Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38302e302f32342d3234203d3e203538303631.roa
File:                     34352e31322e38302e302f32342d3234203d3e203538303631.roa (raw, json)
Hash identifier:          EJjW/8cmYBRIcwGZtJ9z9ISFZlgvVHix4MwVl3FmN6s=
Subject key identifier:   2A:70:A9:39:76:0E:92:D8:EB:0C:E1:2A:57:81:F1:CA:9B:76:AF:BE
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3DA7F5E1AD79E041656E6A22AB8280A61ABF99F1
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38302e302f32342d3234203d3e203538303631.roa
Signing time:             Fri 08 Mar 2024 06:05:11 +0000
ROA not before:           Fri 08 Mar 2024 06:00:11 +0000
ROA not after:            Fri 07 Mar 2025 06:05:11 +0000
asID:                     58061
IP address blocks:        45.12.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a7:f5:e1:ad:79:e0:41:65:6e:6a:22:ab:82:80:a6:1a:bf:99:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar  8 06:00:11 2024 GMT
            Not After : Mar  7 06:05:11 2025 GMT
        Subject: CN=2A70A939760E92D8EB0CE12A5781F1CA9B76AFBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4a:5d:a5:fb:f2:75:44:da:1e:01:10:5b:3d:
                    b0:01:bd:77:59:38:b0:60:2f:63:df:8e:ed:67:61:
                    30:a7:51:7c:df:ef:8c:23:a7:b7:bb:3d:de:38:98:
                    aa:fd:fe:e7:15:ea:bd:83:32:ca:71:fa:51:c6:8b:
                    a3:d5:dc:c0:a8:2c:8d:79:cd:7a:8e:ef:ee:7b:48:
                    ae:0b:96:76:c7:ef:9a:22:d4:e8:57:7c:80:82:06:
                    f9:37:b2:d7:fa:91:b7:1b:6c:ab:6d:7b:5d:b5:e6:
                    39:0a:a2:bf:c7:9e:5b:93:78:b9:3b:21:14:d7:96:
                    06:b1:ce:e8:e2:cf:fa:1d:62:76:55:d0:49:00:6b:
                    d3:bd:24:7e:c5:72:cd:29:e8:d9:55:69:4b:a7:ca:
                    42:79:f8:15:3f:de:70:99:8f:a1:ca:6c:26:93:f4:
                    b9:d7:fb:54:57:8c:ac:ce:6a:c8:aa:0a:17:a0:17:
                    57:f6:4d:19:37:12:ac:97:7d:25:2a:4a:af:9d:71:
                    92:11:bb:47:9a:52:cd:c5:7d:ff:53:99:2a:a3:9c:
                    3b:45:e8:5f:80:b1:7f:97:27:31:30:56:a1:3c:10:
                    d8:8f:ae:c1:45:33:dd:59:68:9d:e5:3d:a3:1a:08:
                    93:82:d8:b8:67:ff:4d:ce:f5:63:59:16:87:b7:20:
                    fc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:70:A9:39:76:0E:92:D8:EB:0C:E1:2A:57:81:F1:CA:9B:76:AF:BE
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38302e302f32342d3234203d3e203538303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:57:00:6c:18:bf:ad:f0:d9:37:c9:c8:84:64:13:ab:b6:40:
         b8:9c:20:86:ec:ae:c7:62:50:54:b4:e3:75:19:22:85:7d:d3:
         f3:55:a2:07:2a:3d:a5:bb:23:aa:9b:bb:3d:6e:27:6a:38:9a:
         20:02:8e:60:a8:54:17:76:45:ff:39:27:b4:bb:2d:7b:32:c0:
         79:e0:0e:e1:28:33:fa:ef:69:72:89:49:9b:41:c9:97:3a:56:
         b2:be:5b:fa:e3:2f:97:0d:d2:03:f9:13:f8:16:ed:bb:98:3f:
         3c:ec:4f:1a:30:bb:cc:ee:19:31:fd:52:03:4a:f4:e6:98:ec:
         b0:fb:27:81:c2:89:f6:20:05:27:b9:27:53:94:ed:fb:7c:1a:
         bd:c7:ee:97:4b:43:f3:0b:1c:56:41:fd:8a:77:3a:c7:a7:09:
         70:d5:65:74:8f:9e:97:d6:c5:30:01:f5:66:8a:40:b7:d8:5c:
         60:49:fe:f5:26:a6:94:d4:27:22:16:2e:84:23:bd:78:3f:c7:
         ad:24:df:e1:d7:46:be:4e:50:72:fa:4c:db:63:20:41:47:d3:
         62:5e:c9:35:40:3b:13:43:70:96:40:0b:aa:a2:68:de:17:14:
         61:73:6b:2b:d2:1b:8c:f9:2b:c6:46:6d:86:81:7d:b1:1f:ba:
         e7:da:28:60
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPaf14a154EFlbmoiq4KAphq/mfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAzMDgwNjAwMTFaFw0yNTAzMDcwNjA1MTFaMDMxMTAvBgNV
BAMTKDJBNzBBOTM5NzYwRTkyRDhFQjBDRTEyQTU3ODFGMUNBOUI3NkFGQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Sl2l+/J1RNoeARBbPbABvXdZ
OLBgL2Pfju1nYTCnUXzf74wjp7e7Pd44mKr9/ucV6r2DMspx+lHGi6PV3MCoLI15
zXqO7+57SK4LlnbH75oi1OhXfICCBvk3stf6kbcbbKtte1215jkKor/HnluTeLk7
IRTXlgaxzujiz/odYnZV0EkAa9O9JH7Fcs0p6NlVaUunykJ5+BU/3nCZj6HKbCaT
9LnX+1RXjKzOasiqChegF1f2TRk3EqyXfSUqSq+dcZIRu0eaUs3Fff9TmSqjnDtF
6F+AsX+XJzEwVqE8ENiPrsFFM91ZaJ3lPaMaCJOC2Lhn/03O9WNZFoe3IPxHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUKnCpOXYOktjrDOEqV4Hxypt2r74wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzgzMDM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDFAw
DQYJKoZIhvcNAQELBQADggEBABdXAGwYv63w2TfJyIRkE6u2QLicIIbsrsdiUFS0
43UZIoV90/NVogcqPaW7I6qbuz1uJ2o4miACjmCoVBd2Rf85J7S7LXsywHngDuEo
M/rvaXKJSZtByZc6VrK+W/rjL5cN0gP5E/gW7buYPzzsTxowu8zuGTH9UgNK9OaY
7LD7J4HCifYgBSe5J1OU7ft8Gr3H7pdLQ/MLHFZB/Yp3OsenCXDVZXSPnpfWxTAB
9WaKQLfYXGBJ/vUmppTUJyIWLoQjvXg/x60k3+HXRr5OUHL6TNtjIEFH02JeyTVA
OxNDcJZAC6qiaN4XFGFzayvSG4z5K8ZGbYaBfbEfuufaKGA=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:01 2024 by rpki-client on console-fra.rpki-client.org