Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa
File:                     34352e36362e3134382e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          e7KFTp8WhSYx7qrXr9SymmmSKIPkT/VUufPSkOTmu+c=
Subject key identifier:   5A:87:0F:E0:CA:26:71:E7:08:96:94:8B:65:70:08:12:47:6C:91:F1
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       78312ED344C795394E110264D91BDC60B892148C
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     61317
IP address blocks:        45.66.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:31:2e:d3:44:c7:95:39:4e:11:02:64:d9:1b:dc:60:b8:92:14:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=5A870FE0CA2671E70896948B65700812476C91F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8c:7f:d8:5e:36:21:48:d4:28:de:3f:f1:d5:
                    36:5a:f0:5e:ea:d7:6b:30:8b:4d:a2:06:64:42:84:
                    33:fa:62:b8:3d:07:ac:5f:10:42:c6:4e:cd:bb:8d:
                    01:21:42:0d:83:4a:ab:97:df:8e:9d:fe:fe:1b:75:
                    40:3a:2a:c2:8b:1e:5d:25:34:16:d6:a3:01:de:34:
                    27:44:dc:56:ba:2e:c1:e0:5e:9e:1c:55:d7:81:5a:
                    5f:61:c8:e4:ac:3b:9e:cb:c5:12:e2:e2:a9:05:87:
                    46:72:b5:f2:42:6b:fe:61:f6:d8:90:15:8e:e7:84:
                    c1:fc:2f:19:7e:39:27:0e:3d:af:64:05:09:7c:f4:
                    6d:87:9d:a0:16:18:7c:72:f6:e8:9f:94:e8:e8:b8:
                    f0:4e:f5:7c:7e:b4:ea:fa:1d:90:ed:7e:33:51:a2:
                    4d:a4:4b:d7:13:f8:d7:85:1e:46:98:76:87:ba:ef:
                    64:76:22:dd:b7:71:93:7e:1d:63:67:4b:b5:a3:25:
                    b8:9f:e6:ab:f1:25:80:a2:f0:8e:46:c9:dd:c8:bf:
                    05:10:57:2e:a5:95:d8:e1:7d:20:e5:1f:5b:1c:fc:
                    86:ec:38:ac:e4:da:6b:08:58:84:79:ba:5e:b3:41:
                    23:00:79:71:4e:4f:62:fd:59:45:b0:4b:af:3b:38:
                    34:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:87:0F:E0:CA:26:71:E7:08:96:94:8B:65:70:08:12:47:6C:91:F1
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:99:12:ee:35:c9:d8:8c:cc:79:7c:b5:5f:2c:12:0f:28:
         d7:22:50:8e:bd:87:7c:9b:41:b0:66:42:a0:8a:04:9e:9e:55:
         6f:f5:6f:5f:3a:01:d8:d2:ca:6a:6d:d9:70:26:ec:17:ad:14:
         42:66:9f:7d:60:02:8e:97:99:5f:33:30:6c:38:d7:da:cb:d0:
         e7:9d:eb:ed:7f:7a:cf:41:c3:26:91:2e:99:09:30:64:a2:b6:
         3c:2d:74:ae:44:27:95:75:5e:62:7a:9c:df:e9:cc:85:b3:fc:
         d1:a8:f9:2e:fb:56:21:88:b3:09:bf:96:a8:28:dc:f7:ed:f3:
         03:f5:dc:d5:0a:fc:28:eb:58:44:c7:3e:b5:a5:93:51:50:37:
         7d:4c:6f:f2:eb:c4:d7:f1:95:1a:15:bd:c1:f4:12:61:08:70:
         f9:08:ff:ee:88:7d:3d:fa:28:7e:3c:bc:f2:36:08:38:eb:5b:
         f6:1b:43:f6:63:87:af:a4:3b:22:75:01:44:cc:18:b7:7c:a6:
         50:b2:77:23:51:4c:98:24:78:e8:0d:36:70:46:3c:73:ef:98:
         86:08:a2:49:ef:1c:93:9c:91:1c:44:fa:f3:aa:de:2e:9b:c2:
         01:8c:0a:c4:57:4c:ce:37:c1:49:3e:b6:3b:c1:73:51:53:fe:
         6a:c9:0a:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeDEu00THlTlOEQJk2RvcYLiSFIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKDVBODcwRkUwQ0EyNjcxRTcwODk2OTQ4QjY1NzAwODEyNDc2QzkxRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsjH/YXjYhSNQo3j/x1TZa8F7q
12swi02iBmRChDP6Yrg9B6xfEELGTs27jQEhQg2DSquX346d/v4bdUA6KsKLHl0l
NBbWowHeNCdE3Fa6LsHgXp4cVdeBWl9hyOSsO57LxRLi4qkFh0ZytfJCa/5h9tiQ
FY7nhMH8Lxl+OScOPa9kBQl89G2HnaAWGHxy9uiflOjouPBO9Xx+tOr6HZDtfjNR
ok2kS9cT+NeFHkaYdoe672R2It23cZN+HWNnS7WjJbif5qvxJYCi8I5Gyd3IvwUQ
Vy6lldjhfSDlH1sc/IbsOKzk2msIWIR5ul6zQSMAeXFOT2L9WUWwS687ODQzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWocP4MomcecIlpSLZXAIEkdskfEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzYzNjJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
lDANBgkqhkiG9w0BAQsFAAOCAQEAUt2ZEu41ydiMzHl8tV8sEg8o1yJQjr2HfJtB
sGZCoIoEnp5Vb/VvXzoB2NLKam3ZcCbsF60UQmaffWACjpeZXzMwbDjX2svQ553r
7X96z0HDJpEumQkwZKK2PC10rkQnlXVeYnqc3+nMhbP80aj5LvtWIYizCb+WqCjc
9+3zA/Xc1Qr8KOtYRMc+taWTUVA3fUxv8uvE1/GVGhW9wfQSYQhw+Qj/7oh9Pfoo
fjy88jYIOOtb9htD9mOHr6Q7InUBRMwYt3ymULJ3I1FMmCR46A02cEY8c++Yhgii
Se8ck5yRHET686reLpvCAYwKxFdMzjfBST62O8FzUVP+askKMQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 10:06:08 2024 by rpki-client on console-ams.rpki-client.org