Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203136323736.roa
File:                     34352e39352e38332e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          Q533ax1UvzPaArfGm41TbSiXq7dZJCYsDwOW5gzCSPM=
Subject key identifier:   FF:01:E2:8E:06:47:99:A1:9E:87:7A:B2:A2:C4:9E:76:E0:F3:F1:92
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       697E079403CA9D3EDF5012D166789E2DAF8E6649
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203136323736.roa
Signing time:             Thu 03 Oct 2024 09:22:43 +0000
ROA not before:           Thu 03 Oct 2024 09:17:43 +0000
ROA not after:            Thu 02 Oct 2025 09:22:43 +0000
asID:                     16276
IP address blocks:        45.95.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 05:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:7e:07:94:03:ca:9d:3e:df:50:12:d1:66:78:9e:2d:af:8e:66:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Oct  3 09:17:43 2024 GMT
            Not After : Oct  2 09:22:43 2025 GMT
        Subject: CN=FF01E28E064799A19E877AB2A2C49E76E0F3F192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:84:95:94:40:31:ba:fd:9f:bb:5e:76:4c:a0:
                    56:b3:0e:3c:1c:29:a6:a5:1a:7b:6a:35:ce:8a:01:
                    99:d2:1f:b9:28:e8:04:f2:cf:7c:a6:dc:5f:90:51:
                    ab:a9:22:3a:5d:6e:2e:db:d0:0e:69:b1:fe:dc:1a:
                    fd:cf:3d:2e:a7:82:9c:c3:c4:a7:3e:87:1a:d1:4e:
                    e4:7b:0b:63:d4:c7:4c:e1:e6:39:32:01:ed:40:d3:
                    ad:0d:f4:d5:d3:1a:10:8c:f6:2f:cc:57:30:d0:d0:
                    d4:e2:2f:da:3a:01:21:21:5a:1b:7b:e2:86:a2:fe:
                    32:64:d7:73:c9:b2:c3:54:40:b8:21:bb:ca:43:98:
                    6c:71:29:3a:ad:6c:ef:b2:77:85:6f:78:50:c4:3a:
                    a8:13:21:cb:59:17:c6:77:fb:10:76:f1:3a:9d:0b:
                    4e:ad:76:76:87:17:ce:65:ca:78:42:0f:26:39:b9:
                    63:7e:e7:dd:f1:4b:35:78:38:27:a6:7b:f7:12:0e:
                    10:28:98:a6:f6:b9:f0:2d:77:18:02:7c:aa:65:14:
                    d4:9e:ae:96:12:55:aa:2a:6d:56:e9:e4:a8:e8:5f:
                    a2:1d:bd:d7:d9:b7:0d:9f:dd:59:79:b0:49:91:da:
                    79:4d:e5:90:67:55:e3:ec:05:7a:66:bb:dd:93:08:
                    76:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:01:E2:8E:06:47:99:A1:9E:87:7A:B2:A2:C4:9E:76:E0:F3:F1:92
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ff:7b:47:5d:68:7a:64:55:a9:f8:86:b4:83:13:ac:d8:b8:
         b5:dc:cf:3a:be:6e:ad:b7:28:79:bd:c3:62:ac:39:d0:b9:2d:
         90:e4:cc:ff:d8:c9:95:0c:85:09:f7:52:d9:51:4a:a4:e0:28:
         7a:5a:44:f0:ff:58:77:cf:04:f4:df:cc:73:1a:70:6d:00:f9:
         49:9a:30:3e:d2:76:5d:5e:12:f3:67:32:f7:14:b7:05:91:ca:
         16:f5:a5:74:fa:2f:7d:52:8e:fc:a4:6a:94:30:7e:58:8e:1f:
         c8:2f:84:8b:6a:56:f4:c6:6b:a4:ea:52:aa:ae:7e:83:3c:33:
         2c:ba:ff:1f:60:a3:a1:b5:fc:f2:01:f8:2c:54:39:96:7d:d3:
         be:aa:6c:3a:6c:2d:a3:61:ed:25:da:db:3e:79:ee:19:13:11:
         69:d3:d7:95:5e:06:42:fa:3f:4a:c5:56:14:4e:e9:7a:02:09:
         b5:a2:6d:0e:39:38:e5:91:cf:9b:27:7f:ca:39:58:2e:b9:2b:
         6e:ab:f3:95:22:f6:6e:4e:a2:56:dd:25:e9:e4:22:ed:6d:05:
         96:56:9b:0f:51:a9:5b:cf:f0:3e:28:db:84:63:47:52:c0:60:
         57:85:ee:8e:3f:2a:27:34:94:a5:e9:c2:9f:5f:eb:a3:05:88:
         92:5e:aa:8e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUaX4HlAPKnT7fUBLRZnieLa+OZkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDEwMDMwOTE3NDNaFw0yNTEwMDIwOTIyNDNaMDMxMTAvBgNV
BAMTKEZGMDFFMjhFMDY0Nzk5QTE5RTg3N0FCMkEyQzQ5RTc2RTBGM0YxOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDChJWUQDG6/Z+7XnZMoFazDjwc
KaalGntqNc6KAZnSH7ko6ATyz3ym3F+QUaupIjpdbi7b0A5psf7cGv3PPS6ngpzD
xKc+hxrRTuR7C2PUx0zh5jkyAe1A060N9NXTGhCM9i/MVzDQ0NTiL9o6ASEhWht7
4oai/jJk13PJssNUQLghu8pDmGxxKTqtbO+yd4VveFDEOqgTIctZF8Z3+xB28Tqd
C06tdnaHF85lynhCDyY5uWN+593xSzV4OCeme/cSDhAomKb2ufAtdxgCfKplFNSe
rpYSVaoqbVbp5KjoX6IdvdfZtw2f3Vl5sEmR2nlN5ZBnVePsBXpmu92TCHZtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/wHijgZHmaGeh3qyosSeduDz8ZIwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzMjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Mw
DQYJKoZIhvcNAQELBQADggEBAIf/e0ddaHpkVan4hrSDE6zYuLXczzq+bq23KHm9
w2KsOdC5LZDkzP/YyZUMhQn3UtlRSqTgKHpaRPD/WHfPBPTfzHMacG0A+UmaMD7S
dl1eEvNnMvcUtwWRyhb1pXT6L31SjvykapQwfliOH8gvhItqVvTGa6TqUqqufoM8
Myy6/x9go6G1/PIB+CxUOZZ9076qbDpsLaNh7SXa2z557hkTEWnT15VeBkL6P0rF
VhRO6XoCCbWibQ45OOWRz5snf8o5WC65K26r85Ui9m5OolbdJenkIu1tBZZWmw9R
qVvP8D4o24RjR1LAYFeF7o4/Kic0lKXpwp9f66MFiJJeqo4=
-----END CERTIFICATE-----
Generated at Mon Nov 4 08:26:19 2024 by rpki-client on console-fra.rpki-client.org