Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323131393735.roa
File:                     34352e382e3137332e302f32342d3234203d3e20323131393735.roa (raw, json)
Hash identifier:          PLkCQNlQNIk+qYGscHQ2Yudzk7rwtgDN04SmGqj+zYk=
Subject key identifier:   2B:A2:49:0A:28:1F:5D:37:F8:F5:44:88:58:E0:4D:B1:39:D8:DC:9B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       7141F2801B363C26DB780BC7FFCADE1663E3AF5E
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323131393735.roa
Signing time:             Thu 06 Jun 2024 16:30:18 +0000
ROA not before:           Thu 06 Jun 2024 16:25:18 +0000
ROA not after:            Thu 05 Jun 2025 16:30:18 +0000
asID:                     211975
IP address blocks:        45.8.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:41:f2:80:1b:36:3c:26:db:78:0b:c7:ff:ca:de:16:63:e3:af:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:25:18 2024 GMT
            Not After : Jun  5 16:30:18 2025 GMT
        Subject: CN=2BA2490A281F5D37F8F5448858E04DB139D8DC9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:28:04:43:1f:fd:d6:56:a9:b5:87:e7:2e:83:
                    65:3d:ce:9a:42:d9:85:50:85:f4:07:17:86:75:8f:
                    de:fb:18:46:67:69:e4:37:48:61:67:cd:76:a9:bc:
                    bb:38:87:5d:15:03:9f:fa:91:e5:1c:8a:b4:3f:90:
                    9e:bc:11:1b:e6:be:38:d5:d8:58:f3:78:19:a2:01:
                    1e:55:a3:b0:08:54:e4:fb:27:39:03:df:ff:78:cb:
                    a5:49:4f:c7:8c:f3:09:8d:48:19:9a:75:bf:f8:e0:
                    bd:33:f5:a5:50:29:5f:dd:b8:73:49:36:b0:66:c4:
                    35:93:54:48:ae:82:aa:fd:52:d5:96:2d:49:c2:b0:
                    a7:66:d1:5a:a3:70:d5:ec:52:04:74:55:0d:37:9e:
                    70:f6:b5:bb:8f:9e:0b:f9:11:15:24:2e:4d:dc:b6:
                    cd:f4:b9:b6:ed:dc:e4:94:f6:10:8b:ce:dd:64:17:
                    8b:9b:ff:d7:85:d9:b4:5b:08:db:4a:c8:15:f5:8c:
                    a8:3b:1c:fb:bf:e4:e1:c6:a7:f4:79:5b:24:29:68:
                    1e:48:cb:c9:4e:2e:1c:bb:f5:b9:14:3f:36:f5:e5:
                    a8:03:df:2a:fe:f8:0a:9c:87:72:dd:0d:ee:61:8c:
                    f8:6a:a2:32:e1:43:55:44:f3:4c:4c:48:6d:16:ff:
                    85:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A2:49:0A:28:1F:5D:37:F8:F5:44:88:58:E0:4D:B1:39:D8:DC:9B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323131393735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:06:55:5f:0f:ed:a7:cd:c0:36:14:50:7f:a0:7b:bb:9a:ef:
         3d:40:e7:c9:23:c7:c2:6b:32:92:1a:ed:0b:46:be:89:84:b0:
         ce:23:38:c6:49:2f:b1:15:b7:53:ab:3a:46:c7:93:79:e3:12:
         bb:9a:81:68:8c:a3:ae:29:ef:77:47:49:47:7f:2e:0d:65:93:
         7f:51:da:cf:48:c8:34:9c:27:68:a2:bf:59:c2:58:59:eb:b8:
         cf:88:15:ce:81:cc:ee:4a:88:e4:1c:35:88:4f:ad:c8:04:a0:
         88:f3:ce:ce:87:5d:fa:cd:1f:54:57:54:d7:97:4e:b3:8d:e9:
         40:45:30:b4:e8:b6:77:32:44:32:44:32:85:34:ed:09:d2:3c:
         4e:a5:5c:45:02:00:c1:6e:59:52:70:76:03:f2:de:59:41:8e:
         1d:19:27:d9:ac:31:08:17:87:2d:33:3c:5d:9f:a4:10:1f:89:
         9b:77:fa:0d:f1:47:27:24:af:40:ad:e1:2d:14:04:8f:d0:e9:
         c8:a9:fe:fc:f7:14:ed:4c:e8:85:f0:e6:ec:4b:c8:49:48:87:
         51:d7:0b:2a:40:58:b5:3b:55:88:78:18:98:5a:02:86:0d:12:
         ab:b5:7e:15:2e:a3:1c:d0:2d:34:0d:c7:b7:f9:b9:a6:f9:6c:
         5f:8a:fd:b5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcUHygBs2PCbbeAvH/8reFmPjr14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjI1MThaFw0yNTA2MDUxNjMwMThaMDMxMTAvBgNV
BAMTKDJCQTI0OTBBMjgxRjVEMzdGOEY1NDQ4ODU4RTA0REIxMzlEOERDOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKARDH/3WVqm1h+cug2U9zppC
2YVQhfQHF4Z1j977GEZnaeQ3SGFnzXapvLs4h10VA5/6keUcirQ/kJ68ERvmvjjV
2FjzeBmiAR5Vo7AIVOT7JzkD3/94y6VJT8eM8wmNSBmadb/44L0z9aVQKV/duHNJ
NrBmxDWTVEiugqr9UtWWLUnCsKdm0VqjcNXsUgR0VQ03nnD2tbuPngv5ERUkLk3c
ts30ubbt3OSU9hCLzt1kF4ub/9eF2bRbCNtKyBX1jKg7HPu/5OHGp/R5WyQpaB5I
y8lOLhy79bkUPzb15agD3yr++Aqch3LdDe5hjPhqojLhQ1VE80xMSG0W/4XVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUK6JJCigfXTf49USIWOBNsTnY3JswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM5MzczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rTANBgkqhkiG9w0BAQsFAAOCAQEAfwZVXw/tp83ANhRQf6B7u5rvPUDnySPHwmsy
khrtC0a+iYSwziM4xkkvsRW3U6s6RseTeeMSu5qBaIyjrinvd0dJR38uDWWTf1Ha
z0jINJwnaKK/WcJYWeu4z4gVzoHM7kqI5Bw1iE+tyASgiPPOzodd+s0fVFdU15dO
s43pQEUwtOi2dzJEMkQyhTTtCdI8TqVcRQIAwW5ZUnB2A/LeWUGOHRkn2awxCBeH
LTM8XZ+kEB+Jm3f6DfFHJySvQK3hLRQEj9DpyKn+/PcU7UzohfDm7EvISUiHUdcL
KkBYtTtViHgYmFoChg0Sq7V+FS6jHNAtNA3Ht/m5pvlsX4r9tQ==
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org