Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137322e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134372e3137322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          f4jHiXMW2aYtY/xepivt3se3e3EIbfol93LLDkSD7eE=
Subject key identifier:   10:CA:84:9D:50:53:55:CD:73:D1:86:9F:F5:4A:23:1D:48:73:D2:A7
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       7027F57D452CD5ABBC1AE2370FFECC1A01A47A98
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137322e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:34 +0000
ROA not before:           Wed 07 Feb 2024 12:28:34 +0000
ROA not after:            Wed 05 Feb 2025 12:33:34 +0000
asID:                     136787
IP address blocks:        45.147.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:27:f5:7d:45:2c:d5:ab:bc:1a:e2:37:0f:fe:cc:1a:01:a4:7a:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:34 2024 GMT
            Not After : Feb  5 12:33:34 2025 GMT
        Subject: CN=10CA849D505355CD73D1869FF54A231D4873D2A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1c:02:a6:96:73:5a:4d:37:ce:ac:33:3f:1b:
                    bd:88:ff:eb:70:7e:46:77:e7:8c:94:93:b7:6d:df:
                    67:bc:02:3b:82:7b:60:53:7b:5e:07:25:58:5f:e4:
                    6a:28:5c:b6:b6:64:30:22:2b:fd:75:11:25:fd:a5:
                    09:b3:21:6f:3e:40:38:f0:17:4e:a4:d9:0b:29:5e:
                    35:93:f1:e1:6b:33:23:10:12:78:3d:ec:85:23:e6:
                    bf:29:cf:81:cf:85:40:a8:b3:8e:3d:3c:7b:c1:c2:
                    c4:71:7e:2f:7a:b6:e9:a9:b9:0e:29:92:fc:c6:52:
                    18:24:7f:ad:af:c6:98:5d:c7:e7:14:1c:49:dd:17:
                    21:4b:d5:a4:d0:f0:d2:23:4a:96:12:eb:e6:5d:30:
                    95:6b:95:ed:88:77:e1:80:04:19:0e:a7:11:f6:37:
                    dc:b3:08:ee:7d:e8:c3:e4:5f:c5:b9:c5:a8:cb:7d:
                    37:37:79:64:e0:5c:b5:34:e0:7d:01:a2:25:e6:ce:
                    b7:67:4b:35:c6:d1:02:58:a2:98:a7:74:12:d0:40:
                    36:0a:97:b4:c2:5d:04:ff:72:4f:55:a8:4f:d0:7a:
                    69:54:fd:18:6e:67:6c:10:07:aa:d9:12:b8:87:6b:
                    bf:85:d2:78:54:33:43:a0:a1:f7:cc:3d:9a:43:7a:
                    c2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:CA:84:9D:50:53:55:CD:73:D1:86:9F:F5:4A:23:1D:48:73:D2:A7
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c0:4e:32:16:12:df:df:d9:27:a3:18:92:3d:97:f9:31:52:
         b9:0a:c5:5b:e1:2b:25:19:df:37:da:1e:f3:20:c0:fe:49:1c:
         c4:61:bb:16:99:0a:d3:74:4c:21:1c:c1:d7:ec:01:22:44:90:
         1f:2d:be:ae:e0:26:ef:17:b5:34:0e:f5:36:0e:c1:cd:d8:2d:
         07:54:2d:f5:07:e7:fa:62:1c:6a:64:38:da:95:c7:a3:5a:04:
         17:e6:be:de:35:71:75:2a:22:42:d5:34:a3:99:7d:46:a4:bb:
         0b:e4:63:ab:6e:67:79:3f:ba:ad:56:6d:cb:ef:05:99:c4:7f:
         32:2a:7f:f3:42:74:5d:c4:e5:94:a5:45:76:ec:46:6d:90:ea:
         e8:b0:03:38:6a:02:9b:e0:4c:e5:1d:7e:3b:bd:d1:03:f6:f7:
         21:fb:70:ca:cb:f9:10:55:36:4f:a2:f2:16:21:62:ad:3f:9f:
         5d:8a:70:9a:38:50:73:00:5c:d8:6b:ca:dd:ef:c4:a8:8b:ed:
         52:67:70:07:41:10:18:6d:d5:da:74:23:d0:eb:9e:fd:05:7c:
         b4:66:18:dd:04:9e:75:1c:46:22:b0:a1:c5:94:0b:81:41:de:
         9d:ec:25:0c:a0:4a:f3:d9:ea:55:55:3e:fe:bb:1a:af:99:89:
         e4:a6:ef:d0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUcCf1fUUs1au8GuI3D/7MGgGkepgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4MzRaFw0yNTAyMDUxMjMzMzRaMDMxMTAvBgNV
BAMTKDEwQ0E4NDlENTA1MzU1Q0Q3M0QxODY5RkY1NEEyMzFENDg3M0QyQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqHAKmlnNaTTfOrDM/G72I/+tw
fkZ354yUk7dt32e8AjuCe2BTe14HJVhf5GooXLa2ZDAiK/11ESX9pQmzIW8+QDjw
F06k2QspXjWT8eFrMyMQEng97IUj5r8pz4HPhUCos449PHvBwsRxfi96tumpuQ4p
kvzGUhgkf62vxphdx+cUHEndFyFL1aTQ8NIjSpYS6+ZdMJVrle2Id+GABBkOpxH2
N9yzCO596MPkX8W5xajLfTc3eWTgXLU04H0BoiXmzrdnSzXG0QJYopindBLQQDYK
l7TCXQT/ck9VqE/QemlU/RhuZ2wQB6rZEriHa7+F0nhUM0OgoffMPZpDesIjAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUEMqEnVBTVc1z0Yaf9UojHUhz0qcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDM3MmUzMTM3
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtk6wwDQYJKoZIhvcNAQELBQADggEBACLATjIWEt/f2SejGJI9l/kxUrkKxVvh
KyUZ3zfaHvMgwP5JHMRhuxaZCtN0TCEcwdfsASJEkB8tvq7gJu8XtTQO9TYOwc3Y
LQdULfUH5/piHGpkONqVx6NaBBfmvt41cXUqIkLVNKOZfUakuwvkY6tuZ3k/uq1W
bcvvBZnEfzIqf/NCdF3E5ZSlRXbsRm2Q6uiwAzhqApvgTOUdfju90QP29yH7cMrL
+RBVNk+i8hYhYq0/n12KcJo4UHMAXNhryt3vxKiL7VJncAdBEBht1dp0I9Drnv0F
fLRmGN0EnnUcRiKwocWUC4FB3p3sJQygSvPZ6lVVPv67Gq+ZieSm79A=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org