Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa
File:                     34352e31322e38322e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          QutHVewH7zI9zGy8a9WpO3Jp8tNemKbdbB9LBU24O9k=
Subject key identifier:   2C:2D:06:FF:66:2F:3A:74:EC:36:BB:79:67:E9:65:92:09:78:F2:9A
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       2643F743A8D21A58759E8A182683A90550439EFB
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa
Signing time:             Wed 10 Apr 2024 11:46:10 +0000
ROA not before:           Wed 10 Apr 2024 11:41:10 +0000
ROA not after:            Wed 09 Apr 2025 11:46:10 +0000
asID:                     152672
IP address blocks:        45.12.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:43:f7:43:a8:d2:1a:58:75:9e:8a:18:26:83:a9:05:50:43:9e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr 10 11:41:10 2024 GMT
            Not After : Apr  9 11:46:10 2025 GMT
        Subject: CN=2C2D06FF662F3A74EC36BB7967E965920978F29A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:45:59:f6:5b:98:55:c8:f6:60:bf:3e:74:76:
                    02:19:7f:d3:48:72:03:20:cb:58:80:00:75:d9:68:
                    4d:b6:71:5a:bf:c2:fd:1a:ba:a8:2e:cd:05:58:f4:
                    35:29:7f:0c:82:dc:fd:74:85:9e:8b:cb:e7:c5:e5:
                    e5:59:64:1a:1a:b3:d7:b8:dd:f9:6b:87:7a:48:f7:
                    c0:3e:1a:bb:a8:73:e8:3c:91:85:95:14:84:5e:93:
                    e7:28:b5:6c:2b:9b:37:c2:23:f1:43:64:bc:40:d8:
                    8c:5e:38:c8:f7:59:fd:c3:1f:5a:06:9a:f5:96:eb:
                    02:b2:0d:a7:c8:b8:3c:f8:f5:53:6c:b1:3d:d9:1e:
                    64:8a:5f:58:0b:28:29:c9:00:e1:d3:f6:41:d3:be:
                    91:9f:9c:be:e7:52:6d:d3:1b:3b:81:43:44:c1:78:
                    ac:b7:08:d8:b2:a5:0b:16:10:dd:43:cf:c1:10:b8:
                    51:60:b6:c2:e1:e6:b9:69:42:af:37:94:20:a9:bb:
                    7e:94:01:ff:32:0b:8e:4b:d0:ac:d9:21:92:06:0a:
                    f7:09:c4:70:99:2d:ec:5c:25:f4:14:92:0d:70:83:
                    96:67:c9:90:23:08:82:2c:9a:cb:18:ca:0b:f5:63:
                    40:d6:31:1d:af:5e:58:36:aa:73:34:ff:3d:c6:a5:
                    46:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2D:06:FF:66:2F:3A:74:EC:36:BB:79:67:E9:65:92:09:78:F2:9A
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:36:06:90:2c:29:d7:82:58:ae:ae:4f:49:8b:ac:c9:0f:06:
         28:82:65:80:02:4f:66:fd:c1:cd:5d:40:41:f4:4a:77:73:93:
         7b:48:00:1f:6a:b2:a5:fc:55:68:62:4d:c3:dd:f7:72:65:7e:
         33:16:0a:16:c3:81:6d:b0:cf:54:65:00:8f:12:9a:0a:95:7a:
         e8:27:c8:f7:eb:6c:6c:39:37:5f:2b:a6:59:f8:4a:50:80:a0:
         13:8c:81:fc:aa:84:46:1f:65:fd:db:90:99:80:47:ab:6e:36:
         34:e4:73:77:c9:4e:46:2d:a1:40:26:49:6d:3c:e0:5d:16:96:
         d7:b7:c6:d7:cc:89:72:e5:05:c1:cb:a9:67:37:70:ee:33:a7:
         2d:7c:04:f3:10:1d:e4:f2:41:d1:5b:f3:13:87:e5:78:72:97:
         a4:a2:0a:a9:41:0d:c8:65:b3:71:8b:34:71:f4:8d:57:21:39:
         8b:03:7e:6f:a9:aa:52:f8:57:92:4b:80:39:13:24:fa:89:bb:
         ef:d3:93:d0:91:86:a9:f8:20:a3:1c:42:73:9e:d5:88:57:34:
         c4:37:1f:54:3a:35:c2:69:d3:ca:b1:9a:f3:2a:9d:73:f0:a0:
         09:1e:85:ee:4f:0f:ad:f8:8d:11:b0:9d:94:c3:95:09:11:21:
         9f:93:94:53
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJkP3Q6jSGlh1nooYJoOpBVBDnvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA0MTAxMTQxMTBaFw0yNTA0MDkxMTQ2MTBaMDMxMTAvBgNV
BAMTKDJDMkQwNkZGNjYyRjNBNzRFQzM2QkI3OTY3RTk2NTkyMDk3OEYyOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1RVn2W5hVyPZgvz50dgIZf9NI
cgMgy1iAAHXZaE22cVq/wv0auqguzQVY9DUpfwyC3P10hZ6Ly+fF5eVZZBoas9e4
3flrh3pI98A+Gruoc+g8kYWVFIRek+cotWwrmzfCI/FDZLxA2IxeOMj3Wf3DH1oG
mvWW6wKyDafIuDz49VNssT3ZHmSKX1gLKCnJAOHT9kHTvpGfnL7nUm3TGzuBQ0TB
eKy3CNiypQsWEN1Dz8EQuFFgtsLh5rlpQq83lCCpu36UAf8yC45L0KzZIZIGCvcJ
xHCZLexcJfQUkg1wg5ZnyZAjCIIsmssYygv1Y0DWMR2vXlg2qnM0/z3GpUaTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULC0G/2YvOnTsNrt5Z+llkgl48powHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMjM2MzczMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UjANBgkqhkiG9w0BAQsFAAOCAQEArzYGkCwp14JYrq5PSYusyQ8GKIJlgAJPZv3B
zV1AQfRKd3OTe0gAH2qypfxVaGJNw933cmV+MxYKFsOBbbDPVGUAjxKaCpV66CfI
9+tsbDk3XyumWfhKUICgE4yB/KqERh9l/duQmYBHq242NORzd8lORi2hQCZJbTzg
XRaW17fG18yJcuUFwcupZzdw7jOnLXwE8xAd5PJB0VvzE4fleHKXpKIKqUENyGWz
cYs0cfSNVyE5iwN+b6mqUvhXkkuAORMk+om779OT0JGGqfggoxxCc57ViFc0xDcf
VDo1wmnTyrGa8yqdc/CgCR6F7k8PrfiNEbCdlMOVCREhn5OUUw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 12:00:56 2024 by rpki-client on console-ams.rpki-client.org