Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa
File:                     34352e3135382e35372e302f32342d3234203d3e20323134393431.roa (raw, json)
Hash identifier:          Y3ydKdJahZz644X782Aa5i5FJjTpmE2zUy96j0LJels=
Subject key identifier:   22:ED:A8:C7:C8:C0:90:C6:21:0B:44:DC:4E:42:E1:B2:66:0D:54:D5
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7341063CE03CE9381FA9F3D97F90466320DE97E2
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa
Signing time:             Mon 21 Oct 2024 07:58:56 +0000
ROA not before:           Mon 21 Oct 2024 07:53:56 +0000
ROA not after:            Mon 20 Oct 2025 07:58:56 +0000
asID:                     214941
IP address blocks:        45.158.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:41:06:3c:e0:3c:e9:38:1f:a9:f3:d9:7f:90:46:63:20:de:97:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Oct 21 07:53:56 2024 GMT
            Not After : Oct 20 07:58:56 2025 GMT
        Subject: CN=22EDA8C7C8C090C6210B44DC4E42E1B2660D54D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:41:97:21:13:5d:1d:db:99:e6:d6:30:86:1a:
                    97:55:4e:a8:f3:c0:db:ca:da:be:2f:04:2e:d2:ff:
                    d6:ad:eb:a8:3c:7d:ae:3c:c2:11:0f:24:6a:53:44:
                    2d:a3:b3:75:2d:84:27:32:af:4e:a2:f2:ad:7f:4e:
                    bb:88:88:11:06:6f:fa:7a:85:e2:6a:88:62:65:c8:
                    84:bb:a1:87:57:07:1c:80:ef:67:94:f5:ac:46:e2:
                    ad:58:71:a1:bb:eb:e4:8e:08:0b:fa:6b:d8:c6:57:
                    0b:6a:ac:6e:18:4d:45:c7:21:47:df:b6:11:40:75:
                    b7:f4:4d:4d:f9:1b:cc:3a:e3:bc:ab:db:b7:c8:9c:
                    4b:42:61:97:c2:91:b3:02:42:08:60:98:0c:a0:29:
                    0c:7a:c3:25:fc:d5:50:39:f2:74:15:bf:91:ea:bb:
                    7e:ba:fe:ba:bf:d7:fd:3e:de:90:44:e7:c5:0c:48:
                    5c:05:59:c3:53:14:e1:86:8b:45:22:35:3b:34:37:
                    b3:ba:ca:48:dd:e8:f6:cc:c0:4c:03:1d:98:ba:15:
                    1b:39:d2:7a:7f:d7:f7:dd:98:bf:27:1c:f7:e5:67:
                    a2:2b:00:26:8e:e4:5b:fe:c2:f6:1b:ca:7a:c6:d8:
                    4d:46:d7:c0:c5:0d:3c:37:18:2b:4b:54:d1:c5:8c:
                    21:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:ED:A8:C7:C8:C0:90:C6:21:0B:44:DC:4E:42:E1:B2:66:0D:54:D5
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:93:fe:f4:55:ea:e0:2d:43:6f:de:6b:83:60:f4:53:67:5c:
         54:a0:b3:fd:57:0e:23:c8:c9:4f:68:ff:c2:87:84:b5:96:a6:
         d9:b4:a2:2d:d3:3e:4c:f9:78:a0:bf:c9:bd:eb:4f:0f:ce:c1:
         d0:5c:b8:6c:a0:0c:3f:c7:c2:1b:3b:b3:12:e2:13:40:b0:df:
         ff:58:19:71:02:12:84:77:6a:3e:73:4a:17:37:30:dc:cb:36:
         97:e7:d8:ea:08:11:83:e4:70:10:e2:91:7e:de:e7:82:08:d4:
         e8:fa:e9:ad:19:1f:5b:1e:fb:07:36:c7:d2:3c:3c:3d:63:a7:
         e8:99:fe:e5:d9:17:7c:49:35:75:1b:1e:9e:a3:8c:4a:dd:90:
         30:cb:cf:9d:94:11:d6:37:12:c5:d2:77:a2:90:11:ce:51:53:
         9f:99:c1:aa:5b:7d:37:16:16:93:d5:60:89:5f:21:ce:0c:b1:
         7b:00:57:c6:fb:21:06:b6:f6:da:a7:85:05:2a:34:03:0f:4f:
         58:4f:71:88:5d:55:4e:85:c3:8c:02:c0:60:1e:a7:4c:2c:ac:
         c9:c5:8b:cd:83:04:5c:d5:56:e6:9b:c6:24:9a:a8:70:38:90:
         39:7c:dd:f0:58:53:7c:03:7d:a7:dc:23:7e:a3:e6:27:17:b5:
         ec:47:ea:bf
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUc0EGPOA86TgfqfPZf5BGYyDel+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDEwMjEwNzUzNTZaFw0yNTEwMjAwNzU4NTZaMDMxMTAvBgNV
BAMTKDIyRURBOEM3QzhDMDkwQzYyMTBCNDREQzRFNDJFMUIyNjYwRDU0RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtQZchE10d25nm1jCGGpdVTqjz
wNvK2r4vBC7S/9at66g8fa48whEPJGpTRC2js3UthCcyr06i8q1/TruIiBEGb/p6
heJqiGJlyIS7oYdXBxyA72eU9axG4q1YcaG76+SOCAv6a9jGVwtqrG4YTUXHIUff
thFAdbf0TU35G8w647yr27fInEtCYZfCkbMCQghgmAygKQx6wyX81VA58nQVv5Hq
u366/rq/1/0+3pBE58UMSFwFWcNTFOGGi0UiNTs0N7O6ykjd6PbMwEwDHZi6FRs5
0np/1/fdmL8nHPflZ6IrACaO5Fv+wvYbynrG2E1G18DFDTw3GCtLVNHFjCEPAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUIu2ox8jAkMYhC0TcTkLhsmYNVNUwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM0MzkzNDMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZ45MA0GCSqGSIb3DQEBCwUAA4IBAQCnk/70VergLUNv3muDYPRTZ1xUoLP9Vw4j
yMlPaP/Ch4S1lqbZtKIt0z5M+Xigv8m9608PzsHQXLhsoAw/x8IbO7MS4hNAsN//
WBlxAhKEd2o+c0oXNzDcyzaX59jqCBGD5HAQ4pF+3ueCCNTo+umtGR9bHvsHNsfS
PDw9Y6fomf7l2Rd8STV1Gx6eo4xK3ZAwy8+dlBHWNxLF0neikBHOUVOfmcGqW303
FhaT1WCJXyHODLF7AFfG+yEGtvbap4UFKjQDD09YT3GIXVVOhcOMAsBgHqdMLKzJ
xYvNgwRc1Vbmm8YkmqhwOJA5fN3wWFN8A32n3CN+o+YnF7XsR+q/
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:43 2024 by rpki-client on console-ams.rpki-client.org