Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa
File:                     34352e39352e36352e302f32342d3234203d3e20323130313634.roa (raw, json)
Hash identifier:          NbpBHJJiQgJo53OF/NBAFNKkncA2uYBX59I7Jo0H+qo=
Subject key identifier:   26:05:70:58:22:91:1C:06:ED:7C:72:F8:76:CA:8E:4C:F1:59:2B:9A
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       01C5CF19AA483806FB80555F356B9981B66FF0AE
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa
Signing time:             Mon 03 Feb 2025 09:53:53 +0000
ROA not before:           Mon 03 Feb 2025 09:48:53 +0000
ROA not after:            Mon 02 Feb 2026 09:53:53 +0000
asID:                     210164
IP address blocks:        45.95.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 04:46:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:c5:cf:19:aa:48:38:06:fb:80:55:5f:35:6b:99:81:b6:6f:f0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb  3 09:48:53 2025 GMT
            Not After : Feb  2 09:53:53 2026 GMT
        Subject: CN=2605705822911C06ED7C72F876CA8E4CF1592B9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e1:12:2b:06:70:49:8d:c2:86:bd:f1:b5:79:
                    af:cb:6e:57:eb:c0:40:54:60:78:60:4b:7b:83:4e:
                    39:a5:ff:1f:21:26:f8:13:13:0e:01:51:fb:5f:00:
                    04:6e:d7:4c:94:c3:74:0b:14:92:2b:ea:93:cd:df:
                    5c:f7:5c:6c:50:d9:bc:53:ac:17:e8:af:cc:db:39:
                    7e:38:bd:ef:d9:34:5e:65:ed:90:26:d5:9b:63:79:
                    43:40:ab:c0:28:7f:a9:20:7c:97:7d:55:53:90:d8:
                    fd:14:95:e7:e4:84:fb:4a:d1:25:5a:ae:80:3e:fc:
                    0b:68:10:42:cb:46:8c:b7:0b:d9:b6:5c:99:20:f3:
                    89:63:fd:49:8a:56:1d:0b:3b:07:64:2f:82:4f:15:
                    00:83:86:04:eb:08:68:bf:81:3e:79:a8:30:29:e9:
                    4b:58:51:d9:ec:92:05:5f:e9:0d:c8:44:45:f7:9f:
                    c4:a9:04:ea:33:4e:9f:d8:bf:40:57:3a:e6:0a:81:
                    91:ac:ac:c6:b7:59:16:35:40:8d:8c:fc:36:f0:9d:
                    41:ab:b8:1d:19:c5:e3:5c:46:cd:80:c9:20:29:2c:
                    a9:5a:2c:e0:a4:2d:7d:67:f9:a5:87:66:66:0f:e3:
                    63:f7:5c:21:32:7c:c0:94:78:e7:35:73:d3:0d:e6:
                    66:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:05:70:58:22:91:1C:06:ED:7C:72:F8:76:CA:8E:4C:F1:59:2B:9A
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:38:10:dc:a8:28:ee:60:08:69:75:a7:cd:00:91:81:75:c1:
         8e:c0:38:f5:cc:ef:53:a2:66:8a:0e:19:e1:fe:52:5c:ea:46:
         2f:94:60:9d:7d:f5:30:0a:74:fe:fc:07:70:03:08:3c:c7:6c:
         af:12:9f:01:da:3d:d8:02:f5:3a:ab:0e:78:79:e7:ea:b0:df:
         21:66:56:56:a1:60:dd:8e:da:2d:38:62:01:41:29:2f:ec:c2:
         5f:ff:a8:b4:fb:53:e4:42:ec:aa:1f:05:2b:f9:da:dc:98:86:
         50:eb:01:82:33:0f:2b:d1:05:04:44:f5:3b:08:41:ae:6d:d9:
         9f:a4:1c:11:ca:e8:fd:bf:8c:27:45:39:f8:29:c8:4d:3c:bd:
         90:d4:77:f1:a6:3a:af:d9:22:a9:fe:51:82:f0:18:f2:5b:39:
         71:63:54:b2:90:9d:a9:4b:2b:1b:5c:f2:82:6b:a4:fd:6e:81:
         32:17:42:54:73:8e:7f:ca:76:a1:02:1f:1f:a6:6a:18:c7:5a:
         f8:8d:a5:29:4d:19:49:57:97:96:61:e1:ca:a8:d8:06:a6:eb:
         07:d7:06:8c:76:a2:ac:16:6f:5d:a3:69:06:97:c4:92:63:01:
         34:68:7b:dd:e8:27:d9:68:b9:6e:4f:c7:74:4b:23:ff:f0:09:
         12:c9:8b:8d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAcXPGapIOAb7gFVfNWuZgbZv8K4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTAyMDMwOTQ4NTNaFw0yNjAyMDIwOTUzNTNaMDMxMTAvBgNV
BAMTKDI2MDU3MDU4MjI5MTFDMDZFRDdDNzJGODc2Q0E4RTRDRjE1OTJCOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF4RIrBnBJjcKGvfG1ea/Lblfr
wEBUYHhgS3uDTjml/x8hJvgTEw4BUftfAARu10yUw3QLFJIr6pPN31z3XGxQ2bxT
rBfor8zbOX44ve/ZNF5l7ZAm1ZtjeUNAq8Aof6kgfJd9VVOQ2P0UlefkhPtK0SVa
roA+/AtoEELLRoy3C9m2XJkg84lj/UmKVh0LOwdkL4JPFQCDhgTrCGi/gT55qDAp
6UtYUdnskgVf6Q3IREX3n8SpBOozTp/Yv0BXOuYKgZGsrMa3WRY1QI2M/DbwnUGr
uB0ZxeNcRs2AySApLKlaLOCkLX1n+aWHZmYP42P3XCEyfMCUeOc1c9MN5mY7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJgVwWCKRHAbtfHL4dsqOTPFZK5owHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMDMxMzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QTANBgkqhkiG9w0BAQsFAAOCAQEAbTgQ3Kgo7mAIaXWnzQCRgXXBjsA49czvU6Jm
ig4Z4f5SXOpGL5RgnX31MAp0/vwHcAMIPMdsrxKfAdo92AL1OqsOeHnn6rDfIWZW
VqFg3Y7aLThiAUEpL+zCX/+otPtT5ELsqh8FK/na3JiGUOsBgjMPK9EFBET1OwhB
rm3Zn6QcEcro/b+MJ0U5+CnITTy9kNR38aY6r9kiqf5RgvAY8ls5cWNUspCdqUsr
G1zygmuk/W6BMhdCVHOOf8p2oQIfH6ZqGMda+I2lKU0ZSVeXlmHhyqjYBqbrB9cG
jHairBZvXaNpBpfEkmMBNGh73egn2Wi5bk/HdEsj//AJEsmLjQ==
-----END CERTIFICATE-----