Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131362e302f32332d3233203d3e20343030393039.roa
File:                     34352e36352e3131362e302f32332d3233203d3e20343030393039.roa (raw, json)
Hash identifier:          f5ZHeOypbQqgJx8VrWNMCY1aYbhuYcS2bDyhEobkReA=
Subject key identifier:   17:4B:61:34:B5:5E:EF:A7:80:4B:D9:C0:4D:9E:8A:6F:53:F3:D0:16
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       2A8A2720F17F2EBCCFD488150593B2932CDC205F
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131362e302f32332d3233203d3e20343030393039.roa
Signing time:             Mon 01 Jan 2024 16:40:51 +0000
ROA not before:           Mon 01 Jan 2024 16:35:51 +0000
ROA not after:            Mon 30 Dec 2024 16:40:51 +0000
asID:                     400909
IP address blocks:        45.65.116.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:8a:27:20:f1:7f:2e:bc:cf:d4:88:15:05:93:b2:93:2c:dc:20:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Jan  1 16:35:51 2024 GMT
            Not After : Dec 30 16:40:51 2024 GMT
        Subject: CN=174B6134B55EEFA7804BD9C04D9E8A6F53F3D016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:22:99:5c:fb:d1:a0:41:72:19:98:a8:1e:
                    e8:05:be:7d:5a:d0:c8:ec:df:18:21:5f:66:18:a3:
                    c6:b4:d6:ea:49:0c:44:41:04:fa:ad:02:1c:a0:e9:
                    2e:ec:ca:fd:d2:98:f0:4b:1c:49:ae:67:1b:99:03:
                    0b:ab:89:19:47:fe:fc:70:95:54:7c:09:a2:ee:46:
                    d2:18:3a:db:72:9c:78:c9:7a:33:91:ca:6e:01:08:
                    f3:b7:98:cb:b1:85:18:b5:da:62:99:7b:e9:41:f5:
                    6c:fc:df:8b:14:5a:2e:a2:c2:8e:3c:46:6a:4b:4f:
                    a9:74:00:f0:c5:3f:6f:95:e6:25:c8:af:a5:b9:69:
                    56:1f:5a:f4:59:0f:fd:40:b6:c5:1c:3d:cd:b8:90:
                    aa:06:c3:9e:8c:f4:7d:39:36:d5:bc:a1:47:58:35:
                    fc:15:2d:10:55:a2:5a:2b:53:eb:dc:ab:b5:77:b7:
                    f5:42:3f:6f:7d:01:46:50:09:77:c1:c2:68:ed:b8:
                    ae:8c:d4:11:86:1e:28:c2:ca:ed:0f:e5:cc:f2:9c:
                    46:e5:2f:32:dc:cf:51:e8:32:0f:86:d2:2c:3b:e9:
                    6b:68:0d:1b:da:10:00:05:e7:34:89:3e:84:ae:af:
                    39:a1:34:92:9c:9b:df:8c:8b:8a:2a:9e:f6:95:5a:
                    3b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:61:34:B5:5E:EF:A7:80:4B:D9:C0:4D:9E:8A:6F:53:F3:D0:16
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131362e302f32332d3233203d3e20343030393039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:c8:bf:d7:ff:d2:c3:f7:6f:d0:2c:7f:06:1b:39:17:e3:72:
         42:44:6e:84:04:69:80:92:e2:06:f9:46:66:fa:b7:56:f3:7e:
         2f:a5:a3:79:6a:27:3c:97:ab:b8:09:ad:81:41:2d:f9:04:b1:
         e7:b6:35:19:4e:d4:e5:26:d2:a0:57:47:c7:6c:0b:67:a9:17:
         72:04:2b:23:e8:5e:39:4c:96:9b:b2:a3:92:fd:0f:d8:69:03:
         27:c9:4d:0f:77:d4:54:ec:75:48:ab:65:a6:e4:aa:55:ec:96:
         70:06:fd:84:81:0a:a9:30:92:f8:86:d2:7c:98:c1:d0:53:c8:
         0c:9e:9a:9d:fd:c6:26:ff:16:da:66:34:f3:a2:39:6b:c1:83:
         b0:2f:f0:a7:3b:7f:37:9c:31:91:60:94:13:7b:c1:bc:eb:ed:
         06:cb:26:77:10:0f:46:92:b1:6b:d1:08:8d:7a:0a:e2:0d:ae:
         04:8c:88:c7:3f:2a:57:32:db:d1:86:b5:85:18:b7:5b:b7:5b:
         00:75:95:08:79:f6:70:24:8b:c8:f3:dc:69:35:3b:54:a9:5b:
         7e:53:b4:41:05:40:c3:06:67:72:b4:dc:f9:0c:c2:4f:3e:e9:
         96:2f:db:30:c6:ce:42:e0:26:ba:20:64:9d:d6:8d:2a:c7:ee:
         61:fa:94:a5
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUKoonIPF/LrzP1IgVBZOykyzcIF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDAxMDExNjM1NTFaFw0yNDEyMzAxNjQwNTFaMDMxMTAvBgNV
BAMTKDE3NEI2MTM0QjU1RUVGQTc4MDRCRDlDMDREOUU4QTZGNTNGM0QwMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5BiKZXPvRoEFyGZioHugFvn1a
0Mjs3xghX2YYo8a01upJDERBBPqtAhyg6S7syv3SmPBLHEmuZxuZAwuriRlH/vxw
lVR8CaLuRtIYOttynHjJejORym4BCPO3mMuxhRi12mKZe+lB9Wz834sUWi6iwo48
RmpLT6l0APDFP2+V5iXIr6W5aVYfWvRZD/1AtsUcPc24kKoGw56M9H05NtW8oUdY
NfwVLRBVolorU+vcq7V3t/VCP299AUZQCXfBwmjtuK6M1BGGHijCyu0P5czynEbl
LzLcz1HoMg+G0iw76WtoDRvaEAAF5zSJPoSurzmhNJKcm9+Mi4oqnvaVWjtDAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUF0thNLVe76eAS9nATZ6Kb1Pz0BYwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM2
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzMDMwMzkzMDM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LUF0MA0GCSqGSIb3DQEBCwUAA4IBAQBRyL/X/9LD92/QLH8GGzkX43JCRG6EBGmA
kuIG+UZm+rdW834vpaN5aic8l6u4Ca2BQS35BLHntjUZTtTlJtKgV0fHbAtnqRdy
BCsj6F45TJabsqOS/Q/YaQMnyU0Pd9RU7HVIq2Wm5KpV7JZwBv2EgQqpMJL4htJ8
mMHQU8gMnpqd/cYm/xbaZjTzojlrwYOwL/CnO383nDGRYJQTe8G86+0GyyZ3EA9G
krFr0QiNegriDa4EjIjHPypXMtvRhrWFGLdbt1sAdZUIefZwJIvI89xpNTtUqVt+
U7RBBUDDBmdytNz5DMJPPumWL9swxs5C4Ca6IGSd1o0qx+5h+pSl
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:58:16 2024 by rpki-client on console-ams.rpki-client.org