Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
File:                     34352e382e3137352e302f32342d3234203d3e2037353632.roa (raw, json)
Hash identifier:          VWYHjdJkaKU4SS1zaztVGANqJ775n7ZXCWgaamZuAhA=
Subject key identifier:   9E:32:73:ED:D5:13:FB:AC:F9:58:B2:1C:E0:C0:96:49:A6:29:41:E7
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       2E5B056D668EA27A866569F04A3B62C6A3AB6584
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
Signing time:             Thu 06 Jun 2024 16:21:24 +0000
ROA not before:           Thu 06 Jun 2024 16:16:24 +0000
ROA not after:            Thu 05 Jun 2025 16:21:24 +0000
asID:                     7562
IP address blocks:        45.8.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:5b:05:6d:66:8e:a2:7a:86:65:69:f0:4a:3b:62:c6:a3:ab:65:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:16:24 2024 GMT
            Not After : Jun  5 16:21:24 2025 GMT
        Subject: CN=9E3273EDD513FBACF958B21CE0C09649A62941E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:9b:45:33:62:39:80:d9:c7:7d:73:f5:e0:
                    4e:01:0a:cd:42:fd:9f:5a:46:66:3f:2f:e6:bb:08:
                    39:be:d7:c1:9b:8b:1b:ec:12:ed:e3:93:22:13:58:
                    1d:f3:ab:42:02:78:15:b9:3e:b0:7a:e5:16:61:dc:
                    f8:6e:a1:14:fa:9d:6c:66:48:ec:b5:2a:9e:7f:9e:
                    b2:f8:a6:ad:22:10:09:d3:a8:26:f6:31:18:79:91:
                    63:30:50:c4:f9:c7:e5:a5:17:60:4d:38:a0:c2:09:
                    2f:64:df:56:f3:5f:9e:e8:e9:e4:ce:d9:7d:13:15:
                    6c:42:01:2a:f0:f9:a9:73:15:af:b9:63:a3:27:45:
                    96:94:bc:54:9a:54:09:fa:12:a7:48:8e:8e:3f:cf:
                    4e:87:7d:53:4f:67:ef:88:bc:7e:c9:11:46:5b:82:
                    fb:49:23:12:78:0d:f6:bf:8f:0f:f0:2a:a6:38:bd:
                    42:b6:70:49:1d:0f:0f:92:41:83:01:28:77:52:7c:
                    fa:32:e2:41:2a:74:79:76:4c:7c:71:50:e5:ab:fc:
                    3a:e8:de:3e:d1:94:86:2e:35:06:75:e6:aa:72:0a:
                    c5:7f:e5:8b:61:15:5a:1b:dd:c5:1b:92:60:dc:cb:
                    d7:96:9d:96:ed:23:04:b7:a4:ae:af:70:af:35:b9:
                    af:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:32:73:ED:D5:13:FB:AC:F9:58:B2:1C:E0:C0:96:49:A6:29:41:E7
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:23:ba:2a:5e:7e:50:63:3e:82:9a:f2:52:9d:9c:dc:70:84:
         d1:c2:4f:a2:93:0a:e9:79:2e:ba:09:2b:09:6b:96:54:71:7e:
         56:57:06:8c:60:93:2a:ac:ef:29:e1:87:93:26:55:4d:f7:0b:
         c1:5a:54:d7:49:e7:2d:72:42:0b:a9:b7:61:3c:6c:00:54:f4:
         1e:cb:38:4b:61:ad:d3:61:be:a8:5d:4e:6e:46:2a:15:2e:75:
         95:8e:f5:21:6d:4f:64:ae:0d:18:4a:17:87:c3:d7:ed:b5:b3:
         8b:28:5b:f9:d8:cf:86:65:0c:e8:9a:65:53:f9:9f:0e:ac:85:
         51:70:60:b4:88:0c:72:f0:8c:e9:af:91:91:54:0e:07:04:a4:
         4d:e3:48:d9:af:ab:57:1a:1a:20:8f:dc:86:14:54:9a:9a:16:
         e6:c3:e3:c7:90:70:79:55:ec:f5:e1:13:41:a9:e9:af:f6:aa:
         b5:77:ce:ef:a6:5a:bb:8e:13:af:1f:3c:e2:c9:f3:90:7d:c8:
         eb:70:9d:42:15:bd:57:82:7f:f4:36:25:3c:7c:5d:24:06:09:
         03:ed:52:49:00:ae:45:b6:4a:eb:28:9b:6b:2c:4f:c6:7a:8c:
         4a:72:e5:f5:c3:78:67:23:4b:6f:45:01:b1:6c:b1:cf:c1:9c:
         07:a6:4e:4c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULlsFbWaOonqGZWnwSjtixqOrZYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE2MjRaFw0yNTA2MDUxNjIxMjRaMDMxMTAvBgNV
BAMTKDlFMzI3M0VERDUxM0ZCQUNGOTU4QjIxQ0UwQzA5NjQ5QTYyOTQxRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs3JtFM2I5gNnHfXP14E4BCs1C
/Z9aRmY/L+a7CDm+18GbixvsEu3jkyITWB3zq0ICeBW5PrB65RZh3PhuoRT6nWxm
SOy1Kp5/nrL4pq0iEAnTqCb2MRh5kWMwUMT5x+WlF2BNOKDCCS9k31bzX57o6eTO
2X0TFWxCASrw+alzFa+5Y6MnRZaUvFSaVAn6EqdIjo4/z06HfVNPZ++IvH7JEUZb
gvtJIxJ4Dfa/jw/wKqY4vUK2cEkdDw+SQYMBKHdSfPoy4kEqdHl2THxxUOWr/Dro
3j7RlIYuNQZ15qpyCsV/5YthFVob3cUbkmDcy9eWnZbtIwS3pK6vcK81ua/NAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUnjJz7dUT+6z5WLIc4MCWSaYpQecwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzUzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQivMA0G
CSqGSIb3DQEBCwUAA4IBAQCqI7oqXn5QYz6CmvJSnZzccITRwk+ikwrpeS66CSsJ
a5ZUcX5WVwaMYJMqrO8p4YeTJlVN9wvBWlTXSectckILqbdhPGwAVPQeyzhLYa3T
Yb6oXU5uRioVLnWVjvUhbU9krg0YSheHw9fttbOLKFv52M+GZQzommVT+Z8OrIVR
cGC0iAxy8Izpr5GRVA4HBKRN40jZr6tXGhogj9yGFFSamhbmw+PHkHB5Vez14RNB
qemv9qq1d87vplq7jhOvHzziyfOQfcjrcJ1CFb1Xgn/0NiU8fF0kBgkD7VJJAK5F
tkrrKJtrLE/GeoxKcuX1w3hnI0tvRQGxbLHPwZwHpk5M
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org