Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e203430363736.roa
File:                     34352e3134362e3130372e302f32342d3234203d3e203430363736.roa (raw, json)
Hash identifier:          M0oF5xkzWFxLZDQe3lsUwZlseVK6chIO8CPBHubUlhI=
Subject key identifier:   23:1B:53:BB:7B:C4:45:BA:EF:AB:30:12:BE:CC:4D:71:9F:37:21:A8
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       317566E41F8364E90010F535D4A37919E4B225DF
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e203430363736.roa
Signing time:             Thu 04 Apr 2024 11:05:15 +0000
ROA not before:           Thu 04 Apr 2024 11:00:15 +0000
ROA not after:            Thu 03 Apr 2025 11:05:15 +0000
asID:                     40676
IP address blocks:        45.146.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:75:66:e4:1f:83:64:e9:00:10:f5:35:d4:a3:79:19:e4:b2:25:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:15 2024 GMT
            Not After : Apr  3 11:05:15 2025 GMT
        Subject: CN=231B53BB7BC445BAEFAB3012BECC4D719F3721A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0f:b6:b2:be:6b:82:24:82:2f:ec:92:73:74:
                    f8:39:ee:c4:d1:3f:7d:d7:1d:ba:95:f2:72:49:3b:
                    6f:af:fb:da:ee:a5:12:f8:b8:65:d5:c4:43:07:bb:
                    93:e3:93:06:41:b4:78:90:75:65:b1:24:ff:0c:e8:
                    a0:14:8b:3b:ba:0c:d5:23:eb:e1:cf:0e:ed:42:62:
                    d3:5c:8c:6f:ca:22:64:a2:3f:7c:c0:e0:b5:5b:d5:
                    62:5f:aa:77:cf:6d:9c:b4:24:d4:f7:7a:b0:1a:c4:
                    ed:20:b1:84:35:a6:c2:87:d8:fb:58:6e:3c:2a:0b:
                    37:d2:50:75:29:f4:66:dc:96:a6:42:13:bd:4a:4c:
                    34:b2:2b:07:93:6c:af:98:69:4f:96:be:7a:3b:fd:
                    55:6a:30:df:c8:d2:d5:89:2d:b4:78:5a:83:3d:88:
                    b8:8b:f5:38:29:22:f7:74:e6:5f:5b:37:e1:8b:6b:
                    e5:0a:c5:14:87:33:f2:0b:3d:f1:0e:e6:d6:13:30:
                    fc:85:84:08:cb:2f:bd:f1:11:36:a5:31:3e:84:54:
                    3d:bb:bc:15:d8:b2:8e:cb:ba:eb:bb:41:bd:e3:6f:
                    3d:70:35:ee:c7:98:ec:6c:5b:ee:19:0f:93:c5:b8:
                    0e:84:a9:7e:3f:d5:d7:e1:8d:c0:c4:04:a4:ed:33:
                    e0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:1B:53:BB:7B:C4:45:BA:EF:AB:30:12:BE:CC:4D:71:9F:37:21:A8
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e203430363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:08:e3:1c:5f:b4:88:af:cc:62:ac:21:12:c2:c6:52:b9:35:
         84:52:d7:86:ef:13:0d:16:48:d9:87:97:a6:67:a9:84:99:0d:
         d1:2a:2d:20:7d:fd:fc:b1:c8:06:9b:64:99:1d:54:ea:2d:16:
         01:95:67:aa:e7:31:b1:5d:dc:a9:93:01:74:7b:94:6e:13:f4:
         4d:a1:b6:53:d0:25:4e:df:77:3d:b1:1b:f5:15:20:82:77:51:
         66:8f:16:d8:50:2e:d4:1d:f8:14:10:d2:89:ed:e6:72:23:db:
         58:e9:cf:67:21:8d:e3:71:1c:1b:b7:0a:6c:00:58:6b:01:7a:
         27:17:63:d3:9f:3e:f2:bb:66:c9:75:a4:3b:2b:9f:a9:61:b6:
         82:88:32:75:34:53:ab:54:90:54:c5:f3:43:e7:43:87:2c:c0:
         08:3b:1f:cd:15:fe:8f:ab:ac:dd:1e:71:8e:ef:53:dc:0c:7f:
         e8:59:d9:21:4f:94:38:3d:90:11:ee:b2:2b:8c:4f:e3:92:8c:
         4b:9e:b5:76:d6:28:79:17:16:12:f6:29:15:42:a4:03:c6:e0:
         4c:b8:1d:4c:fb:67:d6:1a:1b:e6:06:e8:e6:d8:88:e1:a9:09:
         b6:17:38:c8:70:6d:47:bc:34:7e:d8:58:5e:36:f3:2f:e9:86:
         01:76:36:f4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUMXVm5B+DZOkAEPU11KN5GeSyJd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTVaFw0yNTA0MDMxMTA1MTVaMDMxMTAvBgNV
BAMTKDIzMUI1M0JCN0JDNDQ1QkFFRkFCMzAxMkJFQ0M0RDcxOUYzNzIxQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjD7ayvmuCJIIv7JJzdPg57sTR
P33XHbqV8nJJO2+v+9rupRL4uGXVxEMHu5PjkwZBtHiQdWWxJP8M6KAUizu6DNUj
6+HPDu1CYtNcjG/KImSiP3zA4LVb1WJfqnfPbZy0JNT3erAaxO0gsYQ1psKH2PtY
bjwqCzfSUHUp9GbclqZCE71KTDSyKweTbK+YaU+Wvno7/VVqMN/I0tWJLbR4WoM9
iLiL9TgpIvd05l9bN+GLa+UKxRSHM/ILPfEO5tYTMPyFhAjLL73xETalMT6EVD27
vBXYso7Luuu7Qb3jbz1wNe7HmOxsW+4ZD5PFuA6EqX4/1dfhjcDEBKTtM+CTAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUIxtTu3vERbrvqzASvsxNcZ83IagwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzNDM2MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzYzNzM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZJrMA0GCSqGSIb3DQEBCwUAA4IBAQCFCOMcX7SIr8xirCESwsZSuTWEUteG7xMN
FkjZh5emZ6mEmQ3RKi0gff38scgGm2SZHVTqLRYBlWeq5zGxXdypkwF0e5RuE/RN
obZT0CVO33c9sRv1FSCCd1FmjxbYUC7UHfgUENKJ7eZyI9tY6c9nIY3jcRwbtwps
AFhrAXonF2PTnz7yu2bJdaQ7K5+pYbaCiDJ1NFOrVJBUxfND50OHLMAIOx/NFf6P
q6zdHnGO71PcDH/oWdkhT5Q4PZAR7rIrjE/jkoxLnrV21ih5FxYS9ikVQqQDxuBM
uB1M+2fWGhvmBujm2IjhqQm2FzjIcG1HvDR+2FheNvMv6YYBdjb0
-----END CERTIFICATE-----
Generated at Thu Nov 21 16:18:02 2024 by rpki-client on console-fra.rpki-client.org