Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa
File:                     34352e31332e3135302e302f32342d3234203d3e20323132363039.roa (raw, json)
Hash identifier:          03imVqN1CAZxNDHZRsUAKc5jejuJaIJ5bwDbOPrbdqA=
Subject key identifier:   41:DE:59:76:02:32:F9:5E:C6:F2:D8:F1:13:B9:8F:5D:B2:48:B2:C0
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1EAB74787401B65EDBFE9B8B4C937DA19339A3E7
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa
Signing time:             Thu 06 Jun 2024 16:29:54 +0000
ROA not before:           Thu 06 Jun 2024 16:24:54 +0000
ROA not after:            Thu 05 Jun 2025 16:29:54 +0000
asID:                     212609
IP address blocks:        45.13.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:ab:74:78:74:01:b6:5e:db:fe:9b:8b:4c:93:7d:a1:93:39:a3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:24:54 2024 GMT
            Not After : Jun  5 16:29:54 2025 GMT
        Subject: CN=41DE59760232F95EC6F2D8F113B98F5DB248B2C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:e8:be:60:ac:3b:73:57:b1:96:6d:2c:c8:
                    bc:53:40:dd:f4:fd:a1:f8:2e:0c:9d:de:ea:3d:13:
                    69:fd:dd:5b:3c:d0:9a:67:b9:72:e5:7a:a2:4f:80:
                    d3:72:5a:74:d1:67:4f:20:ab:25:0e:19:b6:9d:21:
                    54:ad:f6:15:56:38:85:9c:19:9f:43:7a:c0:b9:76:
                    5c:f6:c4:f6:d6:29:9c:9e:9c:6b:1e:04:e2:6f:26:
                    83:0d:a9:b5:e1:31:10:a2:3d:c2:b1:01:b9:25:20:
                    5c:c6:70:10:61:11:01:87:b2:99:ea:c5:6d:b3:ce:
                    dc:20:f8:c9:4d:c8:d8:44:26:f7:1a:fc:cb:01:fc:
                    61:bf:db:16:ad:8d:24:49:a9:46:82:4b:40:d1:19:
                    f5:62:91:8e:0d:75:62:54:5a:da:03:6d:3e:8e:64:
                    a1:27:00:d4:95:6a:06:30:8d:e2:80:d2:5b:06:95:
                    30:9f:b8:e3:fa:63:1e:a2:7b:ff:64:da:26:9f:ec:
                    2d:a1:cb:e6:3b:9c:87:41:66:fd:ef:f3:37:37:6b:
                    52:36:8c:e4:3a:7d:08:1c:8d:d2:73:75:55:79:e5:
                    36:82:be:e0:46:76:96:9c:80:16:2a:a7:ba:1a:8c:
                    dc:16:6c:16:e0:87:bb:b1:af:ca:3e:e8:41:45:7d:
                    2b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DE:59:76:02:32:F9:5E:C6:F2:D8:F1:13:B9:8F:5D:B2:48:B2:C0
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135302e302f32342d3234203d3e20323132363039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:fd:9c:df:41:f3:5b:39:29:81:ee:20:d5:0d:b1:c1:26:8e:
         80:e0:c3:66:99:8b:14:a0:3c:ea:be:5d:3b:95:6b:62:e7:c8:
         cb:b5:83:41:cb:a2:b6:5a:dd:c1:4c:38:92:e2:4b:94:81:24:
         3d:5f:49:25:b0:8b:fa:1e:83:b2:b1:2c:2b:39:d0:84:42:fe:
         19:7a:b7:b4:d0:05:46:c6:e3:3c:20:f9:7b:34:2e:6d:d3:f2:
         6d:c1:65:5d:5f:ee:b4:64:86:91:c6:b5:d9:12:5b:fd:e7:cd:
         c5:27:1e:c0:22:61:d1:56:c2:20:dd:27:1c:68:64:31:17:48:
         02:94:19:a4:07:08:a9:e0:0a:1e:5c:e3:de:e4:3d:f1:66:f7:
         a7:09:5c:53:7d:25:06:8a:55:1e:69:e3:b0:6d:c3:13:2b:71:
         67:32:55:9f:be:50:d2:7a:5e:98:80:25:52:e1:7a:33:06:13:
         9c:02:a6:45:e5:09:9c:dc:2b:86:7d:bc:bd:6a:53:e3:ac:0f:
         f6:13:b2:29:2f:ce:47:0f:46:e5:d6:67:f0:b6:07:b9:50:14:
         14:b0:52:29:3c:50:68:89:b1:22:e2:9d:43:8a:90:db:45:46:
         44:2e:9c:ba:f7:80:e7:04:c5:c9:14:d7:ee:62:ab:8f:32:d1:
         6f:84:a1:22
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUHqt0eHQBtl7b/puLTJN9oZM5o+cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjI0NTRaFw0yNTA2MDUxNjI5NTRaMDMxMTAvBgNV
BAMTKDQxREU1OTc2MDIzMkY5NUVDNkYyRDhGMTEzQjk4RjVEQjI0OEIyQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1wui+YKw7c1exlm0syLxTQN30
/aH4Lgyd3uo9E2n93Vs80JpnuXLleqJPgNNyWnTRZ08gqyUOGbadIVSt9hVWOIWc
GZ9DesC5dlz2xPbWKZyenGseBOJvJoMNqbXhMRCiPcKxAbklIFzGcBBhEQGHspnq
xW2zztwg+MlNyNhEJvca/MsB/GG/2xatjSRJqUaCS0DRGfVikY4NdWJUWtoDbT6O
ZKEnANSVagYwjeKA0lsGlTCfuOP6Yx6ie/9k2iaf7C2hy+Y7nIdBZv3v8zc3a1I2
jOQ6fQgcjdJzdVV55TaCvuBGdpacgBYqp7oajNwWbBbgh7uxr8o+6EFFfSs9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUQd5ZdgIy+V7G8tjxE7mPXbJIssAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzYzMDM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LQ2WMA0GCSqGSIb3DQEBCwUAA4IBAQA9/ZzfQfNbOSmB7iDVDbHBJo6A4MNmmYsU
oDzqvl07lWti58jLtYNBy6K2Wt3BTDiS4kuUgSQ9X0klsIv6HoOysSwrOdCEQv4Z
ere00AVGxuM8IPl7NC5t0/JtwWVdX+60ZIaRxrXZElv9583FJx7AImHRVsIg3Scc
aGQxF0gClBmkBwip4AoeXOPe5D3xZvenCVxTfSUGilUeaeOwbcMTK3FnMlWfvlDS
el6YgCVS4XozBhOcAqZF5Qmc3CuGfby9alPjrA/2E7IpL85HD0bl1mfwtge5UBQU
sFIpPFBoibEi4p1DipDbRUZELpy694DnBMXJFNfuYquPMtFvhKEi
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org