Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
File:                     34352e382e3137352e302f32342d3234203d3e2037353632.roa (raw, json)
Hash identifier:          3fsiRkpHdJoS5qphseHYMpbxHsbWCStbC1t09F70QDQ=
Subject key identifier:   98:18:57:1C:68:90:B8:63:2B:29:1B:4A:F6:EE:C2:6E:07:A6:23:DB
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       73FA59B74091803209A2A1DFD24F239D60E1C4FE
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
Signing time:             Thu 22 Feb 2024 17:05:14 +0000
ROA not before:           Thu 22 Feb 2024 17:00:14 +0000
ROA not after:            Thu 20 Feb 2025 17:05:14 +0000
asID:                     7562
IP address blocks:        45.8.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:fa:59:b7:40:91:80:32:09:a2:a1:df:d2:4f:23:9d:60:e1:c4:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:14 2024 GMT
            Not After : Feb 20 17:05:14 2025 GMT
        Subject: CN=9818571C6890B8632B291B4AF6EEC26E07A623DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4f:5e:8d:b4:24:41:d1:35:d5:fe:b8:fb:33:
                    7a:2a:95:15:84:37:95:60:b0:62:91:04:3a:be:75:
                    99:d9:c3:a2:42:37:ea:32:cb:e0:31:66:82:ae:64:
                    41:06:4e:b4:c9:2a:28:53:07:76:03:6e:f9:76:34:
                    18:29:0f:a8:00:5a:fa:71:ae:34:ef:5f:5d:43:ae:
                    f7:a8:b6:c8:62:d5:83:d5:ea:25:05:90:3e:97:14:
                    66:05:c6:f5:a7:58:72:84:e8:f1:17:46:19:ed:c0:
                    a8:86:c6:e0:2f:f8:22:6c:a1:f3:c3:0f:ed:95:f5:
                    68:23:5b:ce:d3:09:a5:ca:3f:e1:bc:39:c2:ba:c1:
                    45:aa:9b:2b:13:77:9e:06:7b:f9:51:44:8c:55:e1:
                    3d:33:04:bd:f9:ac:c8:ac:d2:16:d1:34:d2:c8:40:
                    fb:00:0d:f5:d9:ff:35:b9:a1:89:0b:d5:59:1d:ff:
                    b0:8a:75:c6:e7:0d:35:76:f2:98:b6:fa:4d:64:f4:
                    90:a0:d4:f7:22:d0:29:29:fc:f6:a4:3f:9a:f8:5f:
                    8f:b2:3c:f0:d8:6e:ea:d2:c0:3a:b6:06:87:75:1d:
                    56:86:57:4c:7b:03:2d:0b:fa:5d:11:c2:46:69:b3:
                    98:32:70:9a:b5:85:ba:af:ea:eb:52:18:6b:ed:76:
                    84:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:18:57:1C:68:90:B8:63:2B:29:1B:4A:F6:EE:C2:6E:07:A6:23:DB
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:0c:e9:5d:50:fb:3c:4c:cd:51:70:9a:56:d5:62:c8:c9:0a:
         75:91:06:6a:57:b8:38:97:29:1e:05:f2:9b:4a:b2:ba:22:40:
         d3:3b:be:c5:ad:e3:79:b8:4c:fe:96:94:2a:e5:69:1a:c9:21:
         78:5b:92:7a:73:6f:48:e2:f5:30:fa:7f:d9:d4:7c:a8:14:58:
         ec:9c:7e:62:db:0b:55:89:df:9a:79:47:cc:85:23:f9:d5:00:
         8a:bf:f0:4e:33:19:6b:94:84:83:cc:07:fd:48:08:90:f8:e9:
         dc:8c:92:9b:fe:f1:0a:43:56:ad:c3:72:0a:dc:f5:ee:47:ce:
         bf:c6:f8:db:fa:5f:0e:5b:3d:b6:62:9a:be:bd:9d:29:ca:ec:
         9a:7e:0b:90:34:04:a6:54:5a:9a:1d:b7:76:69:9e:c2:38:97:
         d8:7d:5e:1f:57:be:6e:2a:97:71:ef:d6:98:b9:01:61:75:19:
         e0:68:f4:ac:87:bd:ef:17:2a:9d:86:71:f4:bd:12:ac:34:dc:
         d9:70:13:7e:e7:79:ed:da:eb:64:9f:91:a6:52:ea:6e:f0:21:
         59:10:c0:b6:d2:f2:53:a8:a5:97:19:d5:c6:a4:ef:a6:ec:44:
         cd:88:ef:21:a9:f5:71:18:53:a1:e3:27:a7:c7:81:15:4e:90:
         e1:f5:2c:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUc/pZt0CRgDIJoqHf0k8jnWDhxP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTRaFw0yNTAyMjAxNzA1MTRaMDMxMTAvBgNV
BAMTKDk4MTg1NzFDNjg5MEI4NjMyQjI5MUI0QUY2RUVDMjZFMDdBNjIzREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcT16NtCRB0TXV/rj7M3oqlRWE
N5VgsGKRBDq+dZnZw6JCN+oyy+AxZoKuZEEGTrTJKihTB3YDbvl2NBgpD6gAWvpx
rjTvX11Drveotshi1YPV6iUFkD6XFGYFxvWnWHKE6PEXRhntwKiGxuAv+CJsofPD
D+2V9WgjW87TCaXKP+G8OcK6wUWqmysTd54Ge/lRRIxV4T0zBL35rMis0hbRNNLI
QPsADfXZ/zW5oYkL1Vkd/7CKdcbnDTV28pi2+k1k9JCg1Pci0Ckp/PakP5r4X4+y
PPDYburSwDq2Bod1HVaGV0x7Ay0L+l0RwkZps5gycJq1hbqv6utSGGvtdoQrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUmBhXHGiQuGMrKRtK9u7CbgemI9swHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzgyZTMxMzczNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzUzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQivMA0G
CSqGSIb3DQEBCwUAA4IBAQCPDOldUPs8TM1RcJpW1WLIyQp1kQZqV7g4lykeBfKb
SrK6IkDTO77FreN5uEz+lpQq5WkaySF4W5J6c29I4vUw+n/Z1HyoFFjsnH5i2wtV
id+aeUfMhSP51QCKv/BOMxlrlISDzAf9SAiQ+OncjJKb/vEKQ1atw3IK3PXuR86/
xvjb+l8OWz22Ypq+vZ0pyuyafguQNASmVFqaHbd2aZ7COJfYfV4fV75uKpdx79aY
uQFhdRngaPSsh73vFyqdhnH0vRKsNNzZcBN+53nt2utkn5GmUupu8CFZEMC20vJT
qKWXGdXGpO+m7ETNiO8hqfVxGFOh4yenx4EVTpDh9Sxl
-----END CERTIFICATE-----
Generated at Thu Jun 6 04:05:59 2024 by rpki-client on console-ams.rpki-client.org