Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa
File:                     34352e36362e3134392e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          8vLHE3SnwQ+AijG4/w8Tkn706DRsn9D4+gKtDbOEioA=
Subject key identifier:   B0:3D:EB:18:E3:1A:DF:61:77:20:DF:74:2A:7D:9D:91:33:C5:B2:4D
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       475D3A01489D37C440D0E69BF4514FDE743B5CA8
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 06 Jun 2024 16:30:06 +0000
ROA not before:           Thu 06 Jun 2024 16:25:06 +0000
ROA not after:            Thu 05 Jun 2025 16:30:06 +0000
asID:                     212238
IP address blocks:        45.66.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:5d:3a:01:48:9d:37:c4:40:d0:e6:9b:f4:51:4f:de:74:3b:5c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:25:06 2024 GMT
            Not After : Jun  5 16:30:06 2025 GMT
        Subject: CN=B03DEB18E31ADF617720DF742A7D9D9133C5B24D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:a4:78:71:9e:3a:e1:cd:0c:fd:dd:27:0a:
                    60:06:bd:6f:9f:00:8e:d7:4f:07:86:36:20:60:29:
                    41:42:40:8f:bb:7d:0c:a9:b1:9e:42:8e:76:e0:37:
                    8a:90:c0:54:3c:a7:4a:bd:98:cf:85:7b:1f:9e:f6:
                    9e:08:e1:80:4f:d8:0e:21:73:79:49:4c:32:ec:f3:
                    82:d9:78:13:3a:2e:ea:31:5b:70:c5:8d:41:0d:01:
                    e4:36:77:2f:07:07:e9:1a:d9:19:76:d7:a5:cb:ab:
                    93:74:bf:02:62:90:b4:3b:4d:e5:61:63:9a:09:b0:
                    72:c9:91:14:7a:03:25:72:f7:e6:b5:78:30:1e:b6:
                    c3:51:20:c7:88:49:3a:d0:f2:0f:43:3b:57:9c:4d:
                    aa:fe:be:ba:4a:ee:55:25:ee:0c:69:72:aa:86:7d:
                    30:45:17:e5:c9:6b:50:83:57:db:82:6e:cc:06:de:
                    b2:6a:b4:79:5e:30:12:a6:76:53:a1:45:7c:29:52:
                    22:ef:de:ac:eb:b3:f7:cf:17:30:92:2c:62:2f:31:
                    81:3c:8b:53:73:97:38:7d:01:12:ca:69:19:ef:52:
                    e5:81:c4:44:4b:ad:7b:6d:bd:77:8c:e6:f8:a9:04:
                    7d:c4:97:1e:61:b7:35:5a:27:72:b0:13:a3:29:84:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:3D:EB:18:E3:1A:DF:61:77:20:DF:74:2A:7D:9D:91:33:C5:B2:4D
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:78:95:74:27:72:ba:80:8f:e5:f0:09:20:d9:58:67:fd:89:
         e6:12:99:cd:57:77:0e:ee:8f:89:a1:61:86:72:31:2c:5a:a7:
         6f:d8:d7:4a:8c:78:ea:cf:90:44:62:9d:d3:fe:27:de:f1:22:
         3f:9d:b3:c5:7f:2e:f4:93:ee:e0:27:19:19:1d:23:30:d3:e5:
         0d:54:ce:81:b4:42:1a:8c:99:85:25:75:f8:64:a1:35:ed:51:
         fa:ad:15:e1:12:33:b1:e9:9a:5f:69:0a:e9:92:ef:34:6e:a8:
         78:12:68:0c:16:cb:c3:4c:cc:1c:e7:a5:b4:79:b0:3c:90:8f:
         08:49:14:f7:13:12:f1:6f:a0:89:c2:20:85:1c:14:2d:10:49:
         dd:3d:1d:55:d4:15:b2:f3:b2:ae:2d:81:2a:01:e3:c4:43:80:
         5a:b4:31:be:8b:6e:34:a9:4e:4a:44:a9:75:01:0a:34:40:a8:
         5c:76:ef:f2:05:3a:3c:66:f4:a1:fe:7f:d9:97:74:76:e4:b9:
         ce:21:f2:4c:cc:f2:3e:aa:02:6c:da:07:51:64:6f:a6:8f:61:
         68:02:2f:5e:87:82:cd:cb:5a:84:07:3b:a5:80:ac:51:b5:9c:
         f9:fc:6c:10:75:60:2c:49:77:b2:69:4b:0e:59:2e:7f:62:ed:
         6c:e9:f0:ea
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUR106AUidN8RA0Oab9FFP3nQ7XKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjI1MDZaFw0yNTA2MDUxNjMwMDZaMDMxMTAvBgNV
BAMTKEIwM0RFQjE4RTMxQURGNjE3NzIwREY3NDJBN0Q5RDkxMzNDNUIyNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDEaR4cZ464c0M/d0nCmAGvW+f
AI7XTweGNiBgKUFCQI+7fQypsZ5CjnbgN4qQwFQ8p0q9mM+Fex+e9p4I4YBP2A4h
c3lJTDLs84LZeBM6LuoxW3DFjUENAeQ2dy8HB+ka2Rl216XLq5N0vwJikLQ7TeVh
Y5oJsHLJkRR6AyVy9+a1eDAetsNRIMeISTrQ8g9DO1ecTar+vrpK7lUl7gxpcqqG
fTBFF+XJa1CDV9uCbswG3rJqtHleMBKmdlOhRXwpUiLv3qzrs/fPFzCSLGIvMYE8
i1Nzlzh9ARLKaRnvUuWBxERLrXttvXeM5vipBH3Elx5htzVaJ3KwE6MphO/XAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUsD3rGOMa32F3IN90Kn2dkTPFsk0wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzYzNjJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzIzMzM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LUKVMA0GCSqGSIb3DQEBCwUAA4IBAQCSeJV0J3K6gI/l8Akg2Vhn/YnmEpnNV3cO
7o+JoWGGcjEsWqdv2NdKjHjqz5BEYp3T/ife8SI/nbPFfy70k+7gJxkZHSMw0+UN
VM6BtEIajJmFJXX4ZKE17VH6rRXhEjOx6ZpfaQrpku80bqh4EmgMFsvDTMwc56W0
ebA8kI8ISRT3ExLxb6CJwiCFHBQtEEndPR1V1BWy87KuLYEqAePEQ4BatDG+i240
qU5KRKl1AQo0QKhcdu/yBTo8ZvSh/n/Zl3R25LnOIfJMzPI+qgJs2gdRZG+mj2Fo
Ai9eh4LNy1qEBzulgKxRtZz5/GwQdWAsSXeyaUsOWS5/Yu1s6fDq
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org