Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa
File:                     34352e31332e3135302e302f32342d3234203d3e20323132363039.roa (raw, json)
Hash identifier:          3YwODoAIMA+EcN8jN6ttyi3ShMMDtquckFasgGQIYbA=
Subject key identifier:   AC:41:B9:DB:63:74:DA:CC:DC:BB:18:E1:38:AA:07:93:ED:EF:DE:3F
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       5E56E59C90AEE126B2E2B638B864B86B9859B11C
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     212609
IP address blocks:        45.13.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:56:e5:9c:90:ae:e1:26:b2:e2:b6:38:b8:64:b8:6b:98:59:b1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=AC41B9DB6374DACCDCBB18E138AA0793EDEFDE3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8e:30:a1:05:72:0d:85:53:dd:64:24:66:93:
                    70:98:bb:f6:b6:bb:e1:7e:11:6e:d7:42:c2:34:a4:
                    91:18:83:23:d0:87:a9:4c:7e:d7:3a:98:1a:8a:8f:
                    b8:a2:72:01:c6:22:79:c2:b5:4f:a4:3e:46:0c:b8:
                    e7:54:67:49:4c:b6:28:08:46:29:4e:47:c5:4d:92:
                    91:c9:a4:2c:da:43:af:5b:4b:8b:99:52:be:7c:d3:
                    48:2c:c8:27:1c:2e:04:86:2b:9b:b2:10:15:31:f6:
                    df:97:98:30:ce:09:2b:13:fa:fd:47:eb:d9:ef:f4:
                    f7:45:d4:9f:b7:65:4b:12:70:fb:eb:1d:3e:ab:4f:
                    7c:2c:ab:29:8d:f0:09:93:dd:17:d7:3a:07:d5:26:
                    7b:ea:28:de:a5:75:33:da:9d:f2:a3:ec:da:09:3b:
                    17:a6:dd:9e:72:c2:6f:04:c6:a4:9f:32:dd:b3:c6:
                    03:e2:2b:fc:b4:8a:e4:d7:36:51:22:cb:cb:b5:a0:
                    70:ca:d5:5b:f9:9c:08:82:cf:0b:c9:5b:a0:53:49:
                    4f:a3:d9:ba:53:47:a7:5d:ee:77:6e:98:b5:a6:1c:
                    06:73:9d:c4:c7:14:38:b1:3c:aa:42:cb:3a:d9:86:
                    30:e5:83:38:71:0c:84:53:f9:a8:96:8e:0e:c1:34:
                    e8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:41:B9:DB:63:74:DA:CC:DC:BB:18:E1:38:AA:07:93:ED:EF:DE:3F
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:35:46:a5:7e:6e:9a:50:ec:35:c9:f8:d1:2e:0e:67:db:c6:
         d1:59:da:d7:26:70:48:a9:5d:12:3e:a9:72:50:3d:0e:03:76:
         a9:e9:8e:cb:0c:85:11:26:5a:f6:8d:44:62:04:4d:87:16:f4:
         cc:fa:7c:ad:da:1a:95:7c:38:bb:f4:bf:79:66:3e:1e:a9:46:
         78:c2:85:97:e2:ac:6f:af:e5:ae:a5:f8:af:cb:0a:56:9e:34:
         30:4f:5d:fb:39:dc:f2:74:32:be:8f:f7:20:60:05:8f:c0:43:
         05:c5:31:c2:d5:e6:27:f2:a3:98:44:58:9f:14:8e:42:67:37:
         6e:eb:03:ed:cc:41:c8:53:c2:98:5d:37:a9:fe:81:e1:da:81:
         a2:15:e3:98:ec:4a:e0:0d:fb:17:01:be:a1:2a:30:bc:d6:3e:
         52:22:0b:7d:ee:d1:28:81:92:55:5d:71:c8:7c:8b:ef:32:cf:
         f0:3c:2a:a0:3d:58:ce:ae:a8:ac:2a:79:fd:3d:ed:7c:10:57:
         e8:4b:00:64:80:00:b2:a7:5d:ed:38:21:02:2f:3f:fb:a1:96:
         4b:ca:7c:16:ef:4f:0f:b0:dd:b1:f6:5c:1b:92:64:bf:3f:66:
         e5:20:2a:3f:02:d3:01:73:ef:29:5c:5a:98:3c:f2:71:3e:6a:
         1e:88:25:48
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUXlblnJCu4Say4rY4uGS4a5hZsRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKEFDNDFCOURCNjM3NERBQ0NEQ0JCMThFMTM4QUEwNzkzRURFRkRFM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7jjChBXINhVPdZCRmk3CYu/a2
u+F+EW7XQsI0pJEYgyPQh6lMftc6mBqKj7iicgHGInnCtU+kPkYMuOdUZ0lMtigI
RilOR8VNkpHJpCzaQ69bS4uZUr5800gsyCccLgSGK5uyEBUx9t+XmDDOCSsT+v1H
69nv9PdF1J+3ZUsScPvrHT6rT3wsqymN8AmT3RfXOgfVJnvqKN6ldTPanfKj7NoJ
Oxem3Z5ywm8ExqSfMt2zxgPiK/y0iuTXNlEiy8u1oHDK1Vv5nAiCzwvJW6BTSU+j
2bpTR6dd7ndumLWmHAZzncTHFDixPKpCyzrZhjDlgzhxDIRT+aiWjg7BNOhpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUrEG522N02szcuxjhOKoHk+3v3j8wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzEzMzJlMzEzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzYzMDM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LQ2WMA0GCSqGSIb3DQEBCwUAA4IBAQA+NUalfm6aUOw1yfjRLg5n28bRWdrXJnBI
qV0SPqlyUD0OA3ap6Y7LDIURJlr2jURiBE2HFvTM+nyt2hqVfDi79L95Zj4eqUZ4
woWX4qxvr+WupfivywpWnjQwT137OdzydDK+j/cgYAWPwEMFxTHC1eYn8qOYRFif
FI5CZzdu6wPtzEHIU8KYXTep/oHh2oGiFeOY7ErgDfsXAb6hKjC81j5SIgt97tEo
gZJVXXHIfIvvMs/wPCqgPVjOrqisKnn9Pe18EFfoSwBkgACyp13tOCECLz/7oZZL
ynwW708PsN2x9lwbkmS/P2blICo/AtMBc+8pXFqYPPJxPmoeiCVI
-----END CERTIFICATE-----
Generated at Thu Jun 6 04:05:59 2024 by rpki-client on console-ams.rpki-client.org