Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e203633303233.roa
File:                     34352e31322e38322e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          rfpUEjrQoadvsQKXyjB6WQCVYRzcDjJ2npqXG1IRs6k=
Subject key identifier:   59:F9:55:29:19:77:AE:4E:F2:A3:B2:1B:C4:91:1E:D5:E8:65:76:29
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       37592630831376EBFD7CC79D83371C70EAFF2C82
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e203633303233.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     63023
IP address blocks:        45.12.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 08:34:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:59:26:30:83:13:76:eb:fd:7c:c7:9d:83:37:1c:70:ea:ff:2c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=59F955291977AE4EF2A3B21BC4911ED5E8657629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:76:5d:54:a1:7c:20:fc:b5:d5:3f:59:9f:
                    72:6c:f1:c3:50:5d:4f:e5:81:24:26:40:a1:4d:9f:
                    f7:1e:dd:03:8b:b4:f8:ea:79:d5:c6:7b:80:7d:8d:
                    2d:ea:b2:14:9c:06:d3:60:c0:28:ca:5f:e0:3e:05:
                    7a:35:7f:8e:04:43:ab:1f:b1:8e:bc:e9:df:4b:0b:
                    be:aa:2b:b0:d9:1e:6f:d8:25:f3:5f:0f:ec:6e:19:
                    ae:2a:e3:26:54:00:e9:a8:d1:6c:2d:34:73:21:60:
                    01:2b:9d:1d:e4:66:e2:18:ce:19:eb:59:7f:d1:79:
                    95:d5:01:e6:05:d4:79:dd:73:d3:4f:24:3c:14:cb:
                    9b:f4:fc:ff:9a:6a:1c:2b:88:11:e1:28:75:3a:13:
                    b2:cf:6e:19:95:2e:50:f5:bd:fb:cf:3c:64:21:f7:
                    f3:33:4c:c0:bf:45:c6:32:5d:d2:6b:56:9d:ba:e4:
                    77:7d:52:70:30:ee:41:f9:53:3b:fb:8d:ef:dd:eb:
                    c3:95:e0:48:24:c7:9b:5a:12:6c:95:93:fb:2e:29:
                    74:90:37:f1:a6:00:d9:51:8b:98:88:66:d0:70:ba:
                    f2:25:33:75:f4:b3:45:c8:09:05:a3:4b:d4:0b:71:
                    75:60:38:84:6d:99:0a:57:bf:64:36:4c:d2:ff:4c:
                    b4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F9:55:29:19:77:AE:4E:F2:A3:B2:1B:C4:91:1E:D5:E8:65:76:29
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b8:43:d1:0d:30:aa:3f:13:5b:a1:91:db:00:32:53:e1:e0:
         0a:1e:a0:32:54:b2:10:4e:2c:ab:c4:b6:c0:d6:d2:aa:53:15:
         e4:aa:cd:a1:12:38:47:98:69:dc:de:09:ed:6b:6c:28:8c:c6:
         29:79:21:e5:8f:84:0f:bd:04:e2:a4:43:8c:ff:bb:dc:f5:f1:
         07:4a:3f:59:fa:90:f7:88:a3:97:45:34:0e:b0:78:5f:c2:72:
         e2:40:5c:03:30:1f:e9:49:fc:b9:70:bb:27:7a:8d:37:9b:3d:
         7f:a5:06:dd:a9:e7:30:3d:6f:52:58:5e:28:db:fe:91:96:51:
         61:a9:8f:0c:d9:37:29:83:7d:66:1b:6c:4c:15:af:14:b4:74:
         e6:33:ec:14:85:2e:bb:e1:45:e0:e6:fc:33:08:f9:96:8c:21:
         65:b8:c0:7d:63:00:db:93:02:0f:86:c0:91:e1:c3:0f:8d:17:
         f3:c5:03:e4:9c:ea:10:75:7a:4c:6d:8c:e0:6b:9a:45:00:de:
         60:da:77:e5:31:5d:39:0b:39:f5:65:cc:75:72:ff:7a:2e:f9:
         7d:1f:d5:f4:0e:e2:fa:d4:c9:88:ce:75:2b:88:91:c4:d1:20:
         82:4e:4c:2a:4b:dd:ec:fc:d8:a7:82:89:9a:60:ca:68:51:ac:
         32:9b:76:dd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN1kmMIMTduv9fMedgzcccOr/LIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTNaFw0yNTAyMTkxOTA1MTNaMDMxMTAvBgNV
BAMTKDU5Rjk1NTI5MTk3N0FFNEVGMkEzQjIxQkM0OTExRUQ1RTg2NTc2MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC53ZdVKF8IPy11T9Zn3Js8cNQ
XU/lgSQmQKFNn/ce3QOLtPjqedXGe4B9jS3qshScBtNgwCjKX+A+BXo1f44EQ6sf
sY686d9LC76qK7DZHm/YJfNfD+xuGa4q4yZUAOmo0WwtNHMhYAErnR3kZuIYzhnr
WX/ReZXVAeYF1Hndc9NPJDwUy5v0/P+aahwriBHhKHU6E7LPbhmVLlD1vfvPPGQh
9/MzTMC/RcYyXdJrVp265Hd9UnAw7kH5Uzv7je/d68OV4Egkx5taEmyVk/suKXSQ
N/GmANlRi5iIZtBwuvIlM3X0s0XICQWjS9QLcXVgOIRtmQpXv2Q2TNL/TLQzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWflVKRl3rk7yo7IbxJEe1ehldikwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzMDMyMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDFIw
DQYJKoZIhvcNAQELBQADggEBAAu4Q9ENMKo/E1uhkdsAMlPh4AoeoDJUshBOLKvE
tsDW0qpTFeSqzaESOEeYadzeCe1rbCiMxil5IeWPhA+9BOKkQ4z/u9z18QdKP1n6
kPeIo5dFNA6weF/CcuJAXAMwH+lJ/Llwuyd6jTebPX+lBt2p5zA9b1JYXijb/pGW
UWGpjwzZNymDfWYbbEwVrxS0dOYz7BSFLrvhReDm/DMI+ZaMIWW4wH1jANuTAg+G
wJHhww+NF/PFA+Sc6hB1ekxtjOBrmkUA3mDad+UxXTkLOfVlzHVy/3ou+X0f1fQO
4vrUyYjOdSuIkcTRIIJOTCpL3ez82KeCiZpgymhRrDKbdt0=
-----END CERTIFICATE-----
Generated at Mon Dec 9 17:21:11 2024 by rpki-client on console-ams.rpki-client.org