Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/34352e3135362e3131372e302f32342d3234203d3e203631333137.roa
File:                     34352e3135362e3131372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          6bjHTFJthfggO28C7rjed1qCoqda68SiW/jTgijiswA=
Subject key identifier:   4D:EC:00:D8:C8:DD:A4:31:33:DE:D0:11:B5:D6:2E:E1:7C:80:E0:2B
Certificate issuer:       /CN=06da19f4285eb04d0310733f4ac00107b73337ad
Certificate serial:       7903C5A9030666DE3A0C46B463E10026AC3DE525
Authority key identifier: 06:DA:19:F4:28:5E:B0:4D:03:10:73:3F:4A:C0:01:07:B7:33:37:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BtoZ9ChesE0DEHM_SsABB7czN60.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/34352e3135362e3131372e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 05 Feb 2024 07:05:12 +0000
ROA not before:           Mon 05 Feb 2024 07:00:12 +0000
ROA not after:            Mon 03 Feb 2025 07:05:12 +0000
asID:                     61317
IP address blocks:        45.156.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/06DA19F4285EB04D0310733F4AC00107B73337AD.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/06DA19F4285EB04D0310733F4AC00107B73337AD.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BtoZ9ChesE0DEHM_SsABB7czN60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 18:13:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:03:c5:a9:03:06:66:de:3a:0c:46:b4:63:e1:00:26:ac:3d:e5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06da19f4285eb04d0310733f4ac00107b73337ad
        Validity
            Not Before: Feb  5 07:00:12 2024 GMT
            Not After : Feb  3 07:05:12 2025 GMT
        Subject: CN=4DEC00D8C8DDA43133DED011B5D62EE17C80E02B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0d:00:3c:4b:99:60:8a:c7:e1:a0:35:08:2b:
                    ac:1e:28:60:c5:c0:67:d4:55:05:34:e6:81:64:bf:
                    d4:b2:dc:f2:1c:27:c4:95:0c:8e:01:3c:59:0c:0a:
                    35:9f:f2:ee:01:be:c4:e1:e0:8d:a2:cb:d4:b4:f0:
                    de:ec:26:de:7d:fe:8e:bc:e7:0e:15:60:c6:72:ac:
                    0f:d7:a9:d2:5a:3a:74:a8:1a:c2:a6:f3:a8:fa:4d:
                    0d:5d:93:56:c1:76:f3:55:11:a4:5d:81:71:53:9b:
                    74:df:69:92:b6:e4:7d:52:37:6e:e5:93:57:d6:e6:
                    12:97:a4:63:c6:b2:6c:cb:6c:d7:7c:db:b7:bb:17:
                    30:b7:5a:52:28:95:6e:7b:fa:fc:35:cc:45:8e:5a:
                    36:06:1b:df:49:e7:5b:09:30:ac:3c:26:17:f4:65:
                    a6:bd:a9:ae:1c:d2:6a:6e:16:14:0a:8f:69:d8:80:
                    28:28:12:5d:1a:29:46:c7:97:77:97:35:91:bc:35:
                    bb:5e:c6:25:1e:19:fd:c0:fb:45:d1:e8:f3:3e:d0:
                    78:ee:9e:24:a4:62:cb:84:80:22:58:02:70:c8:74:
                    da:eb:b4:fd:00:3a:09:86:78:b7:58:e9:54:e2:b8:
                    b3:ca:c4:22:01:eb:7b:09:c5:c2:d6:c2:fb:5b:87:
                    84:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EC:00:D8:C8:DD:A4:31:33:DE:D0:11:B5:D6:2E:E1:7C:80:E0:2B
            X509v3 Authority Key Identifier:
