Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38352e3134342e302f32342d3234203d3e20313431303339.roa
File:                     34352e38352e3134342e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          Pcbh5uRa45wK/yKVsdDYguHJy5bqtxefW3sMseR5Vxw=
Subject key identifier:   12:10:FF:91:40:52:E9:F5:15:32:CE:5C:D7:17:4E:DC:DE:5C:DF:B8
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       530612F4C6150F7FB7BFF57D6F24AB9A9DCBA64A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38352e3134342e302f32342d3234203d3e20313431303339.roa
Signing time:             Mon 26 Feb 2024 08:52:54 +0000
ROA not before:           Mon 26 Feb 2024 08:47:54 +0000
ROA not after:            Mon 24 Feb 2025 08:52:54 +0000
asID:                     141039
IP address blocks:        45.85.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:06:12:f4:c6:15:0f:7f:b7:bf:f5:7d:6f:24:ab:9a:9d:cb:a6:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:54 2024 GMT
            Not After : Feb 24 08:52:54 2025 GMT
        Subject: CN=1210FF914052E9F51532CE5CD7174EDCDE5CDFB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:1b:9e:46:dc:e0:e9:98:da:87:35:b8:33:
                    89:29:96:80:ce:07:71:7b:1b:67:97:02:c7:fd:a3:
                    23:d4:24:21:a4:98:d3:15:a0:c2:4a:52:bb:37:7a:
                    30:03:ef:4e:c1:6e:45:3c:f8:f7:e4:45:71:94:1a:
                    25:0e:bd:30:32:ff:81:9e:6a:1b:5d:b7:f0:70:4e:
                    b7:b0:20:79:4d:6d:88:10:5d:81:8c:91:74:44:06:
                    08:af:2d:9e:5a:0e:ea:66:dc:22:8d:30:92:7d:73:
                    12:65:3a:d2:08:98:5b:84:4b:92:3f:37:0b:1b:c3:
                    01:1c:05:46:c5:08:43:a0:06:28:bd:8e:05:bb:63:
                    dd:30:1f:ef:87:d3:1e:d2:2e:c8:15:eb:11:87:48:
                    81:b3:f6:e6:16:2a:5a:11:fb:1f:f9:30:ff:92:9f:
                    39:d6:dd:c5:46:05:76:02:c4:65:6d:6c:f5:08:b2:
                    2c:2d:73:df:9f:6b:c3:0c:92:4d:0b:e2:ab:71:95:
                    12:bb:48:f4:08:6f:33:e9:42:98:ad:29:73:00:75:
                    3c:8f:cd:02:16:5c:d4:ce:0d:f5:11:ca:1e:6f:7c:
                    d6:c8:95:ab:5b:35:6c:d8:64:63:9c:ee:8a:da:14:
                    4e:57:16:73:a3:7a:08:ca:30:73:c6:53:fa:f7:35:
                    9b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:10:FF:91:40:52:E9:F5:15:32:CE:5C:D7:17:4E:DC:DE:5C:DF:B8
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38352e3134342e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:a7:32:ca:21:32:c2:40:85:86:01:1a:55:12:ff:ba:be:f7:
         51:27:c7:ff:3a:12:61:4d:f8:25:3b:83:0d:4c:a2:2d:35:d9:
         9d:3c:31:be:b1:3b:9b:ed:42:bf:fb:d8:21:5f:2a:4a:d0:42:
         cd:87:7b:53:0f:d2:db:81:19:58:98:d5:ae:fe:48:95:f7:fe:
         8d:9b:4e:83:8c:72:2b:57:33:d4:22:de:7b:ae:7f:55:91:4f:
         b5:32:08:2c:de:70:d8:ee:e7:cf:61:eb:15:de:4a:08:92:82:
         fd:37:45:fe:d5:fd:e9:20:3d:e2:3b:96:64:c9:1b:04:73:56:
         d4:cc:80:77:a0:2c:f9:05:10:0b:1b:13:03:1a:2b:6a:eb:94:
         72:1d:c2:46:87:90:51:89:5d:21:4f:d3:bf:d9:35:1a:2f:8c:
         fc:91:22:f2:38:42:c1:3a:d4:eb:21:1b:65:f5:9c:4a:eb:a3:
         d9:c9:86:60:b6:df:55:df:0a:b0:f7:d1:bd:c3:73:9b:a1:d7:
         75:4e:3b:97:d7:c6:ec:36:42:01:b3:66:4b:f7:a0:85:b9:07:
         f4:93:c1:90:12:4c:93:7b:2c:c5:3e:cb:3e:c4:14:9f:b8:90:
         e2:e6:89:2c:48:eb:4b:75:c7:e6:7b:2a:ba:6a:0d:f8:05:83:
         8d:6f:34:4a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUUwYS9MYVD3+3v/V9bySrmp3LpkowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTRaFw0yNTAyMjQwODUyNTRaMDMxMTAvBgNV
BAMTKDEyMTBGRjkxNDA1MkU5RjUxNTMyQ0U1Q0Q3MTc0RURDREU1Q0RGQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE4BueRtzg6ZjahzW4M4kploDO
B3F7G2eXAsf9oyPUJCGkmNMVoMJKUrs3ejAD707BbkU8+PfkRXGUGiUOvTAy/4Ge
ahtdt/BwTrewIHlNbYgQXYGMkXREBgivLZ5aDupm3CKNMJJ9cxJlOtIImFuES5I/
NwsbwwEcBUbFCEOgBii9jgW7Y90wH++H0x7SLsgV6xGHSIGz9uYWKloR+x/5MP+S
nznW3cVGBXYCxGVtbPUIsiwtc9+fa8MMkk0L4qtxlRK7SPQIbzPpQpitKXMAdTyP
zQIWXNTODfURyh5vfNbIlatbNWzYZGOc7oraFE5XFnOjegjKMHPGU/r3NZtzAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUEhD/kUBS6fUVMs5c1xdO3N5c37gwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzNTJlMzEzNDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDMxMzAzMzM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LVWQMA0GCSqGSIb3DQEBCwUAA4IBAQAkpzLKITLCQIWGARpVEv+6vvdRJ8f/OhJh
TfglO4MNTKItNdmdPDG+sTub7UK/+9ghXypK0ELNh3tTD9LbgRlYmNWu/kiV9/6N
m06DjHIrVzPUIt57rn9VkU+1Mggs3nDY7ufPYesV3koIkoL9N0X+1f3pID3iO5Zk
yRsEc1bUzIB3oCz5BRALGxMDGitq65RyHcJGh5BRiV0hT9O/2TUaL4z8kSLyOELB
OtTrIRtl9ZxK66PZyYZgtt9V3wqw99G9w3Obodd1TjuX18bsNkIBs2ZL96CFuQf0
k8GQEkyTeyzFPss+xBSfuJDi5oksSOtLdcfmeyq6ag34BYONbzRK
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org