Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35372e302f32342d3234203d3e203631333137.roa
File:                     34352e31332e35372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          e/kLmNA4PU99EJjk48IzIB18diPStHm8tvegwjWhHBk=
Subject key identifier:   E1:96:F5:02:4B:3D:2A:B1:84:C6:96:F1:7C:0E:68:33:55:EE:DB:E7
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       5428DC84D1C8931402E9218A0D135BD4DD3BEFF6
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35372e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:56 +0000
ROA not before:           Mon 26 Feb 2024 08:47:56 +0000
ROA not after:            Mon 24 Feb 2025 08:52:56 +0000
asID:                     61317
IP address blocks:        45.13.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 20:59:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:28:dc:84:d1:c8:93:14:02:e9:21:8a:0d:13:5b:d4:dd:3b:ef:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:56 2024 GMT
            Not After : Feb 24 08:52:56 2025 GMT
        Subject: CN=E196F5024B3D2AB184C696F17C0E683355EEDBE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:da:e9:2b:d5:e5:aa:7f:77:88:69:6a:7f:af:
                    80:71:7e:62:f8:41:df:a9:31:43:68:19:0b:51:2f:
                    49:0d:e7:ed:ea:df:44:da:3a:4e:06:a8:6c:b8:a0:
                    5f:d2:a6:9e:dc:d1:38:9e:e8:04:4d:04:19:cf:b0:
                    96:bc:2c:05:c8:5c:bf:4a:48:5a:f5:a3:1d:b3:00:
                    7d:35:36:2c:02:dd:c2:28:d6:11:1b:b8:bf:98:b0:
                    e8:6f:89:7c:89:35:84:4b:31:ee:82:56:2e:03:1f:
                    d2:0f:f6:94:7a:94:1a:ec:e8:fb:ca:67:50:c6:57:
                    37:10:73:ea:92:63:fc:eb:be:bf:23:83:44:24:2f:
                    f5:aa:c0:a9:50:df:54:8f:df:0f:63:ee:da:49:04:
                    75:fa:99:15:e5:1a:4c:7b:14:50:fc:5f:19:21:eb:
                    c3:db:89:78:db:56:69:12:3c:79:7d:d7:83:1f:4b:
                    6b:42:e7:8d:d6:9b:c1:de:20:49:f4:30:3d:6f:49:
                    40:b5:25:7f:6e:e7:7c:84:7b:fc:e1:63:f0:40:e7:
                    67:dc:26:cc:94:55:68:8c:85:77:08:10:44:d6:f6:
                    d2:59:92:5b:e3:80:a3:b7:21:70:42:09:1c:94:69:
                    c9:4c:12:0c:26:f4:40:3f:d7:91:4e:f5:0a:f2:14:
                    89:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:96:F5:02:4B:3D:2A:B1:84:C6:96:F1:7C:0E:68:33:55:EE:DB:E7
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:15:ac:57:16:3a:ee:ce:ae:92:dc:ae:7b:58:99:34:13:69:
         ae:cd:bc:8c:f9:63:7f:be:c8:d1:cf:b4:78:39:a8:fb:e3:4d:
         d2:26:fe:c3:6c:25:6d:61:66:2e:10:b5:38:35:d5:e5:65:d1:
         a1:29:41:b1:cf:fe:a3:f8:41:d2:0e:d5:5d:7e:6c:32:7c:94:
         1e:d5:a4:1a:c7:16:68:3d:50:79:1e:72:e9:6c:76:a5:60:ca:
         74:70:af:83:10:13:43:a1:8f:e9:ed:6b:85:a1:ae:d3:35:39:
         a2:87:e7:4e:30:54:ce:6c:45:f7:c6:68:ab:32:75:32:ab:ec:
         82:82:02:d5:3f:54:3d:9a:e7:22:59:44:7a:38:42:2a:81:3b:
         d2:0a:52:c7:94:91:a0:d9:b5:5e:9e:da:f5:36:ae:71:d7:63:
         5b:88:e6:ee:86:a3:fb:cf:13:33:ec:e3:72:f3:9d:2e:04:a2:
         13:59:d2:10:42:de:8d:5e:2a:76:c8:9f:b6:d3:c2:6a:1c:27:
         d9:29:00:a6:b3:78:85:09:94:c6:d7:cd:be:73:75:88:c4:c0:
         53:23:ec:4e:ad:48:86:fb:95:07:d6:1c:69:9c:a7:fd:49:5c:
         09:5c:52:5d:65:82:a6:20:a3:6e:a5:8f:f9:41:6c:22:fc:e5:
         f6:3d:d2:f9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVCjchNHIkxQC6SGKDRNb1N077/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTZaFw0yNTAyMjQwODUyNTZaMDMxMTAvBgNV
BAMTKEUxOTZGNTAyNEIzRDJBQjE4NEM2OTZGMTdDMEU2ODMzNTVFRURCRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC62ukr1eWqf3eIaWp/r4BxfmL4
Qd+pMUNoGQtRL0kN5+3q30TaOk4GqGy4oF/Spp7c0Tie6ARNBBnPsJa8LAXIXL9K
SFr1ox2zAH01NiwC3cIo1hEbuL+YsOhviXyJNYRLMe6CVi4DH9IP9pR6lBrs6PvK
Z1DGVzcQc+qSY/zrvr8jg0QkL/WqwKlQ31SP3w9j7tpJBHX6mRXlGkx7FFD8Xxkh
68PbiXjbVmkSPHl914MfS2tC543Wm8HeIEn0MD1vSUC1JX9u53yEe/zhY/BA52fc
JsyUVWiMhXcIEETW9tJZklvjgKO3IXBCCRyUaclMEgwm9EA/15FO9QryFIl9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4Zb1Aks9KrGExpbxfA5oM1Xu2+cwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzJlMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDTkw
DQYJKoZIhvcNAQELBQADggEBADQVrFcWOu7OrpLcrntYmTQTaa7NvIz5Y3++yNHP
tHg5qPvjTdIm/sNsJW1hZi4QtTg11eVl0aEpQbHP/qP4QdIO1V1+bDJ8lB7VpBrH
Fmg9UHkeculsdqVgynRwr4MQE0Ohj+nta4WhrtM1OaKH504wVM5sRffGaKsydTKr
7IKCAtU/VD2a5yJZRHo4QiqBO9IKUseUkaDZtV6e2vU2rnHXY1uI5u6Go/vPEzPs
43LznS4EohNZ0hBC3o1eKnbIn7bTwmocJ9kpAKazeIUJlMbXzb5zdYjEwFMj7E6t
SIb7lQfWHGmcp/1JXAlcUl1lgqYgo26lj/lBbCL85fY90vk=
-----END CERTIFICATE-----
Generated at Thu Mar 28 05:24:54 2024 by rpki-client on console-fra.rpki-client.org