Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa
File:                     34352e392e3138382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          luYRHkXp6NYtpf6t07aJEaimacpvi8glhBubQEJ/GRo=
Subject key identifier:   21:D7:7C:90:A0:6B:7E:03:4E:B7:32:52:06:DA:94:F1:E0:D3:FF:02
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6F0DA629AFF5134AA6C302F114F639D5F621ADF2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     47583
IP address blocks:        45.9.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:0d:a6:29:af:f5:13:4a:a6:c3:02:f1:14:f6:39:d5:f6:21:ad:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=21D77C90A06B7E034EB7325206DA94F1E0D3FF02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9c:31:94:c9:6f:b3:ef:f0:29:c6:69:b9:2e:
                    38:11:d7:19:15:fb:3a:4f:06:03:ae:90:4b:28:53:
                    b6:a3:4b:44:7e:51:19:1b:b7:8d:47:bb:8f:fd:b3:
                    9e:13:23:ce:c2:4c:90:fb:cc:39:61:6e:f7:cb:00:
                    8b:33:3c:27:73:e5:50:0d:0f:b4:19:00:51:6c:a5:
                    d8:64:88:b8:37:69:7d:ee:ab:70:a9:3b:35:df:91:
                    4d:ff:1a:7d:ec:3c:04:ac:ab:85:10:97:34:e3:18:
                    02:e1:6f:3c:1a:b6:7b:ed:e1:74:7d:b6:4f:dc:ce:
                    5d:c1:2b:37:a2:03:6c:1d:86:38:77:6c:0a:b9:a3:
                    dd:ef:5a:31:3d:f8:15:7e:82:e0:68:df:51:2b:48:
                    19:63:aa:fd:8c:b2:89:ce:f1:93:a2:b3:b5:20:38:
                    ff:95:69:08:5e:3d:6a:91:e4:6e:8c:ad:df:87:9c:
                    88:ba:13:6f:0a:75:13:7c:7f:8b:8f:2f:1b:cc:c4:
                    88:9f:27:ae:e3:d3:67:02:98:86:fb:bf:56:80:a2:
                    b3:40:de:4b:de:85:5a:12:69:4c:db:9b:dd:72:da:
                    c5:61:d3:9d:be:0c:13:2e:b7:86:75:cc:b8:3c:b1:
                    ab:a0:df:6d:38:79:74:ad:17:9b:db:b7:0d:6b:fe:
                    cb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D7:7C:90:A0:6B:7E:03:4E:B7:32:52:06:DA:94:F1:E0:D3:FF:02
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:1d:65:be:e4:d8:d1:0b:30:02:66:45:ce:52:a2:06:76:ab:
         58:28:67:77:c0:13:ff:29:7a:d3:81:cc:f8:67:1b:c1:7d:a8:
         ba:68:5d:1e:18:ee:b3:f2:d8:29:50:a7:13:a0:63:7e:45:eb:
         1b:a9:aa:fb:96:e8:bf:56:07:de:8f:a7:d6:a6:48:86:ac:5e:
         c5:5a:b9:a6:6b:fd:a9:28:d2:32:81:5d:4f:0d:cb:c6:b2:59:
         3f:6d:b5:b4:cf:64:a0:c5:eb:23:19:a4:15:80:80:c8:7e:83:
         d5:11:d5:49:7d:5d:e5:25:8c:45:59:fa:f7:f9:de:8b:de:20:
         dc:bd:ac:c1:70:4a:7c:95:47:68:53:c0:c3:70:cd:c9:1e:b5:
         17:4b:ca:ca:28:48:f3:c4:e2:e0:b9:85:b3:f8:5d:1e:f3:e1:
         b4:1f:aa:48:2f:49:7d:21:50:17:e4:89:f9:f0:01:51:d2:3f:
         96:65:f2:eb:a6:37:4e:da:95:9c:0f:b6:a0:73:32:7c:ed:4f:
         90:93:c6:15:27:1d:2f:bd:28:26:b1:7e:7a:cc:26:3e:8b:65:
         55:77:75:75:11:59:26:47:c2:cb:fe:a5:51:3f:4e:66:d3:d9:
         2c:80:c5:47:5b:0a:69:cd:f3:b8:31:c9:4a:35:30:20:67:52:
         18:74:43:ab
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbw2mKa/1E0qmwwLxFPY51fYhrfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKDIxRDc3QzkwQTA2QjdFMDM0RUI3MzI1MjA2REE5NEYxRTBEM0ZGMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpnDGUyW+z7/Apxmm5LjgR1xkV
+zpPBgOukEsoU7ajS0R+URkbt41Hu4/9s54TI87CTJD7zDlhbvfLAIszPCdz5VAN
D7QZAFFspdhkiLg3aX3uq3CpOzXfkU3/Gn3sPASsq4UQlzTjGALhbzwatnvt4XR9
tk/czl3BKzeiA2wdhjh3bAq5o93vWjE9+BV+guBo31ErSBljqv2MsonO8ZOis7Ug
OP+VaQhePWqR5G6Mrd+HnIi6E28KdRN8f4uPLxvMxIifJ67j02cCmIb7v1aAorNA
3kvehVoSaUzbm91y2sVh052+DBMut4Z1zLg8saug3204eXStF5vbtw1r/stNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIdd8kKBrfgNOtzJSBtqU8eDT/wIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkyZTMxMzgzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItCbww
DQYJKoZIhvcNAQELBQADggEBABodZb7k2NELMAJmRc5SogZ2q1goZ3fAE/8petOB
zPhnG8F9qLpoXR4Y7rPy2ClQpxOgY35F6xupqvuW6L9WB96Pp9amSIasXsVauaZr
/ako0jKBXU8Ny8ayWT9ttbTPZKDF6yMZpBWAgMh+g9UR1Ul9XeUljEVZ+vf53ove
INy9rMFwSnyVR2hTwMNwzcketRdLysooSPPE4uC5hbP4XR7z4bQfqkgvSX0hUBfk
ifnwAVHSP5Zl8uumN07alZwPtqBzMnztT5CTxhUnHS+9KCaxfnrMJj6LZVV3dXUR
WSZHwsv+pVE/TmbT2SyAxUdbCmnN87gxyUo1MCBnUhh0Q6s=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:04 2024 by rpki-client on console-fra.rpki-client.org