Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33332e302f32342d3234203d3e20323038303436.roa
File:                     34352e3132392e33332e302f32342d3234203d3e20323038303436.roa (raw, json)
Hash identifier:          qrIWfHFzTSnJAxPMVvsVeh6xCVES1mON+gBxHp7XZtE=
Subject key identifier:   62:55:85:84:EF:D1:29:14:73:9C:62:3E:69:5F:12:02:95:08:61:6C
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3D433BF7667295D61A155B80D90EE6A97200C9F5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33332e302f32342d3234203d3e20323038303436.roa
Signing time:             Mon 26 Feb 2024 08:52:50 +0000
ROA not before:           Mon 26 Feb 2024 08:47:50 +0000
ROA not after:            Mon 24 Feb 2025 08:52:50 +0000
asID:                     208046
IP address blocks:        45.129.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:43:3b:f7:66:72:95:d6:1a:15:5b:80:d9:0e:e6:a9:72:00:c9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:50 2024 GMT
            Not After : Feb 24 08:52:50 2025 GMT
        Subject: CN=62558584EFD12914739C623E695F12029508616C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dd:54:44:96:be:2e:44:de:58:45:b6:e8:f1:
                    69:c1:8b:71:12:f3:b3:9c:52:91:4a:f8:3f:28:3f:
                    d8:14:5e:20:bd:d9:3c:60:ff:e9:3c:8f:bb:65:7d:
                    ec:3f:83:51:98:87:d9:77:f1:ea:e6:99:9a:61:83:
                    4a:94:6e:bb:d1:9f:2f:52:84:8f:60:9d:51:1e:0e:
                    c4:02:d7:ad:dc:f3:46:74:64:b9:ad:13:78:ba:7b:
                    6a:26:9d:f4:6c:00:2b:d9:65:bd:ba:3b:ab:fd:89:
                    9e:5a:6c:4d:05:32:38:ab:54:ee:aa:08:60:bd:0e:
                    19:ad:41:ca:19:d4:c0:59:53:ee:e6:49:05:09:c9:
                    7e:c4:b1:51:e8:59:a1:ac:f9:5c:d1:83:74:4b:6c:
                    e5:2a:3e:ec:4b:fa:49:50:2e:37:19:67:2b:78:97:
                    25:f8:99:dc:ad:33:38:b9:d7:1f:f5:fa:fb:fd:06:
                    05:6b:97:41:78:4f:d7:fc:15:0d:3e:74:e9:de:d8:
                    54:28:40:23:9e:ef:7c:ed:81:c7:7a:e8:6f:f5:95:
                    e2:38:fd:13:77:03:18:6b:bb:c1:bf:f8:d9:48:2c:
                    af:be:cf:2c:3d:79:cf:2c:56:83:9f:49:10:a2:29:
                    7e:6d:5c:f2:f9:16:cc:96:ad:f3:39:2c:6f:1d:20:
                    e5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:55:85:84:EF:D1:29:14:73:9C:62:3E:69:5F:12:02:95:08:61:6C
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33332e302f32342d3234203d3e20323038303436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:4c:e9:7b:38:1b:c8:33:4b:2e:d0:02:13:1f:60:1e:b4:fe:
         d7:9b:ad:70:fc:9c:f4:ad:df:57:e5:14:e4:e6:65:a2:e3:6e:
         c4:8b:a6:61:8d:26:92:75:ca:58:c5:cb:e5:de:01:78:be:37:
         b6:2d:6d:cf:bd:ac:97:b5:9e:00:6a:41:12:9d:7d:05:05:3d:
         6f:ec:ae:68:20:9a:56:93:43:e0:35:3e:f5:ca:81:f4:9b:23:
         8e:1f:08:2a:40:07:06:3b:4e:8a:d3:2b:ed:78:04:44:35:3d:
         fe:a5:28:56:d9:53:59:79:ed:80:53:fe:d9:a8:8e:3b:1f:05:
         f5:38:07:63:f4:2a:b2:54:0b:43:21:df:7d:e6:28:6f:7b:e0:
         f9:33:8f:9e:43:7b:b2:8e:80:e8:77:6c:2a:7e:d3:5a:e4:75:
         9c:10:3d:97:f4:1b:93:be:34:87:55:e1:5b:c3:1d:3f:72:5e:
         b8:49:01:e3:cf:f7:09:11:6c:68:08:9d:14:79:40:c7:6a:f7:
         14:04:1c:4a:5f:af:3b:7e:1d:cd:60:f5:f1:88:a7:f0:f3:a9:
         25:2d:a2:6c:a2:12:28:5d:27:e8:86:a0:ac:e9:59:d3:0d:59:
         85:8b:75:5c:18:85:d8:ba:86:d9:82:3c:7e:a4:b7:5c:3b:5c:
         d2:ef:76:76
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUPUM792ZyldYaFVuA2Q7mqXIAyfUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTBaFw0yNTAyMjQwODUyNTBaMDMxMTAvBgNV
BAMTKDYyNTU4NTg0RUZEMTI5MTQ3MzlDNjIzRTY5NUYxMjAyOTUwODYxNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf3VRElr4uRN5YRbbo8WnBi3ES
87OcUpFK+D8oP9gUXiC92Txg/+k8j7tlfew/g1GYh9l38ermmZphg0qUbrvRny9S
hI9gnVEeDsQC163c80Z0ZLmtE3i6e2omnfRsACvZZb26O6v9iZ5abE0FMjirVO6q
CGC9DhmtQcoZ1MBZU+7mSQUJyX7EsVHoWaGs+VzRg3RLbOUqPuxL+klQLjcZZyt4
lyX4mdytMzi51x/1+vv9BgVrl0F4T9f8FQ0+dOne2FQoQCOe73ztgcd66G/1leI4
/RN3Axhru8G/+NlILK++zyw9ec8sVoOfSRCiKX5tXPL5FsyWrfM5LG8dIOX/AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUYlWFhO/RKRRznGI+aV8SApUIYWwwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMjM5MmUzMzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM4MzAzNDM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYEhMA0GCSqGSIb3DQEBCwUAA4IBAQCXTOl7OBvIM0su0AITH2AetP7Xm61w/Jz0
rd9X5RTk5mWi427Ei6ZhjSaSdcpYxcvl3gF4vje2LW3PvayXtZ4AakESnX0FBT1v
7K5oIJpWk0PgNT71yoH0myOOHwgqQAcGO06K0yvteARENT3+pShW2VNZee2AU/7Z
qI47HwX1OAdj9CqyVAtDId995ihve+D5M4+eQ3uyjoDod2wqftNa5HWcED2X9BuT
vjSHVeFbwx0/cl64SQHjz/cJEWxoCJ0UeUDHavcUBBxKX687fh3NYPXxiKfw86kl
LaJsohIoXSfohqCs6VnTDVmFi3VcGIXYuobZgjx+pLdcO1zS73Z2
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:44 2024 by rpki-client on console-ams.rpki-client.org