Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3135352e3135392e302f32342d3234203d3e20323134393431.roa
File:                     34352e3135352e3135392e302f32342d3234203d3e20323134393431.roa (raw, json)
Hash identifier:          br2GbCV9wiaZM2sPQsD6HI3N4GAFozdwLwidHz7+YnE=
Subject key identifier:   1A:31:B6:C6:E3:FD:EA:51:F6:9F:AB:A4:B3:15:3F:41:E5:A2:6B:D4
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       396EB3E6B8DD9F0DF481BD0932676E51D2B159A5
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3135352e3135392e302f32342d3234203d3e20323134393431.roa
Signing time:             Mon 21 Oct 2024 07:58:55 +0000
ROA not before:           Mon 21 Oct 2024 07:53:55 +0000
ROA not after:            Mon 20 Oct 2025 07:58:55 +0000
asID:                     214941
IP address blocks:        45.155.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 14:58:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:6e:b3:e6:b8:dd:9f:0d:f4:81:bd:09:32:67:6e:51:d2:b1:59:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 21 07:53:55 2024 GMT
            Not After : Oct 20 07:58:55 2025 GMT
        Subject: CN=1A31B6C6E3FDEA51F69FABA4B3153F41E5A26BD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c5:e3:2f:17:d4:ce:99:58:ca:02:08:ee:b7:
                    95:6e:a0:fa:f1:08:61:4a:41:65:08:d2:e2:01:bf:
                    f8:f1:83:cb:a4:e5:9e:5b:df:48:20:f6:98:20:b4:
                    5e:8d:4b:fd:1c:42:74:a7:b8:cc:07:b1:3f:8f:6e:
                    00:98:95:52:73:c8:72:1a:1f:a5:d7:4e:94:0c:6f:
                    37:78:e9:fb:42:2e:4f:3d:4a:d7:c6:2c:55:30:4e:
                    b1:d6:42:3b:87:4b:71:d1:f7:55:9f:c3:b0:c7:f3:
                    c2:b6:86:8e:28:d0:b8:9b:c3:c9:1c:5d:62:41:78:
                    dd:3c:e4:e5:5c:32:40:ac:dc:28:58:2b:be:27:83:
                    09:c9:cf:1d:b6:fa:05:87:83:2d:b5:bc:bd:e7:29:
                    e4:3d:94:dc:3b:91:a1:6c:e6:fb:b5:66:95:5f:19:
                    6b:0b:a1:44:a8:48:85:33:93:dc:6c:dc:ab:d3:a4:
                    11:0f:fe:8b:4b:2b:2b:c0:81:a8:76:7b:53:76:09:
                    e1:e9:25:58:30:1f:66:d5:55:b6:57:91:88:b2:f3:
                    2f:01:f1:b7:c6:7b:3f:c8:a9:ee:f3:79:19:14:34:
                    0d:21:53:ff:e9:55:13:b1:a5:31:15:c0:bd:c4:f8:
                    cb:00:15:0e:1e:5e:05:58:dd:2c:e5:5a:1a:b8:68:
                    f8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:31:B6:C6:E3:FD:EA:51:F6:9F:AB:A4:B3:15:3F:41:E5:A2:6B:D4
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3135352e3135392e302f32342d3234203d3e20323134393431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b8:6b:57:bf:97:a4:f0:cb:a7:89:ba:28:2c:3b:05:32:ec:
         11:8a:8e:6e:32:ef:bd:1d:d5:1e:d6:28:da:9b:eb:f5:00:cc:
         58:0c:69:a3:c9:b9:c3:9c:7a:72:bf:e3:db:a1:d3:cf:cb:51:
         52:cf:11:52:0d:ef:2b:7d:37:a8:a0:69:be:5b:42:9d:a9:41:
         5d:ca:ee:11:3a:8b:25:31:bd:d3:70:2d:64:0a:60:c5:7f:86:
         09:7d:32:02:2f:e3:1d:d5:ef:4d:6e:87:45:32:85:29:31:72:
         6f:de:0a:15:20:81:c9:1b:62:a2:b5:df:57:37:92:de:bb:2b:
         ea:d7:c9:03:0a:ff:fc:05:70:21:35:b4:65:12:cc:73:80:fe:
         3f:7b:b3:6f:ed:a6:98:82:4d:35:96:32:13:ec:fc:98:bf:93:
         66:3a:f8:c9:54:89:f8:5d:90:24:53:e7:7a:69:0c:03:42:04:
         a0:2a:46:a1:71:e2:74:6d:57:72:a8:21:12:89:c3:83:8b:f7:
         f7:5d:93:41:ff:2c:9b:bd:5a:5a:f5:15:25:6a:5a:78:7c:cc:
         01:fb:eb:c6:2f:cc:60:27:7e:d8:fe:60:f2:3c:85:fb:22:d1:
         b2:32:b7:6d:65:a1:03:7e:4d:b8:39:2c:60:9e:ef:fd:85:5a:
         74:7e:d6:61
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUOW6z5rjdnw30gb0JMmduUdKxWaUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDEwMjEwNzUzNTVaFw0yNTEwMjAwNzU4NTVaMDMxMTAvBgNV
BAMTKDFBMzFCNkM2RTNGREVBNTFGNjlGQUJBNEIzMTUzRjQxRTVBMjZCRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqxeMvF9TOmVjKAgjut5VuoPrx
CGFKQWUI0uIBv/jxg8uk5Z5b30gg9pggtF6NS/0cQnSnuMwHsT+PbgCYlVJzyHIa
H6XXTpQMbzd46ftCLk89StfGLFUwTrHWQjuHS3HR91Wfw7DH88K2ho4o0Libw8kc
XWJBeN085OVcMkCs3ChYK74ngwnJzx22+gWHgy21vL3nKeQ9lNw7kaFs5vu1ZpVf
GWsLoUSoSIUzk9xs3KvTpBEP/otLKyvAgah2e1N2CeHpJVgwH2bVVbZXkYiy8y8B
8bfGez/Iqe7zeRkUNA0hU//pVROxpTEVwL3E+MsAFQ4eXgVY3SzlWhq4aPidAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUGjG2xuP96lH2n6uksxU/QeWia9QwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNTM1MmUzMTM1
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzOTM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtm58wDQYJKoZIhvcNAQELBQADggEBAIu4a1e/l6Twy6eJuigsOwUy7BGKjm4y
770d1R7WKNqb6/UAzFgMaaPJucOcenK/49uh08/LUVLPEVIN7yt9N6igab5bQp2p
QV3K7hE6iyUxvdNwLWQKYMV/hgl9MgIv4x3V701uh0UyhSkxcm/eChUggckbYqK1
31c3kt67K+rXyQMK//wFcCE1tGUSzHOA/j97s2/tppiCTTWWMhPs/Ji/k2Y6+MlU
ifhdkCRT53ppDANCBKAqRqFx4nRtV3KoIRKJw4OL9/ddk0H/LJu9Wlr1FSVqWnh8
zAH768YvzGAnftj+YPI8hfsi0bIyt21loQN+Tbg5LGCe7/2FWnR+1mE=
-----END CERTIFICATE-----
Generated at Mon Nov 4 21:29:09 2024 by rpki-client on console-fra.rpki-client.org