Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa
File:                     34352e36362e3134382e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          ma4p5n6JH0oJh+6VWTzapcFLY0gy6kDdq6Pdj+L3vJY=
Subject key identifier:   90:41:3E:EF:08:9D:F2:05:E9:54:92:47:A0:2D:A8:D4:8D:83:E8:38
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       48BC69290F2741173B9AE9F2989C1D67320E8640
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 06 Jun 2024 16:22:37 +0000
ROA not before:           Thu 06 Jun 2024 16:17:37 +0000
ROA not after:            Thu 05 Jun 2025 16:22:37 +0000
asID:                     61317
IP address blocks:        45.66.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:bc:69:29:0f:27:41:17:3b:9a:e9:f2:98:9c:1d:67:32:0e:86:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:17:37 2024 GMT
            Not After : Jun  5 16:22:37 2025 GMT
        Subject: CN=90413EEF089DF205E9549247A02DA8D48D83E838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:0e:07:d9:15:c8:ea:31:a6:d1:b4:eb:9f:
                    c8:4e:c9:16:32:38:df:77:3d:af:7c:5b:43:05:3e:
                    75:cf:8b:00:fe:96:65:50:41:04:79:0b:5e:27:aa:
                    e1:73:09:dc:46:9b:18:dc:57:6d:35:b9:6d:d0:41:
                    c8:90:49:10:e4:c4:7e:34:20:8d:b9:a7:d6:0b:da:
                    2e:d2:e4:4d:34:aa:00:6b:dc:91:9b:5d:f5:d9:e3:
                    e1:b4:e5:b3:6f:36:3f:fd:21:ab:51:0e:d3:44:e5:
                    68:31:53:05:f7:d9:0d:33:d4:87:9a:08:7f:96:52:
                    bc:fa:19:a3:69:e6:8a:c6:8f:2d:d0:46:37:58:c5:
                    5d:53:62:ee:02:53:0d:31:1a:17:50:d3:78:06:e2:
                    0b:15:95:ba:9e:2a:46:3d:a1:16:2c:9f:28:75:af:
                    8d:a0:a4:aa:b7:60:fd:04:70:7c:e6:0c:8d:7a:4c:
                    99:ab:58:30:18:aa:ca:db:d8:48:68:31:7d:4a:c5:
                    9b:71:1b:17:8b:5a:eb:ab:ba:ff:db:06:15:f7:9a:
                    15:2b:38:c6:b7:b5:ae:75:dd:ac:c4:e5:f6:38:ce:
                    17:6b:f3:ff:f2:4b:d3:1f:cf:5a:2c:b7:14:b1:1d:
                    0a:4e:1c:6b:73:a4:94:d8:5e:cd:a9:4d:1a:86:52:
                    92:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:41:3E:EF:08:9D:F2:05:E9:54:92:47:A0:2D:A8:D4:8D:83:E8:38
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134382e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:03:70:f6:30:70:83:f7:63:e0:9b:c5:eb:c7:82:13:87:6e:
         60:07:78:5e:3d:ae:22:b9:b0:20:f4:f8:57:fa:fa:27:7d:5c:
         a8:f3:2d:ae:a0:2a:28:2a:c4:67:d8:bc:bc:af:93:5a:51:79:
         7c:8b:16:bb:58:bd:53:19:77:a2:13:61:2f:1a:9c:22:da:c1:
         ae:34:35:f6:f4:1b:92:4c:5a:1e:93:83:ee:8c:80:54:e0:aa:
         cd:01:67:57:f0:96:ad:95:d8:12:04:a3:fc:25:25:43:87:0b:
         e5:66:c5:19:0b:8b:8a:1c:5b:ed:b3:3f:de:0f:e9:25:a4:9e:
         8c:d3:86:08:10:81:0d:bb:91:d7:48:65:3c:69:b8:6f:fd:5a:
         7c:6e:02:79:8d:65:88:0c:df:9f:45:07:d2:9c:bf:3d:f4:91:
         28:55:d2:8d:8b:0d:cd:f6:41:f9:a6:b0:8c:3d:32:08:a4:f3:
         55:b5:a9:3d:d4:ae:27:b5:ed:9f:84:ce:85:5e:35:75:f2:fb:
         44:ec:45:92:f5:72:3c:4a:66:b1:58:72:3e:ee:a2:fb:83:94:
         ed:f4:e3:d2:33:8f:e2:b4:41:e9:cb:45:4a:5b:11:12:73:1e:
         d3:53:45:40:61:e6:3f:b7:42:77:c7:48:3c:85:7b:78:65:52:
         67:fa:b7:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSLxpKQ8nQRc7munymJwdZzIOhkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE3MzdaFw0yNTA2MDUxNjIyMzdaMDMxMTAvBgNV
BAMTKDkwNDEzRUVGMDg5REYyMDVFOTU0OTI0N0EwMkRBOEQ0OEQ4M0U4MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVVg4H2RXI6jGm0bTrn8hOyRYy
ON93Pa98W0MFPnXPiwD+lmVQQQR5C14nquFzCdxGmxjcV201uW3QQciQSRDkxH40
II25p9YL2i7S5E00qgBr3JGbXfXZ4+G05bNvNj/9IatRDtNE5WgxUwX32Q0z1Iea
CH+WUrz6GaNp5orGjy3QRjdYxV1TYu4CUw0xGhdQ03gG4gsVlbqeKkY9oRYsnyh1
r42gpKq3YP0EcHzmDI16TJmrWDAYqsrb2EhoMX1KxZtxGxeLWuuruv/bBhX3mhUr
OMa3ta513azE5fY4zhdr8//yS9Mfz1ostxSxHQpOHGtzpJTYXs2pTRqGUpJpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkEE+7wid8gXpVJJHoC2o1I2D6DgwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzYzNjJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
lDANBgkqhkiG9w0BAQsFAAOCAQEAegNw9jBwg/dj4JvF68eCE4duYAd4Xj2uIrmw
IPT4V/r6J31cqPMtrqAqKCrEZ9i8vK+TWlF5fIsWu1i9Uxl3ohNhLxqcItrBrjQ1
9vQbkkxaHpOD7oyAVOCqzQFnV/CWrZXYEgSj/CUlQ4cL5WbFGQuLihxb7bM/3g/p
JaSejNOGCBCBDbuR10hlPGm4b/1afG4CeY1liAzfn0UH0py/PfSRKFXSjYsNzfZB
+aawjD0yCKTzVbWpPdSuJ7Xtn4TOhV41dfL7ROxFkvVyPEpmsVhyPu6i+4OU7fTj
0jOP4rRB6ctFSlsREnMe01NFQGHmP7dCd8dIPIV7eGVSZ/q30Q==
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org