Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323131343339.roa
File:                     34352e38312e35392e302f32342d3234203d3e20323131343339.roa (raw, json)
Hash identifier:          Y0ZApSmGCRch+djTYBN+U0p8LaOUa+NCEgyRR8hvTcU=
Subject key identifier:   B0:48:89:B2:7A:A0:5A:20:36:36:33:A1:ED:F9:94:C5:3A:ED:49:E6
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       4122A7DDE94ADC660CA56D308CF8A4873AA3569C
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323131343339.roa
Signing time:             Wed 25 Dec 2024 15:53:48 +0000
ROA not before:           Wed 25 Dec 2024 15:48:48 +0000
ROA not after:            Wed 24 Dec 2025 15:53:48 +0000
asID:                     211439
IP address blocks:        45.81.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:22:a7:dd:e9:4a:dc:66:0c:a5:6d:30:8c:f8:a4:87:3a:a3:56:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Dec 25 15:48:48 2024 GMT
            Not After : Dec 24 15:53:48 2025 GMT
        Subject: CN=B04889B27AA05A20363633A1EDF994C53AED49E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d3:7a:97:49:41:ec:90:c6:40:a0:81:b2:44:
                    76:ba:36:6b:2a:cf:56:97:d9:c5:3e:00:01:3e:77:
                    f5:c0:4b:5e:cc:a0:46:d2:ea:e1:b8:4e:5b:01:37:
                    f1:90:28:35:24:d6:d7:ad:09:97:3f:5e:b3:55:ec:
                    96:08:83:c3:ca:c6:70:9f:82:8e:dd:11:c1:1f:20:
                    f8:06:87:6b:d6:1c:76:81:a1:01:10:96:a0:86:f8:
                    01:a8:fa:d4:6a:6f:28:3f:35:dd:4f:46:81:09:9a:
                    76:d6:b5:8b:8b:7a:15:62:9c:8b:73:a0:a2:8b:ff:
                    28:65:76:64:5a:47:1d:41:c2:13:6d:81:9c:e9:ea:
                    17:36:cb:80:d6:a0:8b:da:f0:4e:fb:40:22:d0:db:
                    76:da:fe:6e:97:b3:45:f7:62:40:e4:20:02:a5:6f:
                    f8:3d:83:f5:38:be:a7:e3:1e:6e:44:dd:41:69:88:
                    a6:65:94:c6:76:ae:86:86:a1:36:51:7b:50:28:c5:
                    57:f6:23:bb:26:9e:46:7f:5d:87:c1:5f:d6:8b:53:
                    ac:cc:b8:69:45:7a:4b:58:4f:72:dc:69:80:d0:78:
                    c4:16:a5:ff:49:e3:09:4d:79:72:16:c0:84:c3:d0:
                    39:d7:59:b0:d7:38:ab:aa:64:f5:90:b2:bb:d8:b0:
                    75:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:48:89:B2:7A:A0:5A:20:36:36:33:A1:ED:F9:94:C5:3A:ED:49:E6
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323131343339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0d:69:6e:4b:d3:84:7b:31:1a:51:b4:66:ce:4f:fa:08:7c:
         19:e6:45:a5:68:42:35:9e:2e:fe:63:52:1a:66:5e:9a:28:67:
         93:7d:91:24:e3:73:c2:63:00:22:60:c1:45:11:04:20:e6:5a:
         75:e7:ee:48:1a:23:cd:06:ef:01:05:68:09:83:ef:cc:e0:df:
         f9:ff:9a:33:a4:78:ce:e8:7b:24:e8:7d:73:8b:49:28:21:a4:
         ee:4f:b2:67:f9:40:d2:cf:70:54:b0:cf:74:b3:48:37:57:f0:
         c5:3a:69:50:5e:61:58:ba:a8:b9:1a:50:9f:a5:64:68:63:b2:
         05:fc:13:39:32:ad:94:cc:43:40:f9:97:24:54:4f:71:39:ed:
         38:00:53:c2:fc:e6:63:4d:8e:73:2f:6d:90:c2:c3:57:e5:7e:
         4f:8c:62:e9:c9:5e:27:63:75:cb:00:4a:ec:57:f1:3d:5c:69:
         d4:71:0c:51:58:25:44:ef:0d:27:c8:a4:7c:33:1d:49:ea:eb:
         98:bb:77:86:c6:74:b1:55:0f:fa:ee:7a:0e:04:96:36:54:3b:
         dc:a2:ed:48:19:62:ac:c1:73:e0:a1:ad:be:ca:81:22:64:9a:
         24:3f:ca:52:52:3b:3e:bf:cb:d5:84:93:b3:28:31:cb:97:53:
         b1:0e:f5:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQSKn3elK3GYMpW0wjPikhzqjVpwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNDEyMjUxNTQ4NDhaFw0yNTEyMjQxNTUzNDhaMDMxMTAvBgNV
BAMTKEIwNDg4OUIyN0FBMDVBMjAzNjM2MzNBMUVERjk5NEM1M0FFRDQ5RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC403qXSUHskMZAoIGyRHa6Nmsq
z1aX2cU+AAE+d/XAS17MoEbS6uG4TlsBN/GQKDUk1tetCZc/XrNV7JYIg8PKxnCf
go7dEcEfIPgGh2vWHHaBoQEQlqCG+AGo+tRqbyg/Nd1PRoEJmnbWtYuLehVinItz
oKKL/yhldmRaRx1BwhNtgZzp6hc2y4DWoIva8E77QCLQ23ba/m6Xs0X3YkDkIAKl
b/g9g/U4vqfjHm5E3UFpiKZllMZ2roaGoTZRe1AoxVf2I7smnkZ/XYfBX9aLU6zM
uGlFektYT3LcaYDQeMQWpf9J4wlNeXIWwITD0DnXWbDXOKuqZPWQsrvYsHXNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsEiJsnqgWiA2NjOh7fmUxTrtSeYwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM0MzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OzANBgkqhkiG9w0BAQsFAAOCAQEACw1pbkvThHsxGlG0Zs5P+gh8GeZFpWhCNZ4u
/mNSGmZemihnk32RJONzwmMAImDBRREEIOZadefuSBojzQbvAQVoCYPvzODf+f+a
M6R4zuh7JOh9c4tJKCGk7k+yZ/lA0s9wVLDPdLNIN1fwxTppUF5hWLqouRpQn6Vk
aGOyBfwTOTKtlMxDQPmXJFRPcTntOABTwvzmY02Ocy9tkMLDV+V+T4xi6cleJ2N1
ywBK7FfxPVxp1HEMUVglRO8NJ8ikfDMdSerrmLt3hsZ0sVUP+u56DgSWNlQ73KLt
SBlirMFz4KGtvsqBImSaJD/KUlI7Pr/L1YSTsygxy5dTsQ71bA==
-----END CERTIFICATE-----