Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137332e302f32342d3234203d3e20323130353338.roa
File:                     34352e38372e3137332e302f32342d3234203d3e20323130353338.roa (raw, json)
Hash identifier:          62DFG4srLKcvOGC0sRfXWzTEjRtUC7j07+IJGbcd0AY=
Subject key identifier:   76:6C:D1:5F:1A:5C:3B:46:D0:76:74:92:04:81:D1:14:3F:C1:61:DB
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       1971E63F9543C015A91D7429EEBB641753F56008
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137332e302f32342d3234203d3e20323130353338.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     210538
IP address blocks:        45.87.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:71:e6:3f:95:43:c0:15:a9:1d:74:29:ee:bb:64:17:53:f5:60:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=766CD15F1A5C3B46D07674920481D1143FC161DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ac:b2:00:67:87:1a:65:ea:17:ad:ba:f0:16:
                    f9:99:38:6c:41:d5:3b:db:44:4f:01:d8:14:95:e0:
                    c9:a8:81:21:1f:26:01:13:7e:89:7d:69:02:d1:b1:
                    c2:b4:c2:11:ff:04:01:22:c6:b5:95:18:26:ae:1e:
                    82:8f:24:5c:8b:34:bb:a1:d6:a3:fd:57:02:0e:7e:
                    29:a0:0b:c6:34:33:5c:33:5a:24:30:68:e3:fa:fa:
                    83:42:8e:b8:11:f8:00:78:a3:fd:69:aa:1f:c3:d4:
                    01:5e:c9:f7:ca:5c:ec:e9:cc:bf:af:5f:e3:e8:94:
                    b8:4e:81:35:ac:d6:d4:c8:ba:c5:b0:0e:78:24:6e:
                    78:d3:da:73:65:ec:c0:c4:0a:dd:f2:77:81:2a:9d:
                    cb:60:e3:9f:b0:56:57:70:af:fd:49:86:25:13:2e:
                    56:ce:29:2f:cd:20:70:04:20:1d:ae:eb:3c:91:82:
                    c7:95:eb:fa:7b:42:f4:8a:54:65:7b:9d:aa:7d:5f:
                    f1:f4:3b:0e:f3:d2:79:2f:6b:92:75:bb:07:4c:08:
                    04:67:ec:c3:7a:fe:4b:70:43:3b:f8:b1:f6:87:04:
                    f4:9b:ae:b0:a0:60:fc:dd:5d:91:2f:1e:91:e1:d8:
                    c1:05:66:48:c5:90:b0:70:6a:ce:5d:65:eb:0c:a9:
                    d5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6C:D1:5F:1A:5C:3B:46:D0:76:74:92:04:81:D1:14:3F:C1:61:DB
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137332e302f32342d3234203d3e20323130353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:19:10:69:61:f5:fa:58:e4:a8:9b:2e:07:2f:69:1f:d6:36:
         62:13:27:20:0e:36:98:a5:5f:b0:2d:95:0d:40:5e:03:75:91:
         f7:13:08:d3:f9:fd:f5:e4:2d:77:07:ac:a1:f7:15:7d:c7:8a:
         bb:a1:95:62:03:c5:7f:c4:56:f3:9a:a1:8d:53:4b:4b:e2:cf:
         db:e0:ba:9b:74:37:c8:de:d6:a4:43:5d:fd:1a:dc:02:8e:da:
         da:22:29:9c:b2:40:a8:75:e3:10:8a:ef:f4:8f:79:3f:e1:f5:
         b8:e2:50:96:9d:22:7b:c4:45:61:00:5d:33:b6:17:fa:f7:19:
         35:8e:af:5e:58:af:8d:29:6a:26:e3:77:dd:76:ba:cc:24:5c:
         d2:75:82:57:cc:1e:1f:ef:48:71:53:be:07:af:94:52:3e:b8:
         b6:6c:c1:88:ab:66:87:76:df:cc:66:12:c5:45:08:38:c0:aa:
         e6:76:02:51:d4:be:c6:cf:03:d1:98:c7:58:55:b4:33:09:e0:
         09:b1:12:25:7a:96:0b:51:b5:6a:ff:26:3d:08:a0:f8:58:78:
         3e:8e:23:e2:01:5a:a3:aa:8c:f3:e7:54:2b:75:ae:bf:c0:9f:
         08:12:8f:78:7c:39:0f:7a:45:4b:a6:d0:89:da:5d:24:2a:59:
         35:d0:da:d7
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGXHmP5VDwBWpHXQp7rtkF1P1YAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTNaFw0yNTAyMTkxOTA1MTNaMDMxMTAvBgNV
BAMTKDc2NkNEMTVGMUE1QzNCNDZEMDc2NzQ5MjA0ODFEMTE0M0ZDMTYxREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjrLIAZ4caZeoXrbrwFvmZOGxB
1TvbRE8B2BSV4MmogSEfJgETfol9aQLRscK0whH/BAEixrWVGCauHoKPJFyLNLuh
1qP9VwIOfimgC8Y0M1wzWiQwaOP6+oNCjrgR+AB4o/1pqh/D1AFeyffKXOzpzL+v
X+PolLhOgTWs1tTIusWwDngkbnjT2nNl7MDECt3yd4Eqnctg45+wVldwr/1JhiUT
LlbOKS/NIHAEIB2u6zyRgseV6/p7QvSKVGV7nap9X/H0Ow7z0nkva5J1uwdMCARn
7MN6/ktwQzv4sfaHBPSbrrCgYPzdXZEvHpHh2MEFZkjFkLBwas5dZesMqdWBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUdmzRXxpcO0bQdnSSBIHRFD/BYdswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMwMzUzMzM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LVetMA0GCSqGSIb3DQEBCwUAA4IBAQCLGRBpYfX6WOSomy4HL2kf1jZiEycgDjaY
pV+wLZUNQF4DdZH3EwjT+f315C13B6yh9xV9x4q7oZViA8V/xFbzmqGNU0tL4s/b
4LqbdDfI3takQ139GtwCjtraIimcskCodeMQiu/0j3k/4fW44lCWnSJ7xEVhAF0z
thf69xk1jq9eWK+NKWom43fddrrMJFzSdYJXzB4f70hxU74Hr5RSPri2bMGIq2aH
dt/MZhLFRQg4wKrmdgJR1L7GzwPRmMdYVbQzCeAJsRIlepYLUbVq/yY9CKD4WHg+
jiPiAVqjqozz51Qrda6/wJ8IEo94fDkPekVLptCJ2l0kKlk10NrX
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:01 2024 by rpki-client on console-fra.rpki-client.org