Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38302e302f32342d3332203d3e20313336373837.roa
File:                     34352e3134342e38302e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          kAMmGyupyEEvUcroAUMqaJd/QjvAAHCMy95mSOLYx5k=
Subject key identifier:   D9:49:5F:EB:5A:5C:A5:8E:C7:61:02:C7:E3:F4:16:17:AC:2D:79:60
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       24AF3FD535B706A4F2317BC904AA26FA220CF287
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38302e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:43 +0000
ROA not before:           Mon 26 Feb 2024 08:47:43 +0000
ROA not after:            Mon 24 Feb 2025 08:52:43 +0000
asID:                     136787
IP address blocks:        45.144.80.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:af:3f:d5:35:b7:06:a4:f2:31:7b:c9:04:aa:26:fa:22:0c:f2:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:43 2024 GMT
            Not After : Feb 24 08:52:43 2025 GMT
        Subject: CN=D9495FEB5A5CA58EC76102C7E3F41617AC2D7960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a6:1c:aa:9d:60:4d:92:da:39:7c:8f:5f:bd:
                    d1:15:1f:7a:84:77:b6:ec:eb:de:a9:e1:80:d8:b7:
                    a9:f5:58:7d:ea:41:6e:af:66:48:69:d3:d6:d1:e9:
                    d4:4b:5b:1f:a0:c5:5f:76:d3:38:32:b7:55:b5:44:
                    bd:36:e5:9d:0e:27:36:4c:6a:14:fb:a4:a6:e6:c9:
                    62:63:45:31:95:39:53:53:a1:a5:78:6e:28:59:ef:
                    93:d4:fe:fe:87:94:c2:24:5a:1e:25:c3:d0:14:0b:
                    08:cd:4f:1f:10:3d:3e:51:1f:80:1f:45:f0:26:30:
                    00:73:a7:4f:e5:72:80:0d:ed:8f:ac:3e:62:de:26:
                    f0:a4:53:d3:73:23:9d:b5:71:48:91:82:59:44:0d:
                    fa:a9:72:41:bf:05:ba:19:c8:53:ee:33:66:7e:55:
                    44:2b:f9:7e:f1:a4:67:6d:e1:9a:0e:91:89:76:d8:
                    51:12:68:79:87:30:48:d3:3a:25:13:70:d5:a3:78:
                    f3:12:c6:82:38:fa:8b:19:f2:f0:a5:f6:82:98:88:
                    b6:fb:c0:66:9f:53:34:12:91:d3:d3:18:49:e0:2d:
                    03:c2:2f:28:c9:bc:5b:f9:01:bb:ca:7e:96:dd:9d:
                    b9:a1:79:ca:06:b1:24:d2:0e:da:21:b9:ff:c3:9f:
                    80:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:49:5F:EB:5A:5C:A5:8E:C7:61:02:C7:E3:F4:16:17:AC:2D:79:60
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38302e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:b1:94:bc:a8:41:06:25:f4:fc:77:e4:9a:64:e6:1d:07:97:
         17:a0:43:08:f9:64:22:36:22:01:e0:80:30:8d:c1:b2:94:85:
         36:61:08:0b:73:cc:f9:a4:19:47:12:b8:b6:6c:f7:90:1f:2f:
         16:81:d3:24:0a:d5:73:36:69:32:a3:1c:15:3f:1e:23:80:89:
         4e:0e:a2:b7:45:a0:c3:d1:c7:64:37:0c:87:33:5b:1b:4e:8a:
         f8:5b:f9:fb:ad:6b:05:c6:78:75:83:a3:2b:43:fe:0a:44:76:
         47:61:de:a4:eb:78:d3:e4:18:00:25:f5:e7:a8:90:eb:94:b3:
         82:fe:ff:23:a6:29:bf:a6:73:79:3c:a5:77:58:66:47:ec:68:
         38:ce:18:91:aa:35:ed:d7:ed:4d:eb:92:03:ac:3e:83:f9:29:
         55:30:0d:84:3d:7f:1b:52:0b:c0:a1:a8:68:d4:d2:8e:a7:e8:
         6a:a2:2c:6f:10:fd:b4:0b:5b:81:12:f4:f4:a2:df:57:34:a7:
         a1:91:cb:0d:24:b7:31:7d:23:61:1e:f5:94:48:b1:1b:ce:27:
         99:13:be:94:51:94:c4:fc:60:bc:4b:cc:69:d6:b0:a7:2f:18:
         b6:5c:1f:73:38:81:7f:78:ad:39:36:02:5a:4f:e6:eb:40:eb:
         88:f1:8a:37
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUJK8/1TW3BqTyMXvJBKom+iIM8ocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDNaFw0yNTAyMjQwODUyNDNaMDMxMTAvBgNV
BAMTKEQ5NDk1RkVCNUE1Q0E1OEVDNzYxMDJDN0UzRjQxNjE3QUMyRDc5NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCophyqnWBNkto5fI9fvdEVH3qE
d7bs696p4YDYt6n1WH3qQW6vZkhp09bR6dRLWx+gxV920zgyt1W1RL025Z0OJzZM
ahT7pKbmyWJjRTGVOVNToaV4bihZ75PU/v6HlMIkWh4lw9AUCwjNTx8QPT5RH4Af
RfAmMABzp0/lcoAN7Y+sPmLeJvCkU9NzI521cUiRgllEDfqpckG/BboZyFPuM2Z+
VUQr+X7xpGdt4ZoOkYl22FESaHmHMEjTOiUTcNWjePMSxoI4+osZ8vCl9oKYiLb7
wGafUzQSkdPTGEngLQPCLyjJvFv5AbvKfpbdnbmhecoGsSTSDtohuf/Dn4DBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU2Ulf61pcpY7HYQLH4/QWF6wteWAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNDM0MmUzODMw
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZBQMA0GCSqGSIb3DQEBCwUAA4IBAQCmsZS8qEEGJfT8d+SaZOYdB5cXoEMI+WQi
NiIB4IAwjcGylIU2YQgLc8z5pBlHEri2bPeQHy8WgdMkCtVzNmkyoxwVPx4jgIlO
DqK3RaDD0cdkNwyHM1sbTor4W/n7rWsFxnh1g6MrQ/4KRHZHYd6k63jT5BgAJfXn
qJDrlLOC/v8jpim/pnN5PKV3WGZH7Gg4zhiRqjXt1+1N65IDrD6D+SlVMA2EPX8b
UgvAoaho1NKOp+hqoixvEP20C1uBEvT0ot9XNKehkcsNJLcxfSNhHvWUSLEbzieZ
E76UUZTE/GC8S8xp1rCnLxi2XB9zOIF/eK05NgJaT+brQOuI8Yo3
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org