Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203634323637.roa
File:                     34352e3135302e342e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier:          D7cvbD20JIpIRwQApWZ79drOOImfd7dF4GpGHyxVaLw=
Subject key identifier:   83:D6:78:24:FF:C1:3B:37:31:50:58:99:D2:A2:E6:5A:17:24:C5:F6
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       674C76EBF2FC57C8FF6B3BF23DB78461351022B3
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203634323637.roa
Signing time:             Tue 19 Mar 2024 11:51:41 +0000
ROA not before:           Tue 19 Mar 2024 11:46:41 +0000
ROA not after:            Tue 18 Mar 2025 11:51:41 +0000
asID:                     64267
IP address blocks:        45.150.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:4c:76:eb:f2:fc:57:c8:ff:6b:3b:f2:3d:b7:84:61:35:10:22:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Mar 19 11:46:41 2024 GMT
            Not After : Mar 18 11:51:41 2025 GMT
        Subject: CN=83D67824FFC13B3731505899D2A2E65A1724C5F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:43:47:55:23:ed:df:35:ee:d1:b5:bf:80:04:
                    e0:94:6c:8d:56:df:66:64:d0:a3:48:25:21:cd:24:
                    5b:76:b7:49:81:66:c6:6f:7c:b0:8b:04:79:51:64:
                    af:80:87:03:a7:45:60:ab:95:b0:a2:a3:a3:f3:a9:
                    be:75:aa:67:23:ef:92:14:e1:53:40:83:de:27:c1:
                    67:ec:32:3a:49:2a:d4:d7:c0:6c:c2:24:47:0b:ae:
                    93:9e:99:65:e6:73:97:89:a3:e9:d0:5f:37:2a:7c:
                    b0:9c:9b:da:13:66:49:8b:a3:39:f7:ec:c1:d5:39:
                    47:94:62:dd:ef:4b:80:fe:4a:45:fa:d4:5c:a0:c9:
                    1a:55:02:88:0c:2e:b5:b7:f5:0e:db:2a:cf:29:47:
                    40:cf:f9:a9:6b:4e:ea:b4:35:47:a1:fe:9e:fe:bb:
                    db:44:86:c4:15:62:34:96:17:70:1a:0a:be:ca:80:
                    72:b5:ac:9c:6f:86:42:a1:ea:f0:ae:7d:1b:45:50:
                    91:7d:79:08:6c:60:cb:9a:59:e8:cb:e2:c0:3a:dc:
                    c2:4d:c6:cb:a4:90:46:d1:ae:13:3f:fb:fb:d0:2f:
                    3c:82:b2:ed:b0:15:c9:5c:c7:1c:ba:e3:a3:35:0f:
                    ca:57:22:39:25:3d:45:a4:ef:af:ce:bf:7e:36:22:
                    d4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D6:78:24:FF:C1:3B:37:31:50:58:99:D2:A2:E6:5A:17:24:C5:F6
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:42:98:7b:16:9e:83:d5:11:74:68:ee:32:79:ea:af:d0:5d:
         d4:7e:c3:39:2f:bd:78:2d:7b:b2:8d:94:58:e8:e0:33:96:e3:
         aa:13:9d:84:fa:d8:e5:f6:44:d9:77:06:14:a7:3c:d2:fe:eb:
         26:34:45:16:aa:c1:ef:19:3a:1a:82:d2:09:4c:aa:ea:84:28:
         56:e5:83:a5:38:5a:2e:8d:3a:b6:8e:69:2e:bc:ca:6f:b1:56:
         31:5f:58:33:a4:95:a1:db:30:36:a3:a5:3c:61:ad:47:3d:31:
         9c:76:7e:3a:97:ec:26:36:97:ae:b1:29:ea:9e:2d:4a:dd:23:
         ff:9c:93:4f:b7:da:aa:72:91:35:c0:19:52:e2:8e:21:42:a5:
         35:1e:ea:2e:21:8f:8a:c2:e6:4d:0d:77:98:1e:84:ad:d7:fc:
         9f:4f:51:35:f0:91:cb:4e:12:42:8d:a4:4f:6c:8c:85:40:06:
         d6:12:71:aa:3c:ba:c2:83:f3:00:35:90:34:b7:f3:64:5a:35:
         a9:2d:ae:66:5b:e3:f3:c6:05:12:7b:b2:35:b9:c1:6f:50:cf:
         27:1d:62:8d:7c:16:5d:a9:e1:97:34:b6:59:46:84:63:2f:64:
         e3:cc:67:06:22:49:42:3f:b6:87:34:6b:f5:a2:7e:15:cb:e9:
         f7:10:b7:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZ0x26/L8V8j/azvyPbeEYTUQIrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNDAzMTkxMTQ2NDFaFw0yNTAzMTgxMTUxNDFaMDMxMTAvBgNV
BAMTKDgzRDY3ODI0RkZDMTNCMzczMTUwNTg5OUQyQTJFNjVBMTcyNEM1RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgQ0dVI+3fNe7Rtb+ABOCUbI1W
32Zk0KNIJSHNJFt2t0mBZsZvfLCLBHlRZK+AhwOnRWCrlbCio6Pzqb51qmcj75IU
4VNAg94nwWfsMjpJKtTXwGzCJEcLrpOemWXmc5eJo+nQXzcqfLCcm9oTZkmLozn3
7MHVOUeUYt3vS4D+SkX61FygyRpVAogMLrW39Q7bKs8pR0DP+alrTuq0NUeh/p7+
u9tEhsQVYjSWF3AaCr7KgHK1rJxvhkKh6vCufRtFUJF9eQhsYMuaWejL4sA63MJN
xsukkEbRrhM/+/vQLzyCsu2wFclcxxy646M1D8pXIjklPUWk76/Ov342ItQvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUg9Z4JP/BOzcxUFiZ0qLmWhckxfYwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzQzMjM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgQw
DQYJKoZIhvcNAQELBQADggEBAFJCmHsWnoPVEXRo7jJ56q/QXdR+wzkvvXgte7KN
lFjo4DOW46oTnYT62OX2RNl3BhSnPNL+6yY0RRaqwe8ZOhqC0glMquqEKFblg6U4
Wi6NOraOaS68ym+xVjFfWDOklaHbMDajpTxhrUc9MZx2fjqX7CY2l66xKeqeLUrd
I/+ck0+32qpykTXAGVLijiFCpTUe6i4hj4rC5k0Nd5gehK3X/J9PUTXwkctOEkKN
pE9sjIVABtYScao8usKD8wA1kDS382RaNaktrmZb4/PGBRJ7sjW5wW9QzycdYo18
Fl2p4Zc0tllGhGMvZOPMZwYiSUI/toc0a/WifhXL6fcQty4=
-----END CERTIFICATE-----