Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133372e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134382e3133372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          kxZmlZuq3OBHx6AfVyHYL9v1b92bnb1Ra7dHIS1Z7jk=
Subject key identifier:   42:82:CA:B5:E8:76:48:50:A4:E7:62:13:A1:1E:2F:42:59:19:E9:5F
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1C5E2664492597656AD0F5FBE0B6E34BE4D37442
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133372e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:31 +0000
ROA not before:           Wed 07 Feb 2024 12:28:31 +0000
ROA not after:            Wed 05 Feb 2025 12:33:31 +0000
asID:                     136787
IP address blocks:        45.148.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:5e:26:64:49:25:97:65:6a:d0:f5:fb:e0:b6:e3:4b:e4:d3:74:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:31 2024 GMT
            Not After : Feb  5 12:33:31 2025 GMT
        Subject: CN=4282CAB5E8764850A4E76213A11E2F425919E95F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8f:bf:3b:20:73:a5:dd:cb:8c:3e:07:fc:e9:
                    93:45:5a:36:28:4b:37:8c:3f:0a:6c:d1:43:e8:96:
                    cd:05:5f:d0:23:bf:27:8c:53:5b:b7:0a:db:fd:32:
                    fd:fd:68:10:40:87:7c:56:89:be:39:46:1a:66:a6:
                    d4:9f:e3:59:b0:ba:a5:a9:ff:5b:52:a2:d9:3a:c7:
                    0e:33:46:32:15:57:f3:ba:e9:8c:42:fc:c6:98:29:
                    26:d3:ba:da:f7:40:8b:81:6b:2a:3d:dd:eb:13:fa:
                    f4:93:2c:75:25:ef:6b:3a:d1:ce:76:72:4d:0e:95:
                    f8:eb:25:14:38:29:b1:8c:9c:eb:ee:15:32:50:19:
                    7e:bc:f1:6d:f4:4c:10:41:21:5e:47:0c:79:f9:5f:
                    53:3a:cb:ea:e6:ad:8b:da:6b:31:d0:24:a9:76:13:
                    f9:45:70:e1:77:58:dd:a1:27:59:60:d9:93:ce:20:
                    c1:82:bb:84:11:a7:fb:fe:7b:3e:87:e5:ff:d7:34:
                    f5:e5:62:f4:51:54:2d:9c:8f:e5:89:85:77:0a:9f:
                    5c:2e:ab:03:27:d5:d3:20:3f:97:7b:ac:19:73:ae:
                    2d:60:6f:ac:38:9d:4c:fd:f7:09:1f:dd:bf:56:85:
                    80:9b:50:98:0b:85:f9:6b:31:1d:b4:cd:f4:1e:e7:
                    b0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:82:CA:B5:E8:76:48:50:A4:E7:62:13:A1:1E:2F:42:59:19:E9:5F
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:32:88:92:70:c5:18:52:d3:09:74:c2:0d:45:a4:87:50:5d:
         ee:e8:2e:c0:aa:1c:09:88:23:c3:53:84:85:13:d5:07:a1:68:
         e7:d3:3a:6e:e7:0a:90:a0:c1:52:78:a9:40:36:4d:36:ce:34:
         fd:b2:39:35:53:f9:5b:29:a3:88:02:42:ba:9d:32:8f:6c:64:
         80:eb:ff:89:06:29:a2:30:d4:8c:ca:45:f6:63:a5:92:29:72:
         0c:b4:a8:99:33:cf:fb:39:d2:72:7d:ec:82:f3:da:cf:56:72:
         f7:6c:de:63:a6:64:08:e6:2f:10:ad:86:df:ce:bc:05:b0:71:
         b5:df:2b:70:f9:05:dd:da:7b:52:7b:92:2e:b9:fe:a2:fd:35:
         de:e5:03:f9:aa:d1:12:4d:c0:ad:c4:22:f4:ab:da:21:df:c0:
         f6:54:5b:ff:bc:90:a1:9c:de:b2:87:aa:01:5c:ae:3e:52:5b:
         49:7a:58:69:42:2b:ad:20:f9:62:15:a2:c9:c5:95:ac:a3:f0:
         fc:04:b9:05:d7:7b:4b:76:a9:b5:bf:c8:2b:2e:48:88:48:91:
         5f:d1:07:dc:26:37:9e:dd:ff:c1:62:79:4f:f5:30:5b:8f:20:
         65:88:a7:b1:6e:01:b9:34:3f:4a:dc:dc:91:13:54:1c:76:24:
         32:af:fd:d7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUHF4mZEkll2Vq0PX74LbjS+TTdEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4MzFaFw0yNTAyMDUxMjMzMzFaMDMxMTAvBgNV
BAMTKDQyODJDQUI1RTg3NjQ4NTBBNEU3NjIxM0ExMUUyRjQyNTkxOUU5NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8j787IHOl3cuMPgf86ZNFWjYo
SzeMPwps0UPols0FX9AjvyeMU1u3Ctv9Mv39aBBAh3xWib45RhpmptSf41mwuqWp
/1tSotk6xw4zRjIVV/O66YxC/MaYKSbTutr3QIuBayo93esT+vSTLHUl72s60c52
ck0OlfjrJRQ4KbGMnOvuFTJQGX688W30TBBBIV5HDHn5X1M6y+rmrYvaazHQJKl2
E/lFcOF3WN2hJ1lg2ZPOIMGCu4QRp/v+ez6H5f/XNPXlYvRRVC2cj+WJhXcKn1wu
qwMn1dMgP5d7rBlzri1gb6w4nUz99wkf3b9WhYCbUJgLhflrMR20zfQe57DBAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUQoLKteh2SFCk52IToR4vQlkZ6V8wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDM4MmUzMTMz
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtlIkwDQYJKoZIhvcNAQELBQADggEBAAgyiJJwxRhS0wl0wg1FpIdQXe7oLsCq
HAmII8NThIUT1QehaOfTOm7nCpCgwVJ4qUA2TTbONP2yOTVT+Vspo4gCQrqdMo9s
ZIDr/4kGKaIw1IzKRfZjpZIpcgy0qJkzz/s50nJ97ILz2s9Wcvds3mOmZAjmLxCt
ht/OvAWwcbXfK3D5Bd3ae1J7ki65/qL9Nd7lA/mq0RJNwK3EIvSr2iHfwPZUW/+8
kKGc3rKHqgFcrj5SW0l6WGlCK60g+WIVosnFlayj8PwEuQXXe0t2qbW/yCsuSIhI
kV/RB9wmN57d/8FieU/1MFuPIGWIp7FuAbk0P0rc3JETVBx2JDKv/dc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org