Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135312e302f32342d3234203d3e20323135373033.roa
File:                     34352e31332e3135312e302f32342d3234203d3e20323135373033.roa (raw, json)
Hash identifier:          tXqsBStUOKpsMRNMhIX/Yl4pnwL4KWWw5e6/6GhPLvU=
Subject key identifier:   F7:01:BA:8C:41:DB:D9:5E:88:17:3D:55:17:20:5B:64:03:F1:AE:40
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       601619FB1EEBA29C8577B4E26B3BF571540E32A7
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135312e302f32342d3234203d3e20323135373033.roa
Signing time:             Thu 06 Jun 2024 16:29:42 +0000
ROA not before:           Thu 06 Jun 2024 16:24:42 +0000
ROA not after:            Thu 05 Jun 2025 16:29:42 +0000
asID:                     215703
IP address blocks:        45.13.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:16:19:fb:1e:eb:a2:9c:85:77:b4:e2:6b:3b:f5:71:54:0e:32:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:24:42 2024 GMT
            Not After : Jun  5 16:29:42 2025 GMT
        Subject: CN=F701BA8C41DBD95E88173D5517205B6403F1AE40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4d:5f:68:59:b0:16:25:bd:e2:2d:22:a7:2d:
                    12:4a:a0:de:85:5b:fd:f2:ba:65:eb:1b:2e:a4:bc:
                    ce:e2:fc:6b:b7:95:53:50:ba:4b:62:f4:f4:03:67:
                    4e:9d:68:6c:02:bf:a3:2c:18:e8:e7:82:8e:23:cb:
                    e0:2e:f5:5f:68:8d:99:f3:b5:8e:c9:73:23:c0:07:
                    37:02:4f:60:ba:97:0f:61:d1:17:43:cc:b6:ec:26:
                    89:f8:fa:4f:36:f9:61:4a:b8:12:18:2e:c6:88:a0:
                    ee:58:58:5d:af:6b:a2:11:1f:83:97:42:2f:f8:c3:
                    9e:d1:b5:bc:83:1d:87:99:64:48:6e:0f:07:34:32:
                    2f:fb:13:96:d6:b7:f9:55:35:1d:80:e0:a1:d2:88:
                    15:69:68:76:59:ed:63:ba:29:dd:3f:0c:a2:f9:a0:
                    39:1d:2b:57:98:f7:f8:00:25:c0:ba:fe:88:47:d2:
                    3e:8e:20:d1:f9:d2:49:2d:cd:95:ff:2b:3f:d9:76:
                    2b:49:c2:78:fe:79:82:b4:a3:fb:bf:b3:bd:5e:ef:
                    8c:e5:eb:0a:08:c3:16:2f:25:23:bd:61:d0:c5:dd:
                    00:21:cd:d1:00:0b:f2:b4:6d:75:d1:e2:0f:93:97:
                    24:4f:a8:81:98:1f:40:0b:86:de:09:ab:3a:34:6c:
                    8b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:01:BA:8C:41:DB:D9:5E:88:17:3D:55:17:20:5B:64:03:F1:AE:40
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3135312e302f32342d3234203d3e20323135373033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0d:21:3b:bd:6a:86:3c:7a:f2:85:29:ef:81:78:6d:ac:5d:
         89:0f:f0:54:81:c5:ea:c9:4d:65:9c:82:46:c0:4f:9f:cc:23:
         11:d8:d3:1c:7e:d7:b2:2c:5b:89:4a:8c:ab:1d:87:0d:1a:af:
         8a:d8:0d:b4:61:40:15:e1:01:bf:f1:1e:ad:e2:1f:42:a5:38:
         ce:8a:c6:a4:e0:90:1c:f9:7a:cf:cf:fa:15:10:2b:57:52:ba:
         03:d9:ee:89:a0:34:e1:64:ea:de:8d:83:05:91:cc:69:49:77:
         ce:32:72:d8:5d:f4:3c:c7:92:1c:8e:54:a8:aa:3e:a7:09:7d:
         eb:01:fa:5c:dd:33:dd:67:b0:c8:6d:0b:82:cc:4b:29:72:3d:
         2f:40:d9:ea:46:4e:64:73:98:7a:91:a6:3c:fb:56:b2:49:37:
         ff:cf:79:d0:51:a2:31:1e:13:68:80:fc:ca:01:b9:6e:2b:22:
         b2:6e:48:42:29:f4:a7:47:71:3c:7b:82:f7:a9:f9:d6:f9:46:
         14:db:95:be:eb:3b:7f:5a:5a:b5:d7:2f:5c:2a:61:d1:d3:1b:
         bc:ff:96:fe:a2:3b:cc:66:d1:44:b9:57:84:b3:ba:10:9b:89:
         38:cb:24:32:a1:d1:60:fb:cd:64:5e:1a:16:f8:af:a7:f3:d5:
         eb:39:b6:bd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUYBYZ+x7ropyFd7Tiazv1cVQOMqcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjI0NDJaFw0yNTA2MDUxNjI5NDJaMDMxMTAvBgNV
BAMTKEY3MDFCQThDNDFEQkQ5NUU4ODE3M0Q1NTE3MjA1QjY0MDNGMUFFNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNTV9oWbAWJb3iLSKnLRJKoN6F
W/3yumXrGy6kvM7i/Gu3lVNQukti9PQDZ06daGwCv6MsGOjngo4jy+Au9V9ojZnz
tY7JcyPABzcCT2C6lw9h0RdDzLbsJon4+k82+WFKuBIYLsaIoO5YWF2va6IRH4OX
Qi/4w57RtbyDHYeZZEhuDwc0Mi/7E5bWt/lVNR2A4KHSiBVpaHZZ7WO6Kd0/DKL5
oDkdK1eY9/gAJcC6/ohH0j6OINH50kktzZX/Kz/ZditJwnj+eYK0o/u/s71e74zl
6woIwxYvJSO9YdDF3QAhzdEAC/K0bXXR4g+TlyRPqIGYH0ALht4Jqzo0bIt7AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU9wG6jEHb2V6IFz1VFyBbZAPxrkAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM1MzczMDMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LQ2XMA0GCSqGSIb3DQEBCwUAA4IBAQAQDSE7vWqGPHryhSnvgXhtrF2JD/BUgcXq
yU1lnIJGwE+fzCMR2NMcfteyLFuJSoyrHYcNGq+K2A20YUAV4QG/8R6t4h9CpTjO
isak4JAc+XrPz/oVECtXUroD2e6JoDThZOrejYMFkcxpSXfOMnLYXfQ8x5IcjlSo
qj6nCX3rAfpc3TPdZ7DIbQuCzEspcj0vQNnqRk5kc5h6kaY8+1aySTf/z3nQUaIx
HhNogPzKAbluKyKybkhCKfSnR3E8e4L3qfnW+UYU25W+6zt/Wlq11y9cKmHR0xu8
/5b+ojvMZtFEuVeEs7oQm4k4yyQyodFg+81kXhoW+K+n89XrOba9
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:46:58 2024 by rpki-client on console-fra.rpki-client.org