Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20323036353035.roa
File:                     34352e3133322e39382e302f32342d3234203d3e20323036353035.roa (raw, json)
Hash identifier:          y9cahKfgXpVCHlLAWvQ3c3PorJlY6/Pw2rYUyHJTRZ0=
Subject key identifier:   53:AB:C3:30:1F:8E:B8:D7:9F:7D:28:C2:DF:28:BF:BC:18:DA:74:04
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       4E5792C5E5E393FD7995D80D2E2C9C28D6023D83
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20323036353035.roa
Signing time:             Wed 10 Apr 2024 22:05:16 +0000
ROA not before:           Wed 10 Apr 2024 22:00:16 +0000
ROA not after:            Wed 09 Apr 2025 22:05:16 +0000
asID:                     206505
IP address blocks:        45.132.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:57:92:c5:e5:e3:93:fd:79:95:d8:0d:2e:2c:9c:28:d6:02:3d:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 10 22:00:16 2024 GMT
            Not After : Apr  9 22:05:16 2025 GMT
        Subject: CN=53ABC3301F8EB8D79F7D28C2DF28BFBC18DA7404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:44:d1:af:e7:b6:5a:4b:4e:5b:37:0b:95:cb:
                    1f:99:9a:94:1e:a0:e8:64:b6:f4:cf:99:66:9b:d8:
                    ce:2e:b2:80:bd:ba:bd:65:52:2b:71:46:5b:29:a2:
                    2b:df:24:68:8f:9d:2d:58:dc:38:29:da:87:16:10:
                    70:c0:f2:d5:fd:9b:ab:cf:52:30:63:78:da:0a:59:
                    38:aa:cf:f6:28:8b:91:b7:56:f5:30:ac:7a:9b:02:
                    33:96:12:41:93:49:f9:18:e3:74:79:53:f0:f2:bd:
                    0f:0e:6a:57:45:94:75:e2:c3:bd:a8:18:01:f8:a6:
                    13:de:22:ee:32:f0:17:cf:cc:fa:df:cb:9c:41:2c:
                    80:dc:d0:29:8f:be:1f:b4:53:dd:b3:24:ff:1f:36:
                    4d:16:4b:e2:7c:0c:1d:45:c2:b6:35:1c:2e:c5:f0:
                    90:bb:09:e2:73:0b:72:22:ee:98:6c:ef:51:ac:9d:
                    28:1a:22:7c:44:e4:a2:5b:13:1f:6e:e9:9d:09:c2:
                    b4:cf:bc:70:77:98:d1:1a:0a:a4:52:e8:9b:ba:82:
                    f0:7c:14:3b:67:21:a9:88:a5:16:ed:86:5c:c3:1a:
                    b2:58:31:00:2b:b4:d2:c2:40:93:c3:bc:8a:af:b6:
                    d3:47:6d:0f:39:9b:c0:14:53:7f:e6:6a:c5:6c:bd:
                    ce:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AB:C3:30:1F:8E:B8:D7:9F:7D:28:C2:DF:28:BF:BC:18:DA:74:04
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20323036353035.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:10:fc:e0:31:9b:e3:3b:4b:d2:9c:14:c3:55:f0:01:72:a0:
         fa:d2:ed:65:c6:1a:cb:f7:1c:f0:78:c5:66:0b:21:a6:b3:fa:
         12:31:2e:1a:88:b7:ac:ac:f0:62:ad:64:b1:73:5e:52:09:6f:
         da:b6:b7:bf:54:8c:cb:72:64:74:24:23:2e:21:d9:66:c6:d0:
         81:27:39:6e:a1:91:08:f2:d9:1e:30:d2:c2:21:bf:e4:9a:d0:
         0b:4d:66:11:d5:3c:e1:a1:f0:43:9d:51:6b:a5:58:7b:86:98:
         8f:6d:13:d4:cb:bc:bb:a7:fc:b9:d7:60:87:de:02:d6:ab:11:
         99:27:02:4d:32:40:f5:88:d0:9a:5c:87:af:f1:09:5d:0a:c6:
         5d:87:30:95:ba:54:ba:73:a5:d9:c8:10:f1:a8:31:dc:c6:28:
         5c:ad:d6:d2:67:0e:be:dd:24:c8:e5:bd:71:5d:de:8a:d5:e5:
         b6:58:24:c3:41:a9:6c:67:de:12:e7:bd:ba:f3:05:27:79:3d:
         2b:03:55:22:1a:6a:0d:4b:52:b4:0d:fd:25:90:c9:91:be:74:
         1b:4a:60:ed:bc:86:a8:a5:de:7d:a3:49:13:5d:91:23:42:94:
         08:85:5f:4f:d0:8e:62:66:02:e1:c3:1c:ac:86:7c:b1:83:68:
         69:97:9e:57
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTleSxeXjk/15ldgNLiycKNYCPYMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MTAyMjAwMTZaFw0yNTA0MDkyMjA1MTZaMDMxMTAvBgNV
BAMTKDUzQUJDMzMwMUY4RUI4RDc5RjdEMjhDMkRGMjhCRkJDMThEQTc0MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTRNGv57ZaS05bNwuVyx+ZmpQe
oOhktvTPmWab2M4usoC9ur1lUitxRlspoivfJGiPnS1Y3Dgp2ocWEHDA8tX9m6vP
UjBjeNoKWTiqz/Yoi5G3VvUwrHqbAjOWEkGTSfkY43R5U/DyvQ8OaldFlHXiw72o
GAH4phPeIu4y8BfPzPrfy5xBLIDc0CmPvh+0U92zJP8fNk0WS+J8DB1FwrY1HC7F
8JC7CeJzC3Ii7phs71GsnSgaInxE5KJbEx9u6Z0JwrTPvHB3mNEaCqRS6Ju6gvB8
FDtnIamIpRbthlzDGrJYMQArtNLCQJPDvIqvttNHbQ85m8AUU3/masVsvc4VAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUU6vDMB+OuNeffSjC3yi/vBjadAQwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzMzMyMmUzOTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM2MzUzMDM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYRiMA0GCSqGSIb3DQEBCwUAA4IBAQATEPzgMZvjO0vSnBTDVfABcqD60u1lxhrL
9xzweMVmCyGms/oSMS4aiLesrPBirWSxc15SCW/atre/VIzLcmR0JCMuIdlmxtCB
JzluoZEI8tkeMNLCIb/kmtALTWYR1TzhofBDnVFrpVh7hpiPbRPUy7y7p/y512CH
3gLWqxGZJwJNMkD1iNCaXIev8QldCsZdhzCVulS6c6XZyBDxqDHcxihcrdbSZw6+
3STI5b1xXd6K1eW2WCTDQalsZ94S57268wUneT0rA1UiGmoNS1K0Df0lkMmRvnQb
SmDtvIaopd59o0kTXZEjQpQIhV9P0I5iZgLhwxyshnyxg2hpl55X
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:41:51 2024 by rpki-client on console-ams.rpki-client.org