Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133372e37362e302f32342d3234203d3e20313336373837.roa
File:                     34352e3133372e37362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          wfWlJrttfmm3tMRduFIdu7FPue64HZEKoFiK3LVKJw8=
Subject key identifier:   F2:10:CD:57:15:5C:BF:3A:50:4A:FE:9C:15:74:1A:00:17:81:61:DB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A93090D279FC4475D81A13F27832DDF22CC2F9B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133372e37362e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:00 +0000
ROA not before:           Fri 26 Jan 2024 18:57:00 +0000
ROA not after:            Fri 24 Jan 2025 19:02:00 +0000
asID:                     136787
IP address blocks:        45.137.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:93:09:0d:27:9f:c4:47:5d:81:a1:3f:27:83:2d:df:22:cc:2f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:00 2024 GMT
            Not After : Jan 24 19:02:00 2025 GMT
        Subject: CN=F210CD57155CBF3A504AFE9C15741A00178161DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:c2:ad:aa:98:70:1e:88:aa:a8:1c:59:f1:
                    3f:d8:60:3b:36:4b:be:aa:bc:43:c9:6d:2f:33:d1:
                    76:3a:8b:1f:02:ff:eb:41:7e:ba:0d:c2:8e:60:93:
                    76:bd:05:4a:a9:5d:97:d3:ce:68:21:50:83:2b:d7:
                    8d:be:c1:51:09:78:e0:0e:f3:de:d2:24:2c:41:e6:
                    14:c3:66:4d:b7:11:28:1c:1d:d9:fd:b2:ac:d0:e2:
                    d6:16:1a:29:8c:d9:33:07:df:0c:1a:e5:7f:df:93:
                    30:b2:25:34:91:63:2f:33:7f:f1:d0:68:38:1a:37:
                    fb:2f:eb:c4:16:8f:94:53:f0:a9:d0:60:59:0b:33:
                    03:84:2c:48:76:7f:e4:22:0c:32:f8:62:ae:03:de:
                    a9:9f:14:03:9f:43:a3:57:d7:e2:8b:e9:6d:c3:a4:
                    23:e8:6a:53:c5:86:00:4d:a6:dc:a7:83:83:3b:ff:
                    56:ca:45:1e:f9:8b:c2:3a:3e:11:d1:01:df:84:c2:
                    dd:dc:77:b3:fc:88:48:d0:c4:0d:6d:f1:d2:6c:a4:
                    40:fe:e4:54:14:38:c2:f6:62:94:81:b1:6a:d4:8f:
                    24:55:8d:83:b5:64:d1:cc:0d:69:cb:47:a6:32:1b:
                    e8:cb:3e:b8:b9:7c:2a:78:c5:9e:09:b8:02:2b:da:
                    4e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:10:CD:57:15:5C:BF:3A:50:4A:FE:9C:15:74:1A:00:17:81:61:DB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133372e37362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:78:04:db:fa:d5:8b:d4:8d:96:1c:2c:ad:c6:e1:5b:ed:60:
         db:22:ba:5f:ea:5b:1d:1c:30:06:7c:19:38:ae:70:aa:f0:72:
         6f:24:ae:e6:9a:fa:1b:cc:7b:11:e4:2e:22:09:ef:7d:35:7b:
         2a:89:bb:b2:ef:7f:f5:e4:9d:c4:29:41:96:b5:96:58:6c:65:
         15:3f:b0:0c:bf:37:24:e7:1c:61:93:8a:34:4f:8a:cf:51:14:
         97:cd:a5:aa:f9:fd:af:6c:71:4e:40:c6:2e:6f:85:7b:d6:14:
         f8:11:1d:ea:cb:00:ac:78:9d:b8:9f:5c:5f:da:7d:70:0a:13:
         11:b6:da:15:f9:98:77:6c:e9:fa:01:04:21:f1:fd:e1:4a:31:
         fa:67:03:c6:ec:3d:f0:35:6c:67:0b:54:b7:04:64:6a:15:f3:
         d2:2a:09:ad:9d:c1:c9:83:5b:6c:39:c3:74:02:39:b4:34:91:
         32:c4:3d:68:6b:b8:94:ee:db:92:c4:9c:4b:33:1f:b8:ab:3e:
         04:29:17:8f:f7:74:ed:ef:8c:21:5c:f4:35:fb:c5:8f:ef:c2:
         07:76:5e:c1:e3:e5:ec:40:d5:97:4e:49:cb:47:4f:b0:f5:42:
         a8:b3:fe:6a:b1:0a:ef:89:f7:47:6d:48:16:91:eb:59:d9:fa:
         77:1f:0d:a9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUSpMJDSefxEddgaE/J4Mt3yLML5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3MDBaFw0yNTAxMjQxOTAyMDBaMDMxMTAvBgNV
BAMTKEYyMTBDRDU3MTU1Q0JGM0E1MDRBRkU5QzE1NzQxQTAwMTc4MTYxREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgMKtqphwHoiqqBxZ8T/YYDs2
S76qvEPJbS8z0XY6ix8C/+tBfroNwo5gk3a9BUqpXZfTzmghUIMr142+wVEJeOAO
897SJCxB5hTDZk23ESgcHdn9sqzQ4tYWGimM2TMH3wwa5X/fkzCyJTSRYy8zf/HQ
aDgaN/sv68QWj5RT8KnQYFkLMwOELEh2f+QiDDL4Yq4D3qmfFAOfQ6NX1+KL6W3D
pCPoalPFhgBNptyng4M7/1bKRR75i8I6PhHRAd+Ewt3cd7P8iEjQxA1t8dJspED+
5FQUOML2YpSBsWrUjyRVjYO1ZNHMDWnLR6YyG+jLPri5fCp4xZ4JuAIr2k5XAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU8hDNVxVcvzpQSv6cFXQaABeBYdswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzM3MmUzNzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYlMMA0GCSqGSIb3DQEBCwUAA4IBAQAreATb+tWL1I2WHCytxuFb7WDbIrpf6lsd
HDAGfBk4rnCq8HJvJK7mmvobzHsR5C4iCe99NXsqibuy73/15J3EKUGWtZZYbGUV
P7AMvzck5xxhk4o0T4rPURSXzaWq+f2vbHFOQMYub4V71hT4ER3qywCseJ24n1xf
2n1wChMRttoV+Zh3bOn6AQQh8f3hSjH6ZwPG7D3wNWxnC1S3BGRqFfPSKgmtncHJ
g1tsOcN0Ajm0NJEyxD1oa7iU7tuSxJxLMx+4qz4EKReP93Tt74whXPQ1+8WP78IH
dl7B4+XsQNWXTknLR0+w9UKos/5qsQrvifdHbUgWketZ2fp3Hw2p
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:48 2024 by rpki-client on console-ams.rpki-client.org