Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e20323131303631.roa
File:                     34352e36362e3135312e302f32342d3234203d3e20323131303631.roa (raw, json)
Hash identifier:          XSxjYcknR1NtBcSoe0a8J39A2kTWceywCl+tTtU8SFQ=
Subject key identifier:   EA:C3:11:E5:37:ED:E1:4B:AD:63:73:E1:6B:57:37:E9:0E:5C:3A:25
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       5BAA8B1D7D9A6BA9DB80149A8A6A8DF1EB8F51B7
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e20323131303631.roa
Signing time:             Thu 06 Jun 2024 16:28:45 +0000
ROA not before:           Thu 06 Jun 2024 16:23:45 +0000
ROA not after:            Thu 05 Jun 2025 16:28:45 +0000
asID:                     211061
IP address blocks:        45.66.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:aa:8b:1d:7d:9a:6b:a9:db:80:14:9a:8a:6a:8d:f1:eb:8f:51:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:23:45 2024 GMT
            Not After : Jun  5 16:28:45 2025 GMT
        Subject: CN=EAC311E537EDE14BAD6373E16B5737E90E5C3A25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:32:45:cf:3f:f6:dd:bf:64:62:b3:0c:be:6c:
                    98:87:92:aa:41:0c:84:9e:55:85:95:2d:4a:ec:2a:
                    c0:f5:3c:e8:2c:12:35:bc:8d:da:27:9a:33:0f:1d:
                    df:d3:b9:6a:f5:57:f0:e2:c5:34:a7:5b:2e:1c:9e:
                    fc:f7:d7:ab:72:6a:f0:ed:8f:b0:30:f6:ff:08:ad:
                    64:85:8d:94:39:f3:d8:c7:1c:74:64:a4:50:c9:5f:
                    16:d0:9b:36:a6:64:84:5b:d5:a0:66:c8:ec:48:69:
                    a1:d1:a6:74:68:d8:4f:e7:3b:a1:96:eb:bc:94:3d:
                    3c:f8:9c:4b:d2:85:04:9a:41:d2:cb:42:3d:3f:6f:
                    2a:26:fa:70:47:82:4c:b3:5b:90:2a:a7:4e:97:59:
                    72:4a:4a:a9:14:2b:c3:ad:f2:b2:97:7e:0e:c0:e0:
                    28:db:db:5e:89:d5:68:b1:82:83:1d:57:02:62:7c:
                    83:57:f0:70:b2:dd:82:b4:b4:cb:39:73:26:9b:a2:
                    ad:f9:bf:77:13:8c:a6:98:62:6e:cf:29:bd:24:e2:
                    e4:8f:61:b0:71:22:69:84:97:99:7d:f1:bb:43:14:
                    9e:7d:0b:73:ee:3c:46:84:b7:52:6d:c4:40:28:52:
                    d1:ea:ad:48:74:d8:8a:24:4b:8b:8c:cc:37:74:30:
                    6f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C3:11:E5:37:ED:E1:4B:AD:63:73:E1:6B:57:37:E9:0E:5C:3A:25
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e20323131303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:bf:c0:90:11:d0:8b:36:4e:e0:10:58:5a:70:57:15:a9:7f:
         db:7f:c2:45:4e:39:0e:95:9c:12:ad:b4:d1:f4:11:ff:ee:63:
         ac:90:5c:71:d9:b1:14:92:a0:28:97:4c:cc:c1:55:70:86:9b:
         69:05:19:e8:f1:09:cc:27:dd:a9:ae:92:92:8c:18:81:6e:dd:
         97:1d:ee:0c:03:f0:88:d7:de:ef:51:b9:7f:db:2d:1c:7c:a4:
         4b:63:03:24:2b:e6:4d:c8:4b:cf:47:8c:43:98:0e:7a:65:74:
         4e:b2:05:d8:36:ac:fa:7a:69:e3:ab:70:e5:3a:4c:24:13:01:
         b1:2e:d7:a3:9a:bd:a0:4b:40:2d:b0:ed:83:d9:4f:2e:29:c3:
         2d:b4:02:b2:b3:f5:64:86:16:88:af:c3:cc:0f:d0:3a:d1:64:
         7a:29:57:2e:22:d4:b5:1f:c6:58:a3:78:52:5c:62:24:27:99:
         b4:2f:dc:72:1f:71:46:2e:c6:e0:30:d0:94:59:72:a8:2e:c1:
         12:fd:b9:47:e8:15:e8:ca:bd:73:d9:45:0d:e7:af:aa:e9:6b:
         06:c6:04:97:67:2f:17:24:f9:52:25:e4:8e:c2:07:e8:2f:47:
         dd:5a:d2:b2:23:5f:bf:d5:7a:2b:db:c3:fb:e0:2f:4e:64:e2:
         a0:56:d2:5c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUW6qLHX2aa6nbgBSaimqN8euPUbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjIzNDVaFw0yNTA2MDUxNjI4NDVaMDMxMTAvBgNV
BAMTKEVBQzMxMUU1MzdFREUxNEJBRDYzNzNFMTZCNTczN0U5MEU1QzNBMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkMkXPP/bdv2Riswy+bJiHkqpB
DISeVYWVLUrsKsD1POgsEjW8jdonmjMPHd/TuWr1V/DixTSnWy4cnvz316tyavDt
j7Aw9v8IrWSFjZQ589jHHHRkpFDJXxbQmzamZIRb1aBmyOxIaaHRpnRo2E/nO6GW
67yUPTz4nEvShQSaQdLLQj0/byom+nBHgkyzW5Aqp06XWXJKSqkUK8Ot8rKXfg7A
4Cjb216J1WixgoMdVwJifINX8HCy3YK0tMs5cyaboq35v3cTjKaYYm7PKb0k4uSP
YbBxImmEl5l98btDFJ59C3PuPEaEt1JtxEAoUtHqrUh02IokS4uMzDd0MG9PAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU6sMR5Tft4UutY3Pha1c36Q5cOiUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzYzNjJlMzEzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMxMzAzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LUKXMA0GCSqGSIb3DQEBCwUAA4IBAQAVv8CQEdCLNk7gEFhacFcVqX/bf8JFTjkO
lZwSrbTR9BH/7mOskFxx2bEUkqAol0zMwVVwhptpBRno8QnMJ92prpKSjBiBbt2X
He4MA/CI197vUbl/2y0cfKRLYwMkK+ZNyEvPR4xDmA56ZXROsgXYNqz6emnjq3Dl
OkwkEwGxLtejmr2gS0AtsO2D2U8uKcMttAKys/VkhhaIr8PMD9A60WR6KVcuItS1
H8ZYo3hSXGIkJ5m0L9xyH3FGLsbgMNCUWXKoLsES/blH6BXoyr1z2UUN56+q6WsG
xgSXZy8XJPlSJeSOwgfoL0fdWtKyI1+/1Xor28P74C9OZOKgVtJc
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org