Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232302e302f32342d3234203d3e20323031333431.roa
File:                     34352e36372e3232302e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          YP+5opOwsSASZtBTf9dF0Tz6YSj0pFDo31r7r10QuPk=
Subject key identifier:   69:FD:0D:42:3E:54:4C:00:B9:F3:97:B6:D6:ED:8D:E9:75:9E:35:04
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       36E6455DC6A7C382AFEDB1B833B136C4E621F772
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232302e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:52:47 +0000
ROA not before:           Mon 26 Feb 2024 08:47:47 +0000
ROA not after:            Mon 24 Feb 2025 08:52:47 +0000
asID:                     201341
IP address blocks:        45.67.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:e6:45:5d:c6:a7:c3:82:af:ed:b1:b8:33:b1:36:c4:e6:21:f7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:47 2024 GMT
            Not After : Feb 24 08:52:47 2025 GMT
        Subject: CN=69FD0D423E544C00B9F397B6D6ED8DE9759E3504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:07:38:ca:a3:f1:29:cf:b5:d3:02:b4:5a:80:
                    0d:c7:46:59:cd:f7:32:30:4d:a1:59:c6:a4:fb:ba:
                    17:87:19:e9:0a:26:cf:12:f1:c7:7b:49:16:9e:8f:
                    62:91:c9:f2:7a:e1:a9:6b:44:6a:dc:3d:1a:2b:69:
                    f9:5b:50:c9:08:37:a0:31:22:e4:b9:f1:de:fb:b3:
                    41:f8:60:f6:e7:6b:84:49:f9:c1:15:70:da:e5:ef:
                    f2:7c:94:bb:63:1a:bf:68:2d:29:35:f0:d6:45:3b:
                    4e:b8:7d:0e:00:11:77:94:89:9a:c0:77:fe:4f:dd:
                    50:7f:72:cb:2c:50:ff:8d:93:f9:ad:a7:96:a5:20:
                    d0:89:6d:b8:9d:ce:8e:ce:c5:a1:97:47:4e:3b:c3:
                    b3:0e:10:16:c6:ff:b2:70:da:1c:86:41:64:c7:9b:
                    6b:46:6c:25:9e:25:5a:94:55:fa:54:cf:30:8e:18:
                    57:e0:1b:a7:b6:43:26:f2:c4:21:1d:43:8d:96:60:
                    6b:85:3e:a7:7a:eb:6f:60:7f:53:4b:0a:e6:00:e6:
                    de:af:52:48:60:b0:b4:66:3a:f7:b8:ba:04:fd:f8:
                    53:3b:ee:e5:c5:39:26:e6:3e:14:0a:e7:ab:47:f5:
                    a1:31:49:c0:d1:3a:e2:dd:3c:6c:d2:3b:ac:9a:3d:
                    4d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FD:0D:42:3E:54:4C:00:B9:F3:97:B6:D6:ED:8D:E9:75:9E:35:04
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232302e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:2b:b0:64:8d:5d:2b:b9:61:7d:00:35:af:48:35:83:d2:ca:
         37:73:46:38:eb:15:44:45:89:ee:59:8b:9a:aa:08:c0:1d:21:
         29:57:ad:aa:60:f0:26:06:46:11:82:db:c0:49:ac:bc:43:66:
         02:0b:31:c2:a7:18:ee:bf:0a:b4:11:7c:37:a6:24:20:05:d0:
         ab:90:6d:16:c5:f2:3e:35:a6:af:cf:e6:d7:10:13:eb:c8:1d:
         96:ed:4d:47:51:ee:74:28:c5:fb:65:b3:ed:60:c5:fe:9a:5d:
         dc:ce:3f:38:a6:90:e3:25:10:47:3b:1c:85:ae:93:40:6e:5b:
         97:aa:d2:ff:e1:6f:97:9b:7f:e9:b2:1e:87:38:f4:1e:7b:22:
         6d:0e:1a:84:02:f4:06:e2:c2:98:e4:0c:23:59:ea:ba:1a:fa:
         39:84:ac:c9:b9:29:0d:b9:92:93:e8:04:19:8b:b2:90:c4:7a:
         fa:77:09:57:9a:8b:ea:67:43:8c:45:f5:39:35:2f:35:c3:1c:
         de:bf:47:ac:ff:b9:b4:20:7c:b6:81:99:f9:da:c9:5b:66:cd:
         96:4e:a2:55:9a:64:74:68:16:9c:76:b7:6e:9a:e5:aa:93:d0:
         03:14:36:60:42:4c:df:5a:73:8b:8e:a6:65:45:dc:35:7a:ca:
         83:8c:86:72
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUNuZFXcanw4Kv7bG4M7E2xOYh93IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDdaFw0yNTAyMjQwODUyNDdaMDMxMTAvBgNV
BAMTKDY5RkQwRDQyM0U1NDRDMDBCOUYzOTdCNkQ2RUQ4REU5NzU5RTM1MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/BzjKo/Epz7XTArRagA3HRlnN
9zIwTaFZxqT7uheHGekKJs8S8cd7SRaej2KRyfJ64alrRGrcPRoraflbUMkIN6Ax
IuS58d77s0H4YPbna4RJ+cEVcNrl7/J8lLtjGr9oLSk18NZFO064fQ4AEXeUiZrA
d/5P3VB/csssUP+Nk/mtp5alINCJbbidzo7OxaGXR047w7MOEBbG/7Jw2hyGQWTH
m2tGbCWeJVqUVfpUzzCOGFfgG6e2QybyxCEdQ42WYGuFPqd6629gf1NLCuYA5t6v
UkhgsLRmOve4ugT9+FM77uXFOSbmPhQK56tH9aExScDROuLdPGzSO6yaPU1jAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUaf0NQj5UTAC585e21u2N6XWeNQQwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzYzNzJlMzIzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMxMzMzNDMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LUPcMA0GCSqGSIb3DQEBCwUAA4IBAQBFK7BkjV0ruWF9ADWvSDWD0so3c0Y46xVE
RYnuWYuaqgjAHSEpV62qYPAmBkYRgtvASay8Q2YCCzHCpxjuvwq0EXw3piQgBdCr
kG0WxfI+Naavz+bXEBPryB2W7U1HUe50KMX7ZbPtYMX+ml3czj84ppDjJRBHOxyF
rpNAbluXqtL/4W+Xm3/psh6HOPQeeyJtDhqEAvQG4sKY5AwjWeq6Gvo5hKzJuSkN
uZKT6AQZi7KQxHr6dwlXmovqZ0OMRfU5NS81wxzev0es/7m0IHy2gZn52slbZs2W
TqJVmmR0aBacdrdumuWqk9ADFDZgQkzfWnOLjqZlRdw1esqDjIZy
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:14 2024 by rpki-client on console-fra.rpki-client.org