Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3132382e34342e302f32322d3234203d3e20323033303631.roa
File:                     34352e3132382e34342e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          NPRoR18l49q7ht5oRHgbs05G4CdOa4o9pQdm4Eoo1Nw=
Subject key identifier:   0A:AD:1F:B9:68:DB:E1:9F:BB:57:37:80:72:68:61:28:7A:87:02:C3
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4FB0865DB2F88BC24BC13542E37EB748818EDAA4
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3132382e34342e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:41 +0000
ROA not before:           Mon 26 Feb 2024 08:47:41 +0000
ROA not after:            Mon 24 Feb 2025 08:52:41 +0000
asID:                     203061
IP address blocks:        45.128.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:b0:86:5d:b2:f8:8b:c2:4b:c1:35:42:e3:7e:b7:48:81:8e:da:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:41 2024 GMT
            Not After : Feb 24 08:52:41 2025 GMT
        Subject: CN=0AAD1FB968DBE19FBB573780726861287A8702C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4e:e4:dd:29:79:10:8e:bb:db:33:6f:6b:db:
                    8f:93:3c:dd:f2:29:c0:bb:8b:75:30:a3:84:b4:be:
                    fc:e1:3a:7c:66:b3:8b:cf:fe:45:98:fe:1e:34:ba:
                    40:90:a7:1d:89:64:dd:62:63:97:b2:2f:01:75:21:
                    ff:97:ad:d7:86:cf:1b:a9:4f:e4:32:04:d0:97:a7:
                    f2:20:dc:29:df:02:2c:bf:dc:c5:04:a4:05:e5:5a:
                    a8:16:cb:68:3a:f9:84:59:68:8e:7b:e2:00:9d:ee:
                    e0:2a:93:ed:62:e9:6d:17:c0:71:81:88:df:bf:28:
                    09:84:70:45:e1:6c:cf:ef:6b:f9:d7:8e:c2:9d:dc:
                    74:8c:c8:57:22:0a:ec:e8:52:53:86:e4:23:da:f2:
                    08:f5:ec:1b:f0:0f:4b:9b:32:e8:78:f5:fd:e3:a0:
                    39:85:9d:e9:99:fb:fd:72:de:d7:22:b7:12:47:c3:
                    c3:d7:5f:8d:f5:ab:6f:a9:95:0a:60:bd:2f:11:5c:
                    9b:4f:a7:64:52:fb:e3:cf:45:25:7c:6c:69:3c:78:
                    c0:d5:26:19:12:2f:71:8e:06:a9:58:42:6f:5f:89:
                    d8:58:ee:e7:b6:22:42:e1:05:f0:6c:6b:66:b9:36:
                    ed:f0:58:2f:f1:54:4e:6d:f3:ac:ab:63:b9:35:35:
                    d0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:AD:1F:B9:68:DB:E1:9F:BB:57:37:80:72:68:61:28:7A:87:02:C3
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3132382e34342e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:99:0f:00:bc:55:73:da:37:1a:ff:f0:dd:0d:53:2b:44:19:
         ba:cb:4d:f7:ce:31:2f:99:6e:e6:6b:a0:2b:e4:27:f6:81:b5:
         f1:60:55:f9:82:a6:34:ce:ab:1d:0e:73:a2:ef:f8:dc:84:20:
         9c:ad:4d:90:c1:71:2b:7e:64:08:ab:c5:56:4c:64:3b:e0:a9:
         8d:03:5f:20:4c:3b:37:55:b8:5b:1e:3d:e5:92:bf:0c:ed:7b:
         b7:07:5e:33:55:cb:c7:45:f4:26:14:f2:49:4d:5a:8c:87:b4:
         b5:79:3d:43:6a:6b:73:a6:94:3f:12:cb:7d:04:50:cc:cc:fc:
         75:e9:81:9f:20:23:76:2e:cc:cb:d5:85:52:96:78:07:b6:0d:
         6e:af:58:a1:9f:bf:7f:8f:04:52:e4:ed:da:c5:76:50:ff:65:
         f4:93:f3:8c:07:27:4f:6e:a3:1d:ad:4d:87:9b:78:29:0a:9d:
         37:67:6b:55:c9:dc:e4:47:2f:c0:e6:52:34:5f:c2:e5:65:f6:
         7b:e5:45:87:0b:d2:b9:99:fb:77:94:b9:46:3d:69:75:3f:92:
         cd:e6:03:29:4c:c5:5b:85:a9:65:39:07:2f:5c:94:01:6c:f9:
         27:a1:e1:1e:3b:c4:8e:31:9c:02:a5:23:29:69:38:da:4f:95:
         e2:01:74:2a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUT7CGXbL4i8JLwTVC4363SIGO2qQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDFaFw0yNTAyMjQwODUyNDFaMDMxMTAvBgNV
BAMTKDBBQUQxRkI5NjhEQkUxOUZCQjU3Mzc4MDcyNjg2MTI4N0E4NzAyQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChTuTdKXkQjrvbM29r24+TPN3y
KcC7i3Uwo4S0vvzhOnxms4vP/kWY/h40ukCQpx2JZN1iY5eyLwF1If+XrdeGzxup
T+QyBNCXp/Ig3CnfAiy/3MUEpAXlWqgWy2g6+YRZaI574gCd7uAqk+1i6W0XwHGB
iN+/KAmEcEXhbM/va/nXjsKd3HSMyFciCuzoUlOG5CPa8gj17BvwD0ubMuh49f3j
oDmFnemZ+/1y3tcitxJHw8PXX431q2+plQpgvS8RXJtPp2RS++PPRSV8bGk8eMDV
JhkSL3GOBqlYQm9fidhY7ue2IkLhBfBsa2a5Nu3wWC/xVE5t86yrY7k1NdDLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUCq0fuWjb4Z+7VzeAcmhhKHqHAsMwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMjM4MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMDMzMzAzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LYAsMA0GCSqGSIb3DQEBCwUAA4IBAQA1mQ8AvFVz2jca//DdDVMrRBm6y033zjEv
mW7ma6Ar5Cf2gbXxYFX5gqY0zqsdDnOi7/jchCCcrU2QwXErfmQIq8VWTGQ74KmN
A18gTDs3VbhbHj3lkr8M7Xu3B14zVcvHRfQmFPJJTVqMh7S1eT1DamtzppQ/Est9
BFDMzPx16YGfICN2LszL1YVSlngHtg1ur1ihn79/jwRS5O3axXZQ/2X0k/OMBydP
bqMdrU2Hm3gpCp03Z2tVydzkRy/A5lI0X8LlZfZ75UWHC9K5mft3lLlGPWl1P5LN
5gMpTMVbhallOQcvXJQBbPknoeEeO8SOMZwCpSMpaTjaT5XiAXQq
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org