Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137352e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134372e3137352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          pUvgJFH0prd2zTXbYRVWJWIfxbvPeUaJ4aldNfPiVWk=
Subject key identifier:   1E:98:90:E9:8B:5D:27:12:80:67:ED:3E:EF:C0:66:64:1A:AD:8A:4F
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       211FCCA959A0E2F8755CB34D511A90DC18C09FB5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137352e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:38 +0000
ROA not before:           Wed 07 Feb 2024 12:28:38 +0000
ROA not after:            Wed 05 Feb 2025 12:33:38 +0000
asID:                     136787
IP address blocks:        45.147.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:1f:cc:a9:59:a0:e2:f8:75:5c:b3:4d:51:1a:90:dc:18:c0:9f:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:38 2024 GMT
            Not After : Feb  5 12:33:38 2025 GMT
        Subject: CN=1E9890E98B5D27128067ED3EEFC066641AAD8A4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1f:a2:31:ac:00:8b:92:1b:e9:b7:8c:c8:bd:
                    5d:9d:97:e7:5d:62:c6:4c:8f:74:22:92:bd:68:fb:
                    e1:e7:92:b0:42:6f:82:88:8b:e6:c3:51:ef:8e:18:
                    14:9c:89:aa:84:65:e2:2d:dd:70:c1:a5:ce:6d:1e:
                    dd:e1:3b:16:e0:8e:89:20:d0:75:48:0c:ec:12:74:
                    46:c6:74:87:9a:67:93:06:25:cc:d6:c9:58:c4:e8:
                    2e:74:a2:ac:c8:53:8b:24:75:02:38:6c:a4:69:b2:
                    32:bb:d0:6e:ee:92:aa:9f:8d:fc:1e:f1:e6:3b:90:
                    a9:6e:54:f5:e2:4b:42:7b:ec:a4:ed:16:5d:e7:e7:
                    5f:18:f1:2b:53:a9:c9:2c:52:cd:45:cf:13:90:94:
                    9d:ee:fd:5e:30:94:db:a4:f1:20:39:47:c2:4d:cd:
                    df:21:b4:e9:1a:fa:7b:4c:c8:5c:47:71:cb:b0:44:
                    6b:c2:2b:de:43:d6:1e:3f:16:ea:8b:e6:7a:35:7e:
                    c7:c3:e4:d1:34:ea:bb:c7:34:4b:7d:30:d1:22:69:
                    fd:a7:69:a4:d9:93:60:ac:24:9a:bc:55:ea:61:fd:
                    d3:42:93:d2:66:59:8c:6e:14:52:cf:12:07:d5:ff:
                    39:3d:b0:c0:8d:3f:ef:6a:5c:53:e9:75:3d:10:91:
                    2e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:98:90:E9:8B:5D:27:12:80:67:ED:3E:EF:C0:66:64:1A:AD:8A:4F
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134372e3137352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:9d:59:5a:bf:23:a6:27:e9:2c:9f:63:3f:bf:e2:26:13:f6:
         3b:73:21:0b:96:fa:3b:d8:aa:61:56:23:7a:29:e9:bd:ff:5c:
         be:4f:58:55:c2:df:a1:37:14:2c:98:a3:8a:ee:2e:c1:7c:0e:
         6b:6d:0f:33:a7:0f:15:6d:4b:e4:e9:c9:e4:51:47:51:a6:83:
         54:6a:53:33:49:66:59:e4:74:e4:d7:1b:18:7a:e6:3c:cc:f9:
         35:b9:4c:7e:8d:a9:bb:ee:5e:91:c4:7a:a7:33:1d:e8:3d:9b:
         41:70:5b:d7:51:21:65:14:77:89:58:e3:52:87:22:d3:bb:0c:
         7a:0a:87:77:e6:09:34:23:7e:41:f2:19:e5:0c:fa:6f:fd:53:
         35:8f:dc:ac:94:51:3b:19:5c:84:8a:f6:ea:ef:1e:bd:76:27:
         28:95:8f:1e:a9:52:9a:a1:31:35:5a:ed:bd:7c:b1:dc:6e:35:
         59:38:3c:a6:c0:a5:0e:84:43:3c:85:70:bb:ee:b5:23:0a:4b:
         7d:46:07:8c:60:a9:e0:b8:08:3d:1d:4a:46:31:e6:dc:81:e4:
         36:07:c0:e1:dd:0b:66:74:b1:9c:bc:2a:36:72:3e:6a:25:4c:
         95:37:b1:72:df:68:e8:07:b1:49:f4:80:3f:66:5b:c1:6f:17:
         6b:16:e4:c9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUIR/MqVmg4vh1XLNNURqQ3BjAn7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4MzhaFw0yNTAyMDUxMjMzMzhaMDMxMTAvBgNV
BAMTKDFFOTg5MEU5OEI1RDI3MTI4MDY3RUQzRUVGQzA2NjY0MUFBRDhBNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+H6IxrACLkhvpt4zIvV2dl+dd
YsZMj3Qikr1o++HnkrBCb4KIi+bDUe+OGBSciaqEZeIt3XDBpc5tHt3hOxbgjokg
0HVIDOwSdEbGdIeaZ5MGJczWyVjE6C50oqzIU4skdQI4bKRpsjK70G7ukqqfjfwe
8eY7kKluVPXiS0J77KTtFl3n518Y8StTqcksUs1FzxOQlJ3u/V4wlNuk8SA5R8JN
zd8htOka+ntMyFxHccuwRGvCK95D1h4/FuqL5no1fsfD5NE06rvHNEt9MNEiaf2n
aaTZk2CsJJq8Veph/dNCk9JmWYxuFFLPEgfV/zk9sMCNP+9qXFPpdT0QkS7vAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUHpiQ6YtdJxKAZ+0+78BmZBqtik8wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDM3MmUzMTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtk68wDQYJKoZIhvcNAQELBQADggEBAJedWVq/I6Yn6SyfYz+/4iYT9jtzIQuW
+jvYqmFWI3op6b3/XL5PWFXC36E3FCyYo4ruLsF8DmttDzOnDxVtS+TpyeRRR1Gm
g1RqUzNJZlnkdOTXGxh65jzM+TW5TH6NqbvuXpHEeqczHeg9m0FwW9dRIWUUd4lY
41KHItO7DHoKh3fmCTQjfkHyGeUM+m/9UzWP3KyUUTsZXISK9urvHr12JyiVjx6p
UpqhMTVa7b18sdxuNVk4PKbApQ6EQzyFcLvutSMKS31GB4xgqeC4CD0dSkYx5tyB
5DYHwOHdC2Z0sZy8KjZyPmolTJU3sXLfaOgHsUn0gD9mW8FvF2sW5Mk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org