Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e20323134313334.roa
File:                     34352e39352e38322e302f32342d3234203d3e20323134313334.roa (raw, json)
Hash identifier:          ZVDnUpjmQz3pm0MDzOgDjfBaD8IijBkidSYUwuSN8bE=
Subject key identifier:   03:BD:ED:A6:7F:3A:98:A0:39:9A:5E:81:0A:C7:77:5F:8B:F8:00:01
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       3ECF866100CBD6B7F4E91FC2F16138F4266D5A93
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e20323134313334.roa
Signing time:             Sat 28 Sep 2024 14:27:33 +0000
ROA not before:           Sat 28 Sep 2024 14:22:33 +0000
ROA not after:            Sat 27 Sep 2025 14:27:33 +0000
asID:                     214134
IP address blocks:        45.95.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 05:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:cf:86:61:00:cb:d6:b7:f4:e9:1f:c2:f1:61:38:f4:26:6d:5a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Sep 28 14:22:33 2024 GMT
            Not After : Sep 27 14:27:33 2025 GMT
        Subject: CN=03BDEDA67F3A98A0399A5E810AC7775F8BF80001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1a:61:4d:5c:47:82:d1:36:a8:07:7f:5a:ec:
                    69:35:13:e3:10:a6:3d:9b:9a:bf:a3:29:69:b1:65:
                    09:9c:45:98:16:66:30:c3:06:9e:13:35:2b:65:22:
                    0f:50:d3:3b:cb:dd:2b:be:b7:7e:6d:ee:0d:33:4a:
                    e3:28:fa:91:00:1d:22:b8:50:79:2b:85:e4:1f:34:
                    4b:72:c6:ba:a5:90:c0:2a:cf:11:9a:87:c5:7f:ca:
                    fe:57:3f:29:e3:dd:73:bc:6b:54:1f:f7:40:df:20:
                    5f:9a:a0:d2:02:c4:b1:81:9c:60:ad:b6:21:26:38:
                    cd:c5:26:1d:22:c5:42:a1:fd:99:6b:98:34:6d:ef:
                    e6:78:bb:ed:66:d2:a8:2a:63:65:bc:6a:e1:69:32:
                    e5:ac:78:ef:fc:b8:ff:e8:d5:da:29:0c:5c:de:5d:
                    03:07:c3:2c:d6:8c:aa:9e:d6:c6:10:0a:86:ae:12:
                    4b:9a:cc:ef:3b:e5:19:f4:c5:4d:c0:7b:cc:87:2b:
                    11:c6:6c:c4:e3:fe:01:82:21:bf:55:a2:86:e9:77:
                    7c:4f:a2:56:e7:e2:d7:b1:90:a0:f9:df:80:a9:3a:
                    f7:6b:f5:06:4d:0c:4a:ca:4b:04:d4:cd:09:d7:1a:
                    4c:74:32:48:d0:a5:ea:2e:93:4d:ee:0b:82:d2:46:
                    8f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BD:ED:A6:7F:3A:98:A0:39:9A:5E:81:0A:C7:77:5F:8B:F8:00:01
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e20323134313334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:47:dd:89:bf:fe:2d:ae:00:1f:d0:18:95:31:50:23:a6:3d:
         b9:ea:78:a4:6a:c4:6a:4c:4e:9e:13:a5:4e:01:5a:b5:d8:a2:
         18:9d:74:04:c3:21:b8:1a:a8:55:07:1f:b0:e8:43:0d:95:65:
         20:58:dc:84:54:5f:57:3e:7c:07:d1:48:4c:35:f0:93:6e:f2:
         06:18:18:5f:dd:98:5b:c1:77:9c:5b:f0:72:05:52:02:de:ba:
         6b:b8:09:a7:b5:d0:1f:42:64:77:99:87:b4:1c:2c:1f:44:1c:
         72:5e:82:ba:71:c2:9c:5f:ed:98:45:f1:85:0a:a9:b6:c4:82:
         29:d7:f9:d7:a9:a8:b3:84:f1:7b:46:b5:ee:cc:6e:ad:d7:30:
         d0:6f:2e:fc:14:bd:93:a6:eb:16:36:72:6d:59:18:cd:5f:28:
         be:5d:4e:53:82:88:6e:2d:4f:c5:dc:3c:a5:52:96:8c:7b:1a:
         17:9f:58:3e:66:19:74:2e:24:da:08:91:24:a1:9e:7c:b8:9a:
         cb:5a:f1:b0:b3:2c:d9:3d:2a:89:a0:0f:37:3d:e8:6d:d6:3d:
         2d:e9:a3:92:f6:80:94:b4:59:be:ca:f5:af:60:43:30:52:01:
         09:a0:09:0e:94:b8:d8:0c:4e:95:16:96:03:54:56:22:d3:78:
         3e:1f:8f:4c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPs+GYQDL1rf06R/C8WE49CZtWpMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA5MjgxNDIyMzNaFw0yNTA5MjcxNDI3MzNaMDMxMTAvBgNV
BAMTKDAzQkRFREE2N0YzQTk4QTAzOTlBNUU4MTBBQzc3NzVGOEJGODAwMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDGmFNXEeC0TaoB39a7Gk1E+MQ
pj2bmr+jKWmxZQmcRZgWZjDDBp4TNStlIg9Q0zvL3Su+t35t7g0zSuMo+pEAHSK4
UHkrheQfNEtyxrqlkMAqzxGah8V/yv5XPynj3XO8a1Qf90DfIF+aoNICxLGBnGCt
tiEmOM3FJh0ixUKh/ZlrmDRt7+Z4u+1m0qgqY2W8auFpMuWseO/8uP/o1dopDFze
XQMHwyzWjKqe1sYQCoauEkuazO875Rn0xU3Ae8yHKxHGbMTj/gGCIb9Voobpd3xP
olbn4texkKD534CpOvdr9QZNDErKSwTUzQnXGkx0MkjQpeouk03uC4LSRo8NAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUA73tpn86mKA5ml6BCsd3X4v4AAEwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDMxMzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
UjANBgkqhkiG9w0BAQsFAAOCAQEACkfdib/+La4AH9AYlTFQI6Y9uep4pGrEakxO
nhOlTgFatdiiGJ10BMMhuBqoVQcfsOhDDZVlIFjchFRfVz58B9FITDXwk27yBhgY
X92YW8F3nFvwcgVSAt66a7gJp7XQH0Jkd5mHtBwsH0Qccl6CunHCnF/tmEXxhQqp
tsSCKdf516mos4Txe0a17sxurdcw0G8u/BS9k6brFjZybVkYzV8ovl1OU4KIbi1P
xdw8pVKWjHsaF59YPmYZdC4k2giRJKGefLiay1rxsLMs2T0qiaAPNz3obdY9Lemj
kvaAlLRZvsr1r2BDMFIBCaAJDpS42AxOlRaWA1RWItN4Ph+PTA==
-----END CERTIFICATE-----
Generated at Mon Nov 4 08:26:19 2024 by rpki-client on console-fra.rpki-client.org