Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133382e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134382e3133382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          NnqIT3aO1SS1msdOC+z6j91cIi5t0A4GilQUzSLDZOw=
Subject key identifier:   99:8D:5D:8B:DF:53:20:3B:2C:CB:2C:71:30:C2:6F:75:2A:CA:E9:FD
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       26B770F3BE01B5723B7EC2243DBF2C800B987178
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133382e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:32 +0000
ROA not before:           Wed 07 Feb 2024 12:28:32 +0000
ROA not after:            Wed 05 Feb 2025 12:33:32 +0000
asID:                     136787
IP address blocks:        45.148.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:b7:70:f3:be:01:b5:72:3b:7e:c2:24:3d:bf:2c:80:0b:98:71:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:32 2024 GMT
            Not After : Feb  5 12:33:32 2025 GMT
        Subject: CN=998D5D8BDF53203B2CCB2C7130C26F752ACAE9FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:95:d5:b0:fd:ba:81:fb:54:e9:2e:a2:f5:cc:
                    0c:8c:6e:c6:fe:af:91:1b:61:65:ba:54:12:e6:cd:
                    8a:9d:eb:f8:47:f9:63:69:2f:b4:a8:e7:60:4d:5f:
                    23:89:36:36:32:50:83:8c:c5:c9:34:6a:ed:11:3c:
                    f8:d3:1c:d0:f7:84:4b:8b:42:2d:b4:f0:25:42:3e:
                    fe:6a:5c:73:af:87:0a:f7:1d:08:f9:93:90:b2:75:
                    74:08:01:87:7e:0b:d0:8f:b2:df:95:8c:1c:dc:03:
                    b5:6d:e8:99:67:7d:46:8b:30:71:04:a3:99:f2:4e:
                    0d:b4:84:79:2e:e1:c7:ee:1a:1b:07:91:30:6c:0b:
                    48:5c:32:e0:43:7b:d2:7c:dc:62:50:fc:96:4e:94:
                    30:93:a0:5b:1e:40:ae:d1:19:be:d6:e4:66:9b:98:
                    a8:ad:8d:91:b2:a8:83:d6:c6:44:de:12:b4:da:4c:
                    4a:ea:62:e0:80:9a:08:bc:5a:77:87:86:2e:54:bb:
                    b2:12:e0:8b:2f:e3:54:41:31:3f:5e:f3:dd:0e:03:
                    ba:92:ab:05:40:6d:1e:e5:60:7f:e4:74:43:ba:64:
                    16:49:fc:13:5d:fd:b6:9f:96:24:fe:0f:58:14:e5:
                    6d:a9:c3:6e:2a:f1:a8:3f:c7:cd:d8:82:db:91:2a:
                    51:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:8D:5D:8B:DF:53:20:3B:2C:CB:2C:71:30:C2:6F:75:2A:CA:E9:FD
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134382e3133382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ad:16:22:ea:35:3f:89:16:b0:bf:65:1f:11:7e:74:cf:bd:
         19:65:a6:58:c2:91:2a:07:08:90:4c:65:46:1a:96:35:86:43:
         e8:c4:91:4d:d1:83:db:52:37:ad:8b:93:84:a9:3d:d8:90:a1:
         04:90:39:4e:63:77:15:ce:76:e9:7e:d9:3d:fd:c1:5b:02:ac:
         1f:04:15:80:1d:5d:d3:2f:85:af:a0:02:a3:08:1a:2a:ab:bb:
         2e:eb:c9:0c:e8:5a:5e:f9:b7:3e:29:b7:4a:c7:c5:0a:ac:a7:
         66:c3:2d:69:87:04:80:55:ab:5c:48:fe:ad:c1:3a:ea:eb:34:
         04:67:a3:4a:e4:9e:c1:6d:53:bb:a1:46:19:77:c5:62:e5:d9:
         b7:6f:68:3c:c0:69:31:be:76:c2:1b:e3:df:b0:c5:3a:7c:7d:
         cc:5e:92:46:e4:4f:f4:03:ce:2a:05:a2:c9:fb:8c:25:a5:e4:
         b6:ac:3a:c9:52:c6:2b:52:1a:6b:71:02:9a:7e:03:b5:ee:c7:
         6e:12:68:5f:ad:49:56:34:d3:9b:eb:14:ef:35:2e:1d:6d:5f:
         42:14:93:f5:86:0d:35:8a:f8:87:ad:d8:1a:b0:a3:0d:b9:88:
         a8:75:5e:6f:cf:f9:2f:d3:84:26:48:f7:fd:8c:5e:b1:ce:34:
         18:c0:4b:5b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUJrdw874BtXI7fsIkPb8sgAuYcXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4MzJaFw0yNTAyMDUxMjMzMzJaMDMxMTAvBgNV
BAMTKDk5OEQ1RDhCREY1MzIwM0IyQ0NCMkM3MTMwQzI2Rjc1MkFDQUU5RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ldWw/bqB+1TpLqL1zAyMbsb+
r5EbYWW6VBLmzYqd6/hH+WNpL7So52BNXyOJNjYyUIOMxck0au0RPPjTHND3hEuL
Qi208CVCPv5qXHOvhwr3HQj5k5CydXQIAYd+C9CPst+VjBzcA7Vt6JlnfUaLMHEE
o5nyTg20hHku4cfuGhsHkTBsC0hcMuBDe9J83GJQ/JZOlDCToFseQK7RGb7W5Gab
mKitjZGyqIPWxkTeErTaTErqYuCAmgi8WneHhi5Uu7IS4Isv41RBMT9e890OA7qS
qwVAbR7lYH/kdEO6ZBZJ/BNd/bafliT+D1gU5W2pw24q8ag/x83YgtuRKlEpAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUmY1di99TIDssyyxxMMJvdSrK6f0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDM4MmUzMTMz
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtlIowDQYJKoZIhvcNAQELBQADggEBAImtFiLqNT+JFrC/ZR8RfnTPvRllpljC
kSoHCJBMZUYaljWGQ+jEkU3Rg9tSN62Lk4SpPdiQoQSQOU5jdxXOdul+2T39wVsC
rB8EFYAdXdMvha+gAqMIGiqruy7ryQzoWl75tz4pt0rHxQqsp2bDLWmHBIBVq1xI
/q3BOurrNARno0rknsFtU7uhRhl3xWLl2bdvaDzAaTG+dsIb49+wxTp8fcxekkbk
T/QDzioFosn7jCWl5LasOslSxitSGmtxApp+A7Xux24SaF+tSVY005vrFO81Lh1t
X0IUk/WGDTWK+Iet2Bqwow25iKh1Xm/P+S/ThCZI9/2MXrHONBjAS1s=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org