Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa
File:                     34352e39352e36342e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          Q31MR11Bz3s5cbxsPZ6aTU4oYePBwnOqM87OiN+L2W8=
Subject key identifier:   5B:B0:67:2B:9F:EB:F9:EC:93:E2:7F:3D:D4:59:3A:EF:39:21:1C:6F
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       3CA67462B77EC69241BD4BE197A841B0569C35DC
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa
Signing time:             Mon 23 Sep 2024 09:43:19 +0000
ROA not before:           Mon 23 Sep 2024 09:38:19 +0000
ROA not after:            Mon 22 Sep 2025 09:43:19 +0000
asID:                     211373
IP address blocks:        45.95.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a6:74:62:b7:7e:c6:92:41:bd:4b:e1:97:a8:41:b0:56:9c:35:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Sep 23 09:38:19 2024 GMT
            Not After : Sep 22 09:43:19 2025 GMT
        Subject: CN=5BB0672B9FEBF9EC93E27F3DD4593AEF39211C6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:03:63:a5:d2:d6:e0:89:9c:1b:c1:22:30:46:
                    ce:00:19:95:e5:5a:9b:ff:d7:27:f7:09:b0:3d:dc:
                    dd:ec:26:e4:04:a9:7b:35:fb:24:6b:6d:f1:a7:5c:
                    5c:d6:c7:30:93:6c:09:38:e9:11:d3:97:e6:e9:06:
                    f8:5e:cd:70:a3:a2:59:65:8c:85:1c:25:20:c5:29:
                    46:fe:44:1f:ff:af:95:82:53:55:1f:0f:bc:d5:a6:
                    45:a0:29:d7:7e:e4:49:3a:ee:d3:15:40:a6:11:11:
                    99:ab:0d:52:9d:6f:3d:56:b6:a8:72:dc:4f:b7:d9:
                    93:df:0c:1f:2f:e0:1f:a9:1a:c0:28:28:69:dd:1f:
                    a3:0a:7e:2c:b5:18:fb:4d:9e:8d:3e:0a:d1:40:d8:
                    7e:58:b0:fb:81:9d:e0:9a:d3:46:52:3f:7d:76:7c:
                    d4:97:2e:a1:e4:fb:bc:6a:95:fe:31:c8:7f:76:57:
                    ed:b1:5c:35:e6:81:15:85:53:be:21:65:dc:11:5c:
                    bd:eb:cc:00:0d:b8:f0:ad:a4:0b:6b:15:20:00:c3:
                    e0:3f:78:f9:be:86:28:34:67:7d:c2:5d:9d:26:40:
                    d9:a4:80:a7:a7:03:4e:b6:49:28:b3:e2:85:be:a6:
                    16:d7:b0:60:18:a2:9a:e5:e1:b1:7d:61:c8:5d:f6:
                    cd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B0:67:2B:9F:EB:F9:EC:93:E2:7F:3D:D4:59:3A:EF:39:21:1C:6F
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:56:07:84:6b:e1:17:b2:19:51:13:5e:58:aa:9e:dc:ae:c3:
         7b:0f:9f:76:6b:5e:1d:da:f8:64:a1:59:7c:3d:b6:fd:52:43:
         35:41:a0:39:77:c3:19:23:85:bd:a5:ee:f7:34:76:c8:90:8d:
         00:25:bd:8c:95:e1:26:42:54:15:ab:ed:50:ec:d9:c7:e0:dd:
         69:97:0a:72:05:a8:b5:5d:b2:ab:66:79:37:1b:70:c0:3b:a8:
         1b:58:3a:1a:9d:a0:5a:83:51:99:eb:ac:b0:8a:09:45:4a:06:
         a7:3e:e2:c1:e1:a9:d5:28:9d:9e:7d:0d:be:2b:bc:2c:65:24:
         ca:a2:3f:dd:c4:4c:be:7f:36:62:88:10:64:e5:41:c8:31:cf:
         31:87:07:78:d4:8f:ae:96:a3:c9:58:a3:74:ef:c6:41:67:48:
         5e:fe:c4:fc:32:9b:5e:ca:5a:fa:a9:d5:86:fb:55:24:ab:28:
         e4:24:7c:6d:44:de:68:7d:2f:14:d3:4a:08:0b:3f:de:ba:bc:
         d8:aa:0c:69:1a:97:c2:8f:4e:18:6f:4f:1d:57:5d:0d:41:b3:
         2e:fb:b7:34:78:e8:65:8f:83:f3:39:bc:0d:98:90:be:13:6a:
         e1:43:c8:8a:f5:37:d2:a1:45:b4:26:f4:9c:41:b6:82:17:2c:
         79:23:c7:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPKZ0Yrd+xpJBvUvhl6hBsFacNdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA5MjMwOTM4MTlaFw0yNTA5MjIwOTQzMTlaMDMxMTAvBgNV
BAMTKDVCQjA2NzJCOUZFQkY5RUM5M0UyN0YzREQ0NTkzQUVGMzkyMTFDNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfA2Ol0tbgiZwbwSIwRs4AGZXl
Wpv/1yf3CbA93N3sJuQEqXs1+yRrbfGnXFzWxzCTbAk46RHTl+bpBvhezXCjolll
jIUcJSDFKUb+RB//r5WCU1UfD7zVpkWgKdd+5Ek67tMVQKYREZmrDVKdbz1Wtqhy
3E+32ZPfDB8v4B+pGsAoKGndH6MKfiy1GPtNno0+CtFA2H5YsPuBneCa00ZSP312
fNSXLqHk+7xqlf4xyH92V+2xXDXmgRWFU74hZdwRXL3rzAANuPCtpAtrFSAAw+A/
ePm+hig0Z33CXZ0mQNmkgKenA062SSiz4oW+phbXsGAYoprl4bF9Ychd9s31AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW7BnK5/r+eyT4n891Fk67zkhHG8wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTMzMzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QDANBgkqhkiG9w0BAQsFAAOCAQEA4FYHhGvhF7IZURNeWKqe3K7Dew+fdmteHdr4
ZKFZfD22/VJDNUGgOXfDGSOFvaXu9zR2yJCNACW9jJXhJkJUFavtUOzZx+DdaZcK
cgWotV2yq2Z5NxtwwDuoG1g6Gp2gWoNRmeussIoJRUoGpz7iweGp1Sidnn0Nviu8
LGUkyqI/3cRMvn82YogQZOVByDHPMYcHeNSPrpajyVijdO/GQWdIXv7E/DKbXspa
+qnVhvtVJKso5CR8bUTeaH0vFNNKCAs/3rq82KoMaRqXwo9OGG9PHVddDUGzLvu3
NHjoZY+D8zm8DZiQvhNq4UPIivU30qFFtCb0nEG2ghcseSPHgQ==
-----END CERTIFICATE-----
Generated at Fri Dec 13 08:33:40 2024 by rpki-client on console-fra.rpki-client.org