UO7vTmLGBYBSft
PAj1hW0snZd5sXP5d4arE3mSY1B5lMTV2yom4tf8ZglHQwH4emmsV14Bb+W3C2k6
JxF695mdHZXhu22MOIdzFPAltjawmrjlm+7B7NQexysBBYeRyJIaVWorsMo9AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU7csO5zYuspu9kSMShDlMXeaq3ywwHwYDVR0j
BBgwFoAU8p+6tNuGf2vZp+/2qlXZjBYuGq0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmY1MmQ4MTQtM2QyZi00ZGY0LTgxNDAtZGZiNTMwZjc0
OTEyLzAvRjI5RkJBQjREQjg2N0Y2QkQ5QTdFRkY2QUE1NUQ5OEMxNjJFMUFBRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhwLTZ0TnVHZjJ2WnAtXzJxbFhaakJZ
dUdxMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmY1MmQ4MTQt
M2QyZi00ZGY0LTgxNDAtZGZiNTMwZjc0OTEyLzAvMzQzNjJlMzIzNTMwMmUzMjMy
MzQyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzMTM0MzEzOTM5MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAQu+uAwDQYJKoZIhvcNAQELBQADggEBAAfnRhPTnfmT8y8vR5jKf0sFmSIFLG1/
v/A68T6mKj2DJxqDsZnOOGOVPrA2LxMlYTS498iddVdwnnzy2daP7kS2+ZGYJbeQ
begkd9E9rJY22+WLfp8IQoJ9GFTQE8WdwgFTcYDaYcc66ChFUmOrJUfmxr7TZY7C
gHmQ+Yb5PZAowp/BS7oBJBZNDUr8/BfUlXsGkQ+ic6KqflSYcJFWuwrU6H/zJAnt
pdm7feVnWBwIgsqUyJUDGOmDKDn7Mk/zM92RX3XVNJfYjnmSpQ1F97ajtirFAfxi
2aqv0/NZ7kGlrzMpTTwn0UrOwJaF7XMM183ydZP0f2mZsdN5cmkFbe0=
-----END CERTIFICATE-----
Generated at Sat Jun 15 06:47:39 2024 by rpki-client on console-ams.rpki-client.org