Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44354.roa
File:                     AS44354.roa (raw, json)
Hash identifier:          V1uNZmYbOtI58EWrmmlzatC+P2SfLFZAdpqP+JpJETE=
Subject key identifier:   F4:52:85:7D:24:C7:96:DD:92:15:51:EB:1E:F6:AB:16:CF:2B:1B:58
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1DE5DAD009837D4636887DE8B4510B570A01936B
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44354.roa
Signing time:             Thu 23 May 2024 16:49:14 +0000
ROA not before:           Thu 23 May 2024 16:44:14 +0000
ROA not after:            Thu 22 May 2025 16:49:14 +0000
asID:                     44354
IP address blocks:        2a0f:85c1:338::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:e5:da:d0:09:83:7d:46:36:88:7d:e8:b4:51:0b:57:0a:01:93:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:14 2024 GMT
            Not After : May 22 16:49:14 2025 GMT
        Subject: CN=F452857D24C796DD921551EB1EF6AB16CF2B1B58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ca:9b:6e:6f:97:5b:b2:54:91:1c:22:f1:23:
                    c7:c2:0c:9c:94:52:89:6c:83:39:14:0c:de:91:f1:
                    48:eb:3b:79:e8:16:90:82:90:2a:b4:00:c7:7c:02:
                    39:8c:5f:95:33:d7:e6:64:03:3e:71:68:53:3c:bd:
                    37:3c:58:f4:23:ab:52:0f:34:13:58:2a:e7:67:41:
                    6a:1f:06:fb:c2:95:e7:ce:b2:ad:35:73:50:92:6c:
                    e0:50:74:c2:89:bd:f9:de:22:4e:2e:d3:7d:cc:8f:
                    56:ce:a5:db:08:52:72:f4:75:32:00:45:2c:20:f0:
                    68:4e:c6:2b:4f:1e:85:30:d8:8d:ae:75:5a:a6:59:
                    f7:a8:d4:5b:cc:1b:64:ff:1d:73:d0:00:4e:c1:3b:
                    f1:34:6d:53:5b:9d:15:e9:ca:05:1e:a1:ae:f7:94:
                    15:1b:41:0a:a7:40:87:04:83:1a:92:78:fe:21:bd:
                    6e:05:9b:7b:93:12:0a:cd:df:a0:2b:61:0c:a4:77:
                    aa:87:1f:33:5c:c6:85:33:25:72:28:35:e4:64:97:
                    7c:b9:8b:c7:aa:1f:75:a6:48:75:d2:8f:f0:4e:c6:
                    ab:52:1a:e8:80:99:15:be:3d:22:79:b1:d9:2a:8d:
                    f0:ed:d2:77:79:51:ab:d4:88:84:c9:46:38:f9:cd:
                    dc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:52:85:7D:24:C7:96:DD:92:15:51:EB:1E:F6:AB:16:CF:2B:1B:58
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS44354.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:338::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:d1:1b:1f:d1:55:42:4f:f7:d5:68:b6:99:73:87:7a:6b:e1:
         5d:0e:d7:ef:e3:a6:8a:6d:de:72:6d:f3:84:a3:d6:68:bb:a1:
         7c:d8:f2:f5:6e:15:08:2f:46:2a:36:65:25:6e:53:bf:6d:1c:
         5d:7f:dc:2c:80:2e:40:3c:e1:27:d7:44:e2:4b:53:13:7c:a9:
         d4:94:f6:fe:fe:fe:1f:8d:69:9d:cb:d3:8d:30:2a:09:ec:62:
         f8:4a:3e:ed:2e:09:e2:c9:2e:57:35:dc:4e:14:1a:89:b3:91:
         14:0f:34:9a:b4:5b:a7:cb:f2:cc:a2:2a:dd:07:42:5d:cc:78:
         6c:59:cf:f0:8c:41:72:1b:36:20:53:f9:41:bb:cd:19:34:11:
         87:ea:b2:fa:1f:a3:6a:d1:ce:e9:02:99:32:0b:b2:10:1b:87:
         59:7b:50:e3:49:40:7b:52:36:83:ad:40:45:f0:c7:bb:a8:5c:
         5f:a3:18:0e:37:7b:6c:29:a5:19:5f:c3:18:95:96:85:9e:a2:
         2b:8b:5e:9b:ef:59:28:9e:7e:86:17:5b:49:3e:b5:7e:f0:db:
         5c:aa:07:b6:cb:bb:5d:ea:59:01:a3:70:a4:6f:cb:02:28:f8:
         5b:13:b8:4a:87:26:0c:9b:d7:b8:19:22:fe:9b:cc:a7:5c:4f:
         62:cd:f7:45
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUHeXa0AmDfUY2iH3otFELVwoBk2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTRaFw0yNTA1MjIxNjQ5MTRaMDMxMTAvBgNV
BAMTKEY0NTI4NTdEMjRDNzk2REQ5MjE1NTFFQjFFRjZBQjE2Q0YyQjFCNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyptub5dbslSRHCLxI8fCDJyU
UolsgzkUDN6R8UjrO3noFpCCkCq0AMd8AjmMX5Uz1+ZkAz5xaFM8vTc8WPQjq1IP
NBNYKudnQWofBvvClefOsq01c1CSbOBQdMKJvfneIk4u033Mj1bOpdsIUnL0dTIA
RSwg8GhOxitPHoUw2I2udVqmWfeo1FvMG2T/HXPQAE7BO/E0bVNbnRXpygUeoa73
lBUbQQqnQIcEgxqSeP4hvW4Fm3uTEgrN36ArYQykd6qHHzNcxoUzJXIoNeRkl3y5
i8eqH3WmSHXSj/BOxqtSGuiAmRW+PSJ5sdkqjfDt0nd5UavUiITJRjj5zdwRAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU9FKFfSTHlt2SFVHrHvarFs8rG1gwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTNDQzNTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
AzgwDQYJKoZIhvcNAQELBQADggEBAK3RGx/RVUJP99Votplzh3pr4V0O1+/jpopt
3nJt84Sj1mi7oXzY8vVuFQgvRio2ZSVuU79tHF1/3CyALkA84SfXROJLUxN8qdSU
9v7+/h+NaZ3L040wKgnsYvhKPu0uCeLJLlc13E4UGomzkRQPNJq0W6fL8syiKt0H
Ql3MeGxZz/CMQXIbNiBT+UG7zRk0EYfqsvofo2rRzukCmTILshAbh1l7UONJQHtS
NoOtQEXwx7uoXF+jGA43e2wppRlfwxiVloWeoiuLXpvvWSiefoYXW0k+tX7w21yq
B7bLu13qWQGjcKRvywIo+FsTuEqHJgyb17gZIv6bzKdcT2LN90U=
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org