Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e34342e302f32342d3234203d3e203437353833.roa
File:                     34352e3135322e34342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          TOBqB6czOjesX8Xesz2YhNaEBX1jgy+71o5wSCgwm60=
Subject key identifier:   55:A4:8A:71:58:3F:7E:3A:A6:72:77:E6:27:F4:5E:74:F4:44:D6:90
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       257F694457604EE1A87CB458ECB16562EB409E28
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e34342e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:22 +0000
ROA not before:           Mon 26 Feb 2024 08:48:22 +0000
ROA not after:            Mon 24 Feb 2025 08:53:22 +0000
asID:                     47583
IP address blocks:        45.152.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:7f:69:44:57:60:4e:e1:a8:7c:b4:58:ec:b1:65:62:eb:40:9e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:22 2024 GMT
            Not After : Feb 24 08:53:22 2025 GMT
        Subject: CN=55A48A71583F7E3AA67277E627F45E74F444D690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:66:18:4d:2c:60:b7:9e:d0:27:1c:fe:c5:
                    95:e5:26:5a:9a:af:2e:5c:cf:3a:a0:66:27:5f:3f:
                    99:54:07:14:53:7e:e7:70:aa:de:54:7d:e7:ea:b3:
                    df:ee:7a:45:f7:91:4b:92:b2:78:ea:d5:8e:93:f2:
                    1a:73:b6:b4:70:07:91:08:8e:32:84:4d:dc:9b:82:
                    0d:4a:3d:ee:a5:f4:e2:00:db:f6:59:24:45:2d:00:
                    05:28:ac:89:7f:cc:90:ad:0d:0d:0d:31:75:fe:8b:
                    62:88:ab:24:b1:1a:b3:d8:63:4f:28:2f:da:33:dc:
                    18:d1:ff:4b:b1:b8:c3:e0:1f:71:43:c0:d4:8d:71:
                    9a:09:3d:24:46:35:77:f7:20:13:04:ff:cd:79:b4:
                    e1:a4:5d:ab:18:8a:0c:36:8f:39:37:47:f5:33:3c:
                    b0:b5:13:d9:fa:b3:ae:6a:73:9e:c8:03:f9:b3:64:
                    40:99:fa:89:5d:ab:94:d2:e9:27:3c:d2:3c:77:ef:
                    3d:5b:71:ca:06:dc:cc:55:14:0f:70:68:9f:db:8a:
                    f3:a1:a4:8c:b8:a5:c4:ca:d5:cb:b4:d0:ab:d1:b4:
                    34:c0:10:77:0e:9d:c8:6e:9f:9e:9c:6a:b0:63:a8:
                    44:34:d5:58:34:49:01:60:f6:2d:13:b7:72:28:91:
                    e7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A4:8A:71:58:3F:7E:3A:A6:72:77:E6:27:F4:5E:74:F4:44:D6:90
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e34342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:59:e7:cc:4e:be:44:43:03:6f:35:78:6d:05:ef:33:47:11:
         60:db:7c:7a:ce:8d:0f:ab:f6:5a:45:b4:70:1c:f0:a5:f6:01:
         ac:e2:ab:71:dd:46:85:a8:f8:93:70:32:0e:b5:93:d0:26:f1:
         cb:1b:86:39:08:d2:91:4a:c8:09:5e:74:47:8d:6a:b9:f1:ae:
         ff:6b:3b:b6:15:9c:34:0b:38:37:d5:96:6f:4f:da:ae:ac:5c:
         3e:0e:11:cd:23:9a:96:98:4f:16:70:02:69:eb:71:50:48:0e:
         aa:1d:94:dc:6e:55:fd:f2:08:d0:b3:39:cc:22:13:ad:46:61:
         25:32:f2:e4:f0:63:df:45:1b:d0:10:e6:5b:84:b4:9c:cc:3c:
         92:6c:ae:b9:a7:9f:ee:ab:d3:bf:9e:9a:f0:86:32:c1:da:16:
         85:5a:e0:45:5a:c3:15:fd:95:41:1d:69:7b:65:30:c4:ab:eb:
         cd:b3:08:2a:f2:1d:a5:44:8b:e7:54:81:16:9d:52:f6:84:f1:
         bf:e3:b7:7d:16:62:4f:ba:dd:bc:f8:e2:44:b7:9d:83:eb:9c:
         46:fe:8e:03:43:1b:43:9d:90:14:5d:8e:0c:6b:80:f7:3a:67:
         50:ec:25:31:69:d0:46:aa:1d:80:4a:14:54:7f:b8:be:29:36:
         26:a0:67:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJX9pRFdgTuGofLRY7LFlYutAnigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjJaFw0yNTAyMjQwODUzMjJaMDMxMTAvBgNV
BAMTKDU1QTQ4QTcxNTgzRjdFM0FBNjcyNzdFNjI3RjQ1RTc0RjQ0NEQ2OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+mmYYTSxgt57QJxz+xZXlJlqa
ry5czzqgZidfP5lUBxRTfudwqt5Ufefqs9/uekX3kUuSsnjq1Y6T8hpztrRwB5EI
jjKETdybgg1KPe6l9OIA2/ZZJEUtAAUorIl/zJCtDQ0NMXX+i2KIqySxGrPYY08o
L9oz3BjR/0uxuMPgH3FDwNSNcZoJPSRGNXf3IBME/815tOGkXasYigw2jzk3R/Uz
PLC1E9n6s65qc57IA/mzZECZ+oldq5TS6Sc80jx37z1bccoG3MxVFA9waJ/bivOh
pIy4pcTK1cu00KvRtDTAEHcOnchun56carBjqEQ01Vg0SQFg9i0Tt3Iokec/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVaSKcVg/fjqmcnfmJ/RedPRE1pAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNTMyMmUzNDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2Y
LDANBgkqhkiG9w0BAQsFAAOCAQEAgVnnzE6+REMDbzV4bQXvM0cRYNt8es6ND6v2
WkW0cBzwpfYBrOKrcd1Ghaj4k3AyDrWT0CbxyxuGOQjSkUrICV50R41qufGu/2s7
thWcNAs4N9WWb0/arqxcPg4RzSOalphPFnACaetxUEgOqh2U3G5V/fII0LM5zCIT
rUZhJTLy5PBj30Ub0BDmW4S0nMw8kmyuuaef7qvTv56a8IYywdoWhVrgRVrDFf2V
QR1pe2UwxKvrzbMIKvIdpUSL51SBFp1S9oTxv+O3fRZiT7rdvPjiRLedg+ucRv6O
A0MbQ52QFF2ODGuA9zpnUOwlMWnQRqodgEoUVH+4vik2JqBnpQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:04 2024 by rpki-client on console-fra.rpki-client.org