Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e362e302f32342d3234203d3e20313336373837.roa
File:                     34352e38312e362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          03gXETW/oVaBit/WbCIQeQAPdKYFWdmC4t7wNMH9Mqw=
Subject key identifier:   E3:17:05:30:6E:97:8C:0C:6B:99:55:22:6C:ED:48:83:ED:1D:A2:D7
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       7E9765AA4DDCB504ABFF992ED977C5E3891581D4
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e362e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:42 +0000
ROA not before:           Wed 07 Feb 2024 12:28:42 +0000
ROA not after:            Wed 05 Feb 2025 12:33:42 +0000
asID:                     136787
IP address blocks:        45.81.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:97:65:aa:4d:dc:b5:04:ab:ff:99:2e:d9:77:c5:e3:89:15:81:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:42 2024 GMT
            Not After : Feb  5 12:33:42 2025 GMT
        Subject: CN=E31705306E978C0C6B9955226CED4883ED1DA2D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bb:9c:40:28:29:6b:1d:04:f4:81:04:44:9f:
                    2a:ad:6f:55:1a:3a:9c:d0:dc:29:fc:18:1d:04:47:
                    a4:de:93:08:35:99:79:59:c0:1a:f2:a4:8e:48:65:
                    af:88:2f:4d:1b:cf:59:c5:36:e3:a1:40:c4:d5:96:
                    ee:ed:e9:93:2e:55:ba:15:5b:e0:5c:8e:9c:9b:5f:
                    49:8e:8b:d7:ec:c5:b2:23:f0:92:01:7d:13:94:0c:
                    82:85:49:29:ac:aa:5a:e7:6f:fe:a6:47:02:f1:fc:
                    5c:d3:bb:0b:95:b1:52:b8:e2:58:dd:e5:91:be:be:
                    7a:70:2f:f5:90:e9:6e:96:15:c3:c3:14:ae:47:de:
                    23:3c:0d:e3:8a:0b:d9:0d:20:d7:fa:aa:63:e4:a7:
                    0b:86:39:da:f2:3e:03:46:41:dc:50:9d:05:65:7e:
                    af:79:a7:81:5b:16:3b:dd:35:e4:ca:96:23:f9:30:
                    35:85:f4:40:f3:ab:29:b2:af:aa:45:d2:db:fd:c4:
                    52:5d:0e:0f:23:ca:77:b5:5e:b3:4e:72:b4:27:23:
                    82:ea:5e:d3:07:f1:af:97:10:07:51:8a:e1:ed:84:
                    e4:92:58:68:60:a5:46:b2:de:cd:ad:4c:12:aa:a3:
                    64:85:25:83:5c:e4:0e:a2:42:05:07:e4:6a:64:31:
                    7b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:17:05:30:6E:97:8C:0C:6B:99:55:22:6C:ED:48:83:ED:1D:A2:D7
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:53:47:ab:1e:cd:db:82:e1:0e:49:21:f4:a7:d8:ba:c0:fd:
         32:17:83:73:e5:9f:d2:18:46:0f:2e:cc:18:ff:90:c8:4b:05:
         3d:c8:ad:ba:80:f0:25:d3:4b:a5:0c:58:9f:3b:a5:fd:9d:2d:
         44:be:2a:7f:f0:56:a2:0d:ae:2c:2a:02:78:df:48:b6:2a:68:
         f8:03:cb:81:2b:cc:29:aa:e6:30:78:f7:89:40:21:fb:4a:be:
         d4:9a:5b:37:77:2d:c4:44:75:27:2f:97:47:04:88:a4:fb:bf:
         ed:25:1e:d8:c0:e6:6c:0d:f0:9a:27:51:29:76:19:9f:6a:f7:
         dd:0b:ce:17:cd:a1:e0:d5:5c:46:05:b4:a2:fb:c0:b1:1b:b5:
         dd:59:a2:4b:bc:ff:d6:40:00:5a:20:f8:1f:7c:0a:95:07:8f:
         1f:88:d1:55:27:aa:fb:cc:14:a4:6a:1b:46:e2:4e:a6:7f:5a:
         28:27:95:59:2f:37:bb:66:0e:d8:a7:33:d0:a7:e0:ea:07:48:
         73:82:1d:b8:c7:f4:37:f3:4b:04:fd:30:b5:ec:70:62:fb:5e:
         1c:2e:ec:0c:91:41:8d:2b:ea:b0:84:1d:97:5c:53:65:51:e7:
         33:14:c8:08:40:a7:b8:9f:ba:cb:2e:5e:54:55:ef:73:99:80:
         ea:88:d7:16
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfpdlqk3ctQSr/5ku2XfF44kVgdQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDJaFw0yNTAyMDUxMjMzNDJaMDMxMTAvBgNV
BAMTKEUzMTcwNTMwNkU5NzhDMEM2Qjk5NTUyMjZDRUQ0ODgzRUQxREEyRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKu5xAKClrHQT0gQREnyqtb1Ua
OpzQ3Cn8GB0ER6Tekwg1mXlZwBrypI5IZa+IL00bz1nFNuOhQMTVlu7t6ZMuVboV
W+BcjpybX0mOi9fsxbIj8JIBfROUDIKFSSmsqlrnb/6mRwLx/FzTuwuVsVK44ljd
5ZG+vnpwL/WQ6W6WFcPDFK5H3iM8DeOKC9kNINf6qmPkpwuGOdryPgNGQdxQnQVl
fq95p4FbFjvdNeTKliP5MDWF9EDzqymyr6pF0tv9xFJdDg8jyne1XrNOcrQnI4Lq
XtMH8a+XEAdRiuHthOSSWGhgpUay3s2tTBKqo2SFJYNc5A6iQgUH5GpkMXvnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4xcFMG6XjAxrmVUibO1Ig+0dotcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzMTJlMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUQYw
DQYJKoZIhvcNAQELBQADggEBAGRTR6sezduC4Q5JIfSn2LrA/TIXg3Pln9IYRg8u
zBj/kMhLBT3IrbqA8CXTS6UMWJ87pf2dLUS+Kn/wVqINriwqAnjfSLYqaPgDy4Er
zCmq5jB494lAIftKvtSaWzd3LcREdScvl0cEiKT7v+0lHtjA5mwN8JonUSl2GZ9q
990LzhfNoeDVXEYFtKL7wLEbtd1Zoku8/9ZAAFog+B98CpUHjx+I0VUnqvvMFKRq
G0biTqZ/WignlVkvN7tmDtinM9Cn4OoHSHOCHbjH9DfzSwT9MLXscGL7Xhwu7AyR
QY0r6rCEHZdcU2VR5zMUyAhAp7ifussuXlRV73OZgOqI1xY=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:44 2024 by rpki-client on console-ams.rpki-client.org