Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132302e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134312e3132302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          uKHKWarJnte5YpejJpJPgKQ6XO2auet6w1Wlug88vjk=
Subject key identifier:   B1:EE:9B:C7:B8:66:B1:05:1A:87:AB:55:6C:6B:3E:A8:B8:94:0B:A3
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       774EA7BA2C1997EA2B6D170287DCF4690F87C011
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 01 Feb 2025 22:45:35 +0000
ROA not before:           Sat 01 Feb 2025 22:40:35 +0000
ROA not after:            Sat 31 Jan 2026 22:45:35 +0000
asID:                     136787
IP address blocks:        45.141.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:4e:a7:ba:2c:19:97:ea:2b:6d:17:02:87:dc:f4:69:0f:87:c0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb  1 22:40:35 2025 GMT
            Not After : Jan 31 22:45:35 2026 GMT
        Subject: CN=B1EE9BC7B866B1051A87AB556C6B3EA8B8940BA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:66:54:4a:73:25:66:3c:05:e3:12:7d:c0:52:
                    7e:c7:fd:3a:4e:d2:c2:99:2c:d2:2a:65:97:86:2a:
                    06:38:24:3d:d5:75:32:25:60:46:6f:31:24:5d:31:
                    d3:af:93:bd:a3:ec:bc:fb:77:e6:b6:d6:a8:d5:50:
                    31:b0:da:5c:95:37:03:c1:27:8d:b1:99:a4:bf:08:
                    07:e2:4f:d0:32:ad:50:b8:0b:e3:b1:98:92:c0:2d:
                    c5:7f:df:2e:2f:ea:87:a1:8c:30:06:0a:55:05:59:
                    00:c9:34:c7:7b:fa:30:6d:d9:23:d0:3d:e5:d3:82:
                    0a:33:4f:08:22:a3:46:54:92:d4:9f:17:3a:73:4d:
                    b0:b6:7c:e9:8b:13:88:42:63:ae:37:13:07:82:99:
                    99:95:db:37:92:4e:b7:0b:b9:27:5e:73:28:6d:a5:
                    0d:87:08:a6:35:97:a2:00:f6:b9:ae:4a:50:68:d8:
                    15:65:ec:f8:a5:c7:8e:a4:6d:a0:0f:72:71:69:6e:
                    78:86:09:1a:c5:c8:64:12:7d:b8:2a:8a:23:f2:7f:
                    12:23:1c:95:3a:f5:17:9b:1f:34:c8:df:5b:c3:79:
                    89:e6:63:ad:03:23:ba:d0:0c:d0:50:7a:2e:e0:e8:
                    f0:35:23:76:1a:48:ca:12:40:2d:57:b3:c2:20:7f:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:EE:9B:C7:B8:66:B1:05:1A:87:AB:55:6C:6B:3E:A8:B8:94:0B:A3
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c9:c6:68:a7:c8:f9:d1:d3:6b:1f:fd:6c:e7:ff:d3:8e:ad:
         87:6e:7a:fb:0d:cb:a1:93:6e:b3:94:99:c9:11:80:ad:bd:5e:
         e8:62:ec:cf:82:ee:8f:bf:32:1d:83:0e:33:0f:9f:6b:19:fd:
         4e:da:4e:60:52:ec:29:f5:f9:11:e9:84:5a:5e:9a:2a:60:a7:
         53:56:58:5f:94:12:34:b2:bd:7e:21:e0:71:96:02:37:16:03:
         61:40:df:d0:ba:6f:d8:f7:5c:48:cf:a9:e1:2e:a9:3d:29:26:
         b6:95:40:3c:df:6b:45:6c:68:e3:74:c8:6f:c3:2a:f3:a2:11:
         ec:a4:0b:c0:60:35:0b:fd:51:07:73:85:6f:d8:9e:70:74:f1:
         2c:66:a3:95:7e:06:2d:be:49:5e:68:9f:ef:75:9d:b0:54:13:
         e5:62:ac:30:ca:2a:02:7f:3d:cc:4b:64:1b:0f:ab:c9:ae:7c:
         bf:41:2e:e8:a0:0c:0e:ac:75:4d:c4:bc:17:a6:8f:02:62:c5:
         62:42:7d:d4:ad:8c:70:57:ad:76:e9:9e:ab:8a:4a:90:75:0e:
         74:ed:a3:dd:f5:a6:b2:7f:88:20:b4:c8:0f:f1:75:e7:e6:74:
         b0:d2:c5:77:65:2f:13:06:9d:57:36:0e:b4:31:9b:ae:26:78:
         a6:6c:76:ff
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUd06nuiwZl+orbRcCh9z0aQ+HwBEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAyMDEyMjQwMzVaFw0yNjAxMzEyMjQ1MzVaMDMxMTAvBgNV
BAMTKEIxRUU5QkM3Qjg2NkIxMDUxQTg3QUI1NTZDNkIzRUE4Qjg5NDBCQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaZlRKcyVmPAXjEn3AUn7H/TpO
0sKZLNIqZZeGKgY4JD3VdTIlYEZvMSRdMdOvk72j7Lz7d+a21qjVUDGw2lyVNwPB
J42xmaS/CAfiT9AyrVC4C+OxmJLALcV/3y4v6oehjDAGClUFWQDJNMd7+jBt2SPQ
PeXTggozTwgio0ZUktSfFzpzTbC2fOmLE4hCY643EweCmZmV2zeSTrcLuSdecyht
pQ2HCKY1l6IA9rmuSlBo2BVl7Pilx46kbaAPcnFpbniGCRrFyGQSfbgqiiPyfxIj
HJU69RebHzTI31vDeYnmY60DI7rQDNBQei7g6PA1I3YaSMoSQC1Xs8Igfw95AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUse6bx7hmsQUah6tVbGs+qLiUC6MwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNDMxMmUzMTMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtjXgwDQYJKoZIhvcNAQELBQADggEBAFTJxminyPnR02sf/Wzn/9OOrYduevsN
y6GTbrOUmckRgK29Xuhi7M+C7o+/Mh2DDjMPn2sZ/U7aTmBS7Cn1+RHphFpemipg
p1NWWF+UEjSyvX4h4HGWAjcWA2FA39C6b9j3XEjPqeEuqT0pJraVQDzfa0VsaON0
yG/DKvOiEeykC8BgNQv9UQdzhW/YnnB08Sxmo5V+Bi2+SV5on+91nbBUE+VirDDK
KgJ/PcxLZBsPq8mufL9BLuigDA6sdU3EvBemjwJixWJCfdStjHBXrXbpnquKSpB1
DnTto931prJ/iCC0yA/xdefmdLDSxXdlLxMGnVc2DrQxm64meKZsdv8=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:58:13 2025 by rpki-client