Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e352e302f32342d3234203d3e20323039303433.roa
File:                     34352e38302e352e302f32342d3234203d3e20323039303433.roa (raw, json)
Hash identifier:          Rde1YQ+d68GQx9nDGa/PNEeQpHK5httk4bQqh17H0nc=
Subject key identifier:   CE:D7:45:95:F7:CC:0C:DF:1D:FA:77:0B:C9:6A:4E:D9:1F:30:34:B1
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5A359698D28858AB559B126AAB7F360F633C3B55
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e352e302f32342d3234203d3e20323039303433.roa
Signing time:             Thu 04 Apr 2024 11:05:14 +0000
ROA not before:           Thu 04 Apr 2024 11:00:14 +0000
ROA not after:            Thu 03 Apr 2025 11:05:14 +0000
asID:                     209043
IP address blocks:        45.80.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:35:96:98:d2:88:58:ab:55:9b:12:6a:ab:7f:36:0f:63:3c:3b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:14 2024 GMT
            Not After : Apr  3 11:05:14 2025 GMT
        Subject: CN=CED74595F7CC0CDF1DFA770BC96A4ED91F3034B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f3:8b:89:56:40:5e:b2:4d:69:9e:e1:25:3d:
                    aa:02:97:d9:de:a2:32:52:56:65:21:11:bf:b7:b9:
                    c5:1b:64:25:4a:e8:b8:b0:aa:a1:e6:ea:48:17:8e:
                    d2:c8:19:8a:f0:9b:83:c3:1b:9f:f8:d3:a0:05:e6:
                    9a:ac:81:3e:27:3f:e1:10:d9:93:a0:99:5a:de:fe:
                    7e:6c:90:65:a9:8b:de:bd:b8:a5:b0:d2:74:cb:1c:
                    e8:c7:ad:e5:a6:4f:8a:5b:83:92:38:09:91:6d:02:
                    29:18:e4:d6:a5:93:c0:ab:bb:81:fc:cc:d0:fb:01:
                    e5:9d:69:53:67:c0:f5:30:c2:c2:3b:e7:f8:5a:95:
                    85:96:29:68:f7:3a:0f:35:a4:7f:36:05:82:46:d1:
                    52:26:69:38:bc:dc:83:46:dc:f6:99:ee:cd:4b:66:
                    f6:65:b3:e4:fd:5c:54:88:07:33:9c:06:69:c8:c0:
                    8e:ae:db:d5:e9:ca:1f:b5:90:d2:6e:1b:88:ef:fd:
                    e8:7b:7e:d0:77:9a:c8:8f:a6:a0:71:bf:4e:fd:aa:
                    64:76:83:45:0c:71:b4:6b:29:44:20:33:44:af:f5:
                    cd:d4:d5:f8:5f:44:b3:1b:22:47:d4:8d:74:b9:ea:
                    e2:51:27:e3:42:5a:82:ea:fb:b3:04:3a:f5:fa:7d:
                    42:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D7:45:95:F7:CC:0C:DF:1D:FA:77:0B:C9:6A:4E:D9:1F:30:34:B1
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e352e302f32342d3234203d3e20323039303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:68:fe:25:7b:2c:6a:13:c7:dc:b5:77:b5:a4:85:f6:25:f9:
         fc:da:ff:9d:fb:c5:b7:c8:35:0d:c6:f7:0b:00:51:54:91:03:
         21:e4:17:74:95:f8:e0:fa:d0:02:31:b1:df:02:c2:a3:94:00:
         da:b3:bf:c3:28:ff:be:96:47:cc:be:7c:77:34:7d:f4:79:e9:
         96:6d:62:ba:ea:9c:57:24:83:91:76:93:69:c5:e6:e0:34:ec:
         70:30:83:21:4e:2c:bd:29:29:bd:bd:d2:6a:43:1f:0d:c1:dd:
         1f:45:53:04:be:f6:2c:89:0d:10:ed:6e:c3:74:7f:3c:40:6b:
         a1:7c:37:27:72:a0:a3:4c:10:a6:42:97:8a:61:d6:da:57:50:
         e2:ad:97:e1:ab:3a:03:76:c2:bb:56:12:ce:95:b3:9d:4b:d1:
         96:f6:a3:b2:11:58:af:b4:16:5a:40:91:5b:d2:9a:c2:32:1c:
         b0:fd:6b:68:f2:e4:08:88:25:bc:33:34:b4:02:5e:6e:05:0b:
         7e:18:c9:6a:d9:bd:ad:cf:67:38:01:6e:da:b4:83:43:ac:97:
         35:a2:89:76:2c:5c:74:b1:3b:d6:24:62:c0:47:18:0a:70:a3:
         b1:f1:25:5e:57:e0:79:8d:e5:8b:8b:00:54:92:af:98:e4:b9:
         6b:7d:44:b1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWjWWmNKIWKtVmxJqq382D2M8O1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTRaFw0yNTA0MDMxMTA1MTRaMDMxMTAvBgNV
BAMTKENFRDc0NTk1RjdDQzBDREYxREZBNzcwQkM5NkE0RUQ5MUYzMDM0QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv84uJVkBesk1pnuElPaoCl9ne
ojJSVmUhEb+3ucUbZCVK6LiwqqHm6kgXjtLIGYrwm4PDG5/406AF5pqsgT4nP+EQ
2ZOgmVre/n5skGWpi969uKWw0nTLHOjHreWmT4pbg5I4CZFtAikY5Nalk8Cru4H8
zND7AeWdaVNnwPUwwsI75/halYWWKWj3Og81pH82BYJG0VImaTi83ING3PaZ7s1L
ZvZls+T9XFSIBzOcBmnIwI6u29Xpyh+1kNJuG4jv/eh7ftB3msiPpqBxv079qmR2
g0UMcbRrKUQgM0Sv9c3U1fhfRLMbIkfUjXS56uJRJ+NCWoLq+7MEOvX6fUJzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUztdFlffMDN8d+ncLyWpO2R8wNLEwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzMDM0MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAUw
DQYJKoZIhvcNAQELBQADggEBAI9o/iV7LGoTx9y1d7WkhfYl+fza/537xbfINQ3G
9wsAUVSRAyHkF3SV+OD60AIxsd8CwqOUANqzv8Mo/76WR8y+fHc0ffR56ZZtYrrq
nFckg5F2k2nF5uA07HAwgyFOLL0pKb290mpDHw3B3R9FUwS+9iyJDRDtbsN0fzxA
a6F8NydyoKNMEKZCl4ph1tpXUOKtl+GrOgN2wrtWEs6Vs51L0Zb2o7IRWK+0FlpA
kVvSmsIyHLD9a2jy5AiIJbwzNLQCXm4FC34YyWrZva3PZzgBbtq0g0OslzWiiXYs
XHSxO9YkYsBHGApwo7HxJV5X4HmN5YuLAFSSr5jkuWt9RLE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:41:51 2024 by rpki-client on console-ams.rpki-client.org