Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132312e302f32342d3234203d3e20313336373837.roa
File:                     34352e3134312e3132312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          V27UN0ZBHlM1ecL5hvtLrO/XcmpyhxHtCZqGvzeuJMQ=
Subject key identifier:   E5:57:F0:2F:C2:99:21:B7:36:52:42:CC:9F:F8:9A:46:9C:F6:4F:25
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       234D86CB77B50ED86316BBAD02805C0FD798EBCA
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:46 +0000
ROA not before:           Sat 02 Mar 2024 21:49:46 +0000
ROA not after:            Sat 01 Mar 2025 21:54:46 +0000
asID:                     136787
IP address blocks:        45.141.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:4d:86:cb:77:b5:0e:d8:63:16:bb:ad:02:80:5c:0f:d7:98:eb:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar  2 21:49:46 2024 GMT
            Not After : Mar  1 21:54:46 2025 GMT
        Subject: CN=E557F02FC29921B7365242CC9FF89A469CF64F25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a6:2b:e1:7e:a0:8b:43:f2:2c:68:a3:cb:3f:
                    ce:7b:62:6b:86:ef:cb:b5:da:bd:5c:36:f7:58:5a:
                    87:76:01:2f:ef:0b:63:db:f6:7a:cf:28:b7:8f:cc:
                    70:e8:ed:6b:02:8b:85:7e:24:99:82:49:84:18:b6:
                    72:3d:88:5e:44:7e:55:85:26:eb:de:5e:12:0d:17:
                    4c:69:e6:b0:9f:20:a4:95:b8:5b:76:12:2e:42:23:
                    4d:60:06:b7:22:c8:77:ac:a0:7b:a3:0f:ee:32:25:
                    a2:2b:6a:d5:77:93:64:1e:cb:18:a0:a2:1a:83:61:
                    3f:92:5b:2e:99:0b:8d:7c:0c:9a:bd:00:22:a3:8e:
                    d6:0d:fd:05:07:92:18:fe:00:4b:fb:12:49:1e:f1:
                    cd:96:4a:64:1b:50:3f:ff:b9:f7:6d:32:fe:86:97:
                    16:d0:1a:b5:86:74:af:03:91:d4:18:c8:ea:f1:1f:
                    f3:5c:bf:86:0b:3f:2d:b1:9d:50:e2:a4:b7:b2:5c:
                    7c:ed:e4:2c:a1:70:8d:2d:f7:5a:4b:ab:63:eb:58:
                    35:b8:89:93:08:4d:f2:71:1f:6d:1c:1a:3c:d1:cd:
                    81:da:62:ea:ba:81:ff:95:79:7d:33:12:60:3d:27:
                    2b:4a:7c:cc:a7:1c:35:dc:56:88:2c:d9:01:20:9f:
                    fa:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:57:F0:2F:C2:99:21:B7:36:52:42:CC:9F:F8:9A:46:9C:F6:4F:25
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134312e3132312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:86:78:d2:81:fe:bd:e0:e2:cc:04:72:f4:11:e4:e9:26:79:
         19:8d:81:8b:98:ba:df:af:06:29:f8:26:5c:0a:26:5b:ed:be:
         62:4e:bd:a2:c6:9c:f4:47:40:7e:5a:5b:3e:1c:cf:87:9a:99:
         76:01:2f:1e:79:b0:a8:09:16:44:02:64:16:99:55:bc:18:17:
         55:81:61:eb:6e:05:a4:5a:d5:7f:86:ad:5f:5b:2a:09:1a:d8:
         c0:a3:a4:37:6e:34:53:55:8f:19:d5:1d:ec:e4:d0:c1:51:44:
         4e:fd:0a:15:27:69:03:01:4a:fb:8b:8d:af:70:3f:96:e3:e5:
         7e:f5:f1:b2:b9:be:b1:e6:11:60:75:04:33:f3:34:5a:7d:05:
         19:af:07:0d:45:61:92:6e:32:59:26:db:82:16:61:09:97:65:
         17:32:7e:20:c5:46:48:84:76:72:50:d4:b6:b0:74:ef:e9:c0:
         3e:b6:f9:d5:15:d4:37:f1:ff:8a:eb:8c:2c:c2:80:08:09:99:
         99:7a:58:0a:73:fb:11:7a:63:72:8e:4c:b6:bc:c6:8b:93:8d:
         94:ba:b5:f0:fe:20:21:3f:8c:85:81:d3:81:a7:7a:6f:7b:dd:
         76:b2:21:db:a6:39:c6:2b:21:68:58:57:c7:eb:1f:b7:4c:b1:
         b3:89:a5:a5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUI02Gy3e1DthjFrutAoBcD9eY68owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAzMDIyMTQ5NDZaFw0yNTAzMDEyMTU0NDZaMDMxMTAvBgNV
BAMTKEU1NTdGMDJGQzI5OTIxQjczNjUyNDJDQzlGRjg5QTQ2OUNGNjRGMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClpivhfqCLQ/IsaKPLP857YmuG
78u12r1cNvdYWod2AS/vC2Pb9nrPKLePzHDo7WsCi4V+JJmCSYQYtnI9iF5EflWF
JuveXhINF0xp5rCfIKSVuFt2Ei5CI01gBrciyHesoHujD+4yJaIratV3k2Qeyxig
ohqDYT+SWy6ZC418DJq9ACKjjtYN/QUHkhj+AEv7Ekke8c2WSmQbUD//ufdtMv6G
lxbQGrWGdK8DkdQYyOrxH/Ncv4YLPy2xnVDipLeyXHzt5CyhcI0t91pLq2PrWDW4
iZMITfJxH20cGjzRzYHaYuq6gf+VeX0zEmA9JytKfMynHDXcVogs2QEgn/r3AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU5VfwL8KZIbc2UkLMn/iaRpz2TyUwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNDMxMmUzMTMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtjXkwDQYJKoZIhvcNAQELBQADggEBADmGeNKB/r3g4swEcvQR5OkmeRmNgYuY
ut+vBin4JlwKJlvtvmJOvaLGnPRHQH5aWz4cz4eamXYBLx55sKgJFkQCZBaZVbwY
F1WBYetuBaRa1X+GrV9bKgka2MCjpDduNFNVjxnVHezk0MFRRE79ChUnaQMBSvuL
ja9wP5bj5X718bK5vrHmEWB1BDPzNFp9BRmvBw1FYZJuMlkm24IWYQmXZRcyfiDF
RkiEdnJQ1LawdO/pwD62+dUV1Dfx/4rrjCzCgAgJmZl6WApz+xF6Y3KOTLa8xouT
jZS6tfD+ICE/jIWB04Gnem973XayIdumOcYrIWhYV8frH7dMsbOJpaU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org