                keyid:06:DA:19:F4:28:5E:B0:4D:03:10:73:3F:4A:C0:01:07:B7:33:37:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/06DA19F4285EB04D0310733F4AC00107B73337AD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BtoZ9ChesE0DEHM_SsABB7czN60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/370be6cd-25d2-4f8b-88a4-b5109f49462d/1/34352e3135362e3131372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:10:1a:43:1f:fe:ce:f0:cb:6c:1d:cd:a3:34:e1:e9:1d:44:
         ff:80:a3:90:cd:c6:2f:e3:3e:3d:2d:9e:1c:a0:9f:5b:2a:f0:
         cb:f6:84:79:d1:23:cf:e7:5d:00:49:c3:ae:a4:72:4c:db:03:
         5e:83:5f:fa:32:2a:57:58:55:72:cf:7c:eb:be:80:c3:6e:64:
         2d:e5:2c:39:6b:5f:60:a4:3b:78:88:ad:50:b3:29:b5:1b:1a:
         61:4b:4f:7f:ad:dd:b3:a3:9b:b1:fb:7d:bf:c8:e2:2a:e7:f4:
         04:2c:21:88:f6:c0:d8:de:ee:4a:b8:8d:22:25:93:c4:ed:3d:
         11:c5:b4:a1:00:2f:eb:b6:e6:ad:bc:0e:93:04:b6:82:ac:7c:
         f1:8a:e2:ac:0f:dc:e8:14:eb:c7:21:24:45:13:4f:74:0d:fe:
         b2:d7:9a:8b:04:49:9e:92:06:d1:3a:df:be:4e:94:b9:c1:c6:
         2f:bf:9f:c3:77:6f:e1:d5:c5:c4:c8:3e:a4:da:86:0c:fc:83:
         9c:22:b7:9d:11:8e:ab:67:22:62:83:a4:2c:17:b2:84:66:d1:
         6d:0b:8b:68:b9:c7:9d:7e:73:a2:f0:32:d2:3e:61:86:ae:f2:
         71:33:6e:61:78:9b:2c:c8:e8:2d:92:41:fb:34:b7:c0:49:85:
         1a:94:82:eb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUeQPFqQMGZt46DEa0Y+EAJqw95SUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDZkYTE5ZjQyODVlYjA0ZDAzMTA3MzNmNGFjMDAxMDdi
NzMzMzdhZDAeFw0yNDAyMDUwNzAwMTJaFw0yNTAyMDMwNzA1MTJaMDMxMTAvBgNV
BAMTKDRERUMwMEQ4QzhEREE0MzEzM0RFRDAxMUI1RDYyRUUxN0M4MEUwMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DQA8S5lgisfhoDUIK6weKGDF
wGfUVQU05oFkv9Sy3PIcJ8SVDI4BPFkMCjWf8u4BvsTh4I2iy9S08N7sJt59/o68
5w4VYMZyrA/XqdJaOnSoGsKm86j6TQ1dk1bBdvNVEaRdgXFTm3TfaZK25H1SN27l
k1fW5hKXpGPGsmzLbNd827e7FzC3WlIolW57+vw1zEWOWjYGG99J51sJMKw8Jhf0
Zaa9qa4c0mpuFhQKj2nYgCgoEl0aKUbHl3eXNZG8NbtexiUeGf3A+0XR6PM+0Hju
niSkYsuEgCJYAnDIdNrrtP0AOgmGeLdY6VTiuLPKxCIB63sJxcLWwvtbh4SZAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUTewA2MjdpDEz3tARtdYu4XyA4CswHwYDVR0j
BBgwFoAUBtoZ9ChesE0DEHM/SsABB7czN60wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzcwYmU2Y2QtMjVkMi00ZjhiLTg4YTQtYjUxMDlmNDk0
NjJkLzEvMDZEQTE5RjQyODVFQjA0RDAzMTA3MzNGNEFDMDAxMDdCNzMzMzdBRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0J0b1o5Q2hlc0UwREVITV9Tc0FCQjdj
ek42MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMzcwYmU2Y2Qt
MjVkMi00ZjhiLTg4YTQtYjUxMDlmNDk0NjJkLzEvMzQzNTJlMzEzNTM2MmUzMTMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZx1MA0GCSqGSIb3DQEBCwUAA4IBAQCdEBpDH/7O8MtsHc2jNOHpHUT/gKOQzcYv
4z49LZ4coJ9bKvDL9oR50SPP510AScOupHJM2wNeg1/6MipXWFVyz3zrvoDDbmQt
5Sw5a19gpDt4iK1Qsym1GxphS09/rd2zo5ux+32/yOIq5/QELCGI9sDY3u5KuI0i
JZPE7T0RxbShAC/rtuatvA6TBLaCrHzxiuKsD9zoFOvHISRFE090Df6y15qLBEme
kgbROt++TpS5wcYvv5/Dd2/h1cXEyD6k2oYM/IOcIredEY6rZyJig6QsF7KEZtFt
C4toucedfnOi8DLSPmGGrvJxM25heJssyOgtkkH7NLfASYUalILr
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:36:37 2024 by rpki-client on console-fra.rpki-client.org