Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39392e302f32342d3234203d3e203239353338.roa
File:                     34352e3133372e39392e302f32342d3234203d3e203239353338.roa (raw, json)
Hash identifier:          1EuICmKA8pJupg8YWjVFt3bUYcWYP5JWKPMCikcitNo=
Subject key identifier:   58:47:7F:9B:6F:BC:C2:13:DA:4F:DC:2C:90:C7:94:C9:9D:9E:57:A8
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       073C268E0CE546125223EBB8267D6F502DDAD0
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39392e302f32342d3234203d3e203239353338.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     29538
IP address blocks:        45.137.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:3c:26:8e:0c:e5:46:12:52:23:eb:b8:26:7d:6f:50:2d:da:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=58477F9B6FBCC213DA4FDC2C90C794C99D9E57A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:52:f1:98:b2:f3:34:a0:a8:69:06:82:a6:48:
                    aa:3e:43:91:8f:b1:18:e9:11:d2:47:d4:5c:b8:0e:
                    1f:23:7e:06:de:40:0d:05:e9:7e:09:e2:96:47:9a:
                    53:66:71:0c:20:af:67:f3:c0:46:40:cc:0d:f1:a3:
                    1f:84:b7:05:8e:b8:1e:fd:31:86:a6:4e:fd:b9:eb:
                    e2:0d:92:93:67:11:86:35:82:d5:2a:fe:bb:eb:83:
                    19:61:85:ab:60:5f:11:73:2b:13:5e:03:1c:72:c4:
                    67:b7:cc:df:16:6b:a9:8f:37:1b:26:88:d7:32:e1:
                    64:67:d9:19:5c:56:70:86:bd:0c:eb:4f:c9:01:ab:
                    6e:25:e9:b2:0e:35:ca:fc:30:c2:3c:8e:25:39:6d:
                    93:8a:60:55:b6:36:22:a1:6b:e8:20:fa:76:e2:f1:
                    ec:a8:2c:ca:cc:c4:f3:b5:c4:74:5f:16:c7:62:42:
                    93:d5:f8:25:a4:92:8d:2b:75:81:0b:1c:9e:67:25:
                    5e:37:2a:80:63:17:7b:65:8a:3c:fc:a6:4b:6f:a4:
                    2c:69:4f:81:40:63:70:ff:16:54:bc:30:c9:96:24:
                    fb:7e:ff:65:7e:c7:7d:3a:48:d1:eb:22:b8:76:ec:
                    1f:72:cb:dc:af:11:29:60:ca:72:ee:93:91:c0:26:
                    1c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:47:7F:9B:6F:BC:C2:13:DA:4F:DC:2C:90:C7:94:C9:9D:9E:57:A8
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39392e302f32342d3234203d3e203239353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:51:60:22:95:d2:45:89:29:bb:25:5d:6b:24:44:1a:dc:5a:
         ac:2b:f6:c8:c1:d9:3e:27:d3:67:b4:f4:9c:f2:d6:f2:bd:a8:
         23:56:98:f4:4a:1f:12:d9:d8:c9:b9:5d:be:f3:64:35:d4:95:
         7d:db:2e:64:11:0b:ce:c6:df:b0:7d:e3:1d:e1:32:8d:56:f4:
         84:ea:c6:74:d9:62:9d:ca:97:08:be:7e:06:b0:57:09:99:6a:
         10:9a:4c:4c:2d:0b:0e:65:b6:12:41:10:a7:85:c7:5d:30:e3:
         76:60:1c:31:53:76:1f:1f:ff:ee:85:5e:60:e4:13:44:19:1b:
         9d:81:1c:50:38:ca:f8:ed:69:49:04:f0:3f:f4:b4:b3:b6:c0:
         5a:e4:4a:98:7b:6f:87:0d:c6:9e:85:f0:3d:c6:f7:29:7a:4b:
         07:9f:05:81:85:af:a0:f0:10:09:f4:56:8a:d6:34:b5:6a:10:
         9d:20:9c:03:68:78:e3:84:24:41:48:20:5e:c4:bc:6f:15:8a:
         f2:2b:7f:a8:47:b7:0a:be:05:60:67:70:ae:eb:44:96:62:15:
         b2:1d:7f:51:1c:ea:8b:0d:74:07:fa:0f:7b:d0:63:f6:d5:58:
         06:34:86:71:11:21:ae:d4:ba:d6:cd:61:df:d9:2a:17:7c:b3:
         b6:0f:38:e1
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgITBzwmjgzlRhJSI+u4Jn1vUC3a0DANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg3MGNiZDdhOTgxN2U0NzAwMDljMGY0MGVhMWUzNzBhYTc5
YjVmZDkxMB4XDTI0MDIyMTE5MDAxM1oXDTI1MDIxOTE5MDUxM1owMzExMC8GA1UE
AxMoNTg0NzdGOUI2RkJDQzIxM0RBNEZEQzJDOTBDNzk0Qzk5RDlFNTdBODCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI1S8Ziy8zSgqGkGgqZIqj5DkY+x
GOkR0kfUXLgOHyN+Bt5ADQXpfgnilkeaU2ZxDCCvZ/PARkDMDfGjH4S3BY64Hv0x
hqZO/bnr4g2Sk2cRhjWC1Sr+u+uDGWGFq2BfEXMrE14DHHLEZ7fM3xZrqY83GyaI
1zLhZGfZGVxWcIa9DOtPyQGrbiXpsg41yvwwwjyOJTltk4pgVbY2IqFr6CD6duLx
7KgsyszE87XEdF8Wx2JCk9X4JaSSjSt1gQscnmclXjcqgGMXe2WKPPymS2+kLGlP
gUBjcP8WVLwwyZYk+37/ZX7HfTpI0esiuHbsH3LL3K8RKWDKcu6TkcAmHHkCAwEA
AaOCAjswggI3MB0GA1UdDgQWBBRYR3+bb7zCE9pP3CyQx5TJnZ5XqDAfBgNVHSME
GDAWgBRwy9epgX5HAAnA9A6h43CqebX9kTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9iNzMzMmFmMC1kZDczLTQ3NTUtOWQyMC02OTNlYTgyODlm
OGEvMC83MENCRDdBOTgxN0U0NzAwMDlDMEY0MEVBMUUzNzBBQTc5QjVGRDkxLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY012WHFZRi1Sd0FKd1BRT29lTndxbm0x
X1pFLmNlcjCBqwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9iNzMzMmFmMC1k
ZDczLTQ3NTUtOWQyMC02OTNlYTgyODlmOGEvMC8zNDM1MmUzMTMzMzcyZTM5Mzky
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzUzMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlj
MA0GCSqGSIb3DQEBCwUAA4IBAQCqUWAildJFiSm7JV1rJEQa3FqsK/bIwdk+J9Nn
tPSc8tbyvagjVpj0Sh8S2djJuV2+82Q11JV92y5kEQvOxt+wfeMd4TKNVvSE6sZ0
2WKdypcIvn4GsFcJmWoQmkxMLQsOZbYSQRCnhcddMON2YBwxU3YfH//uhV5g5BNE
GRudgRxQOMr47WlJBPA/9LSztsBa5EqYe2+HDcaehfA9xvcpeksHnwWBha+g8BAJ
9FaK1jS1ahCdIJwDaHjjhCRBSCBexLxvFYryK3+oR7cKvgVgZ3Cu60SWYhWyHX9R
HOqLDXQH+g970GP21VgGNIZxESGu1LrWzWHf2SoXfLO2Dzjh
-----END CERTIFICATE-----