Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138342e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134302e3138342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          QVKUzzIRzTaqPJdVThV6wguzwRlMt/YaPudzsVZlGc4=
Subject key identifier:   31:B5:96:58:36:E2:BA:08:BB:D8:ED:BE:7A:86:44:D3:49:81:46:F6
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6BA37702D7817D85BC6376DEB86144F7D97D462B
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138342e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:56 +0000
ROA not before:           Mon 26 Feb 2024 08:47:56 +0000
ROA not after:            Mon 24 Feb 2025 08:52:56 +0000
asID:                     136787
IP address blocks:        45.140.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:a3:77:02:d7:81:7d:85:bc:63:76:de:b8:61:44:f7:d9:7d:46:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:56 2024 GMT
            Not After : Feb 24 08:52:56 2025 GMT
        Subject: CN=31B5965836E2BA08BBD8EDBE7A8644D3498146F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2e:d3:7c:52:33:9b:36:49:06:b3:4a:6a:53:
                    00:25:ec:ec:b5:ce:af:dc:90:2e:ab:98:6a:2b:b5:
                    f7:f7:af:86:4c:40:32:df:1f:95:de:fd:bd:a0:60:
                    c3:81:1c:aa:27:63:2c:b7:94:7f:b6:d8:93:a8:20:
                    3c:ad:ce:08:cf:76:b1:0b:14:33:d0:fe:ac:28:a7:
                    c4:7b:16:36:8f:7f:b5:15:07:4b:93:44:67:75:29:
                    43:e2:1d:c5:03:a2:12:3d:33:0b:07:09:7c:76:0e:
                    0b:c8:89:7e:01:ff:a8:4b:14:78:88:5e:43:7e:e0:
                    4f:9f:b2:90:b1:52:52:95:68:4c:8e:7e:fd:75:82:
                    a8:48:f7:2c:44:b9:0f:1d:74:3a:fc:54:b9:8a:9e:
                    2a:1a:d1:04:e4:ba:d9:6d:7b:9e:97:8d:05:a6:05:
                    0c:06:56:ce:82:11:45:01:13:0d:c6:2d:20:f4:6a:
                    39:76:ff:ec:55:e7:06:2c:b0:0e:b7:e5:15:74:f1:
                    f2:4b:b3:5a:c8:94:ba:e0:38:74:05:8a:0e:f4:9e:
                    78:82:09:4e:e1:ef:9f:8a:e0:4e:4c:2e:60:8f:33:
                    80:b0:fb:04:51:6a:c2:94:c3:f2:dd:da:17:c8:24:
                    5c:fb:c5:a5:b3:be:1f:a2:9d:9e:11:9a:c7:f8:5c:
                    aa:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B5:96:58:36:E2:BA:08:BB:D8:ED:BE:7A:86:44:D3:49:81:46:F6
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b5:c5:ad:e9:5f:a1:59:99:79:39:fb:9a:9d:f9:df:be:16:
         57:f0:79:77:c4:9d:93:13:41:3a:1d:75:9a:4b:dc:12:80:65:
         c6:fd:b9:05:db:9b:e5:29:37:bc:07:c5:76:62:77:47:16:b4:
         68:ce:b7:56:df:97:f1:ca:3e:57:d9:3e:36:ec:5d:49:34:eb:
         cc:ee:9b:e8:a1:17:90:4f:b3:de:4b:f4:b2:ca:ab:82:9a:56:
         29:b8:bd:63:86:a6:f8:8c:de:70:35:fc:c5:58:64:48:4b:9b:
         f3:92:0d:be:f4:09:45:0e:12:5d:6e:30:ca:3d:3c:bd:ed:d1:
         fe:be:25:20:03:a1:ff:33:ad:25:b8:88:2c:3f:93:15:3e:d5:
         65:09:5f:6c:ac:48:d8:2d:a8:5a:b2:52:43:c1:fb:5c:df:13:
         6a:3e:84:39:ff:03:2a:10:a2:39:1a:8b:2f:d5:fe:52:22:c5:
         82:84:21:ab:d5:e5:3a:86:00:f1:03:f6:3d:7c:f4:37:ea:27:
         af:20:ef:70:6d:8c:fc:22:bb:27:e1:fb:5d:14:50:44:20:26:
         da:01:5b:8d:e9:ee:f1:fa:39:ed:ba:5c:91:c6:e1:0a:99:4e:
         47:63:42:1d:3b:61:a3:59:e2:9c:41:ca:13:2a:74:a3:16:89:
         c7:a4:1b:5a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUa6N3AteBfYW8Y3beuGFE99l9RiswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTZaFw0yNTAyMjQwODUyNTZaMDMxMTAvBgNV
BAMTKDMxQjU5NjU4MzZFMkJBMDhCQkQ4RURCRTdBODY0NEQzNDk4MTQ2RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqLtN8UjObNkkGs0pqUwAl7Oy1
zq/ckC6rmGortff3r4ZMQDLfH5Xe/b2gYMOBHKonYyy3lH+22JOoIDytzgjPdrEL
FDPQ/qwop8R7FjaPf7UVB0uTRGd1KUPiHcUDohI9MwsHCXx2DgvIiX4B/6hLFHiI
XkN+4E+fspCxUlKVaEyOfv11gqhI9yxEuQ8ddDr8VLmKnioa0QTkutlte56XjQWm
BQwGVs6CEUUBEw3GLSD0ajl2/+xV5wYssA635RV08fJLs1rIlLrgOHQFig70nniC
CU7h75+K4E5MLmCPM4Cw+wRRasKUw/Ld2hfIJFz7xaWzvh+inZ4Rmsf4XKoJAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUMbWWWDbiugi72O2+eoZE00mBRvYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDMwMmUzMTM4
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtjLgwDQYJKoZIhvcNAQELBQADggEBAHG1xa3pX6FZmXk5+5qd+d++FlfweXfE
nZMTQToddZpL3BKAZcb9uQXbm+UpN7wHxXZid0cWtGjOt1bfl/HKPlfZPjbsXUk0
68zum+ihF5BPs95L9LLKq4KaVim4vWOGpviM3nA1/MVYZEhLm/OSDb70CUUOEl1u
MMo9PL3t0f6+JSADof8zrSW4iCw/kxU+1WUJX2ysSNgtqFqyUkPB+1zfE2o+hDn/
AyoQojkaiy/V/lIixYKEIavV5TqGAPED9j189DfqJ68g73BtjPwiuyfh+10UUEQg
JtoBW43p7vH6Oe26XJHG4QqZTkdjQh07YaNZ4pxByhMqdKMWicekG1o=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org