Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e352e302f32342d3234203d3e20323039383534.roa
File:                     34352e3135302e352e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          Q0MksaznWSNZegMdCUOG/gHJD1ijN/io2ffJkKquBlg=
Subject key identifier:   2C:E2:FC:78:72:81:77:EC:EB:FA:93:DF:5F:E5:38:03:E0:32:D3:FC
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       28CFB68B22BA95056B32A9EE7E25C3FEBB36255D
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e352e302f32342d3234203d3e20323039383534.roa
Signing time:             Tue 19 Mar 2024 11:51:43 +0000
ROA not before:           Tue 19 Mar 2024 11:46:43 +0000
ROA not after:            Tue 18 Mar 2025 11:51:43 +0000
asID:                     209854
IP address blocks:        45.150.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:cf:b6:8b:22:ba:95:05:6b:32:a9:ee:7e:25:c3:fe:bb:36:25:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Mar 19 11:46:43 2024 GMT
            Not After : Mar 18 11:51:43 2025 GMT
        Subject: CN=2CE2FC78728177ECEBFA93DF5FE53803E032D3FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:3d:ff:11:7a:17:e4:f2:5f:b4:88:a3:0e:
                    02:03:1e:cd:79:8d:12:85:6b:67:c1:e8:51:1e:9d:
                    f1:6b:c7:9b:03:51:ac:52:3a:2e:35:ba:b4:c6:05:
                    88:2d:77:63:d7:47:35:b0:37:62:c8:2c:02:19:1d:
                    63:ab:1e:9a:05:80:c6:d1:03:0b:a5:68:b8:94:77:
                    d0:30:9a:37:8e:03:af:66:83:2a:ae:ba:dc:e4:15:
                    1f:6e:8d:cc:27:17:31:fd:23:9a:d8:8c:cb:31:b5:
                    eb:32:5f:ae:ec:5b:8a:74:dd:39:9a:68:68:56:b3:
                    fc:73:c5:ec:3f:e1:54:de:ff:56:50:19:b4:28:6b:
                    31:85:38:c9:52:50:d8:46:30:02:55:2f:8c:0c:b1:
                    ae:d3:19:f0:ba:d1:b3:dc:38:0f:3b:d4:19:d7:7d:
                    fe:75:45:1b:73:a8:ee:9e:dc:7c:af:af:08:10:1d:
                    2f:e8:a8:ea:c2:85:e1:76:27:f1:8f:1f:69:cc:f9:
                    4d:1b:c4:91:73:3c:f6:22:58:aa:74:54:6e:33:f9:
                    8e:3a:97:62:08:9a:30:82:5b:49:e5:aa:54:c2:ba:
                    43:1f:41:d7:4c:16:6e:28:fc:44:90:e9:ab:cf:6a:
                    b1:f0:26:9d:c5:25:30:d9:fb:0d:11:91:4c:57:01:
                    e1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E2:FC:78:72:81:77:EC:EB:FA:93:DF:5F:E5:38:03:E0:32:D3:FC
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e352e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:71:8b:e1:4d:86:66:19:95:66:ce:36:bf:cb:7b:f2:bf:
         e1:1d:ea:1c:f4:dc:9b:63:9b:ee:b0:9e:1b:54:e0:a6:f6:1a:
         95:3d:06:aa:c3:96:62:d1:49:51:fb:b5:bc:c7:6c:94:06:3e:
         0c:a8:dd:a6:5e:8d:82:f7:f5:c7:b0:2d:94:00:74:d2:85:32:
         a3:38:9c:c6:10:af:d7:6e:23:24:ee:17:80:50:27:31:17:ea:
         a7:80:95:9e:ea:40:12:6e:83:b4:59:f2:f5:6e:15:a4:f3:5e:
         c5:2b:5b:8e:01:c0:6f:fb:3b:61:24:83:1d:d4:84:e2:fd:f7:
         f9:8a:ee:0a:9c:06:b4:7f:21:ce:7e:7e:c0:03:b0:6a:40:74:
         6e:ec:d2:c9:9c:d9:b5:a5:6b:25:b2:68:72:a9:4b:cb:b8:c7:
         47:e8:ca:00:be:e7:c3:f3:a9:a2:cf:24:b6:41:2c:c5:73:24:
         0a:96:80:5a:a4:d1:98:c7:ab:07:3d:86:4a:79:ab:c5:db:95:
         e9:cb:73:d0:de:ca:b4:2c:30:f1:e5:05:ac:f5:3e:98:ab:fd:
         18:be:82:6f:29:17:b8:55:63:72:47:f7:f1:ab:01:7a:50:74:
         c0:d6:b1:77:14:4e:3c:3a:5c:2b:98:c1:72:da:c5:a1:09:91:
         31:8a:c1:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKM+2iyK6lQVrMqnufiXD/rs2JV0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNDAzMTkxMTQ2NDNaFw0yNTAzMTgxMTUxNDNaMDMxMTAvBgNV
BAMTKDJDRTJGQzc4NzI4MTc3RUNFQkZBOTNERjVGRTUzODAzRTAzMkQzRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbIT3/EXoX5PJftIijDgIDHs15
jRKFa2fB6FEenfFrx5sDUaxSOi41urTGBYgtd2PXRzWwN2LILAIZHWOrHpoFgMbR
AwulaLiUd9AwmjeOA69mgyquutzkFR9ujcwnFzH9I5rYjMsxtesyX67sW4p03Tma
aGhWs/xzxew/4VTe/1ZQGbQoazGFOMlSUNhGMAJVL4wMsa7TGfC60bPcOA871BnX
ff51RRtzqO6e3HyvrwgQHS/oqOrCheF2J/GPH2nM+U0bxJFzPPYiWKp0VG4z+Y46
l2IImjCCW0nlqlTCukMfQddMFm4o/ESQ6avParHwJp3FJTDZ+w0RkUxXAeF9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULOL8eHKBd+zr+pPfX+U4A+Ay0/wwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2W
BTANBgkqhkiG9w0BAQsFAAOCAQEARrJxi+FNhmYZlWbONr/Le/K/4R3qHPTcm2Ob
7rCeG1TgpvYalT0GqsOWYtFJUfu1vMdslAY+DKjdpl6Ngvf1x7AtlAB00oUyozic
xhCv124jJO4XgFAnMRfqp4CVnupAEm6DtFny9W4VpPNexStbjgHAb/s7YSSDHdSE
4v33+YruCpwGtH8hzn5+wAOwakB0buzSyZzZtaVrJbJocqlLy7jHR+jKAL7nw/Op
os8ktkEsxXMkCpaAWqTRmMerBz2GSnmrxduV6ctz0N7KtCww8eUFrPU+mKv9GL6C
bykXuFVjckf38asBelB0wNaxdxROPDpcK5jBctrFoQmRMYrB+A==
-----END CERTIFICATE-----