Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38332e302f32342d3332203d3e20313336373837.roa
File:                     34352e3134342e38332e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          ldcj3MQl9yUGCUrM5eIJsxrvQZMrxuRQeOmKI2RBB0I=
Subject key identifier:   83:C4:E3:55:45:79:64:6F:20:B7:7A:A6:09:2D:96:7C:66:FD:EE:04
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       04F345BBCFC747CB2A21B54C5900009E6AD972E4
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38332e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:42 +0000
ROA not before:           Mon 26 Feb 2024 08:47:42 +0000
ROA not after:            Mon 24 Feb 2025 08:52:42 +0000
asID:                     136787
IP address blocks:        45.144.83.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f3:45:bb:cf:c7:47:cb:2a:21:b5:4c:59:00:00:9e:6a:d9:72:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:42 2024 GMT
            Not After : Feb 24 08:52:42 2025 GMT
        Subject: CN=83C4E3554579646F20B77AA6092D967C66FDEE04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:c2:68:ae:dc:22:54:3c:d9:90:c0:f1:15:
                    16:8b:86:a5:74:3b:cf:37:09:e2:f5:a0:b5:9d:47:
                    95:38:b4:f0:6b:72:b5:8e:dc:82:51:ef:ff:69:b1:
                    0e:c9:3e:f3:22:18:08:7f:72:bf:73:7c:35:bb:9f:
                    15:1c:19:42:4f:fd:04:01:b4:56:9e:79:23:f0:d1:
                    62:f8:6c:d5:0e:b1:e0:f8:26:3d:ab:16:ba:2a:1e:
                    5b:16:09:63:13:05:fb:2f:e5:18:02:a8:dd:7a:d7:
                    34:d3:3b:7e:56:63:37:78:8d:12:fe:30:ca:da:b2:
                    50:c8:74:d5:44:82:4b:62:f9:53:13:fd:fc:77:a4:
                    fc:50:f9:96:00:da:7d:b9:d8:b5:77:ae:69:6c:b5:
                    92:ad:21:76:1f:82:5b:2e:c0:1f:d5:f2:e2:58:61:
                    9e:2d:d1:ab:e4:49:c5:b4:80:87:cc:be:4e:a9:d0:
                    f4:d5:a8:e3:03:7f:65:63:58:04:51:2a:c3:ba:55:
                    8f:b8:66:10:b2:d1:3e:17:ed:28:d9:36:f2:6d:92:
                    f1:66:28:bc:54:16:52:ad:eb:2c:1e:8a:7f:f8:0d:
                    d2:59:7c:ce:bb:0d:08:c6:7d:59:56:70:a9:92:b0:
                    d9:f0:fa:5a:0a:3e:40:bb:87:4d:90:2c:a3:2f:60:
                    7b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C4:E3:55:45:79:64:6F:20:B7:7A:A6:09:2D:96:7C:66:FD:EE:04
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134342e38332e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:b9:7e:bd:b6:9b:ab:c0:d3:eb:d7:cf:cb:55:0b:ca:e0:49:
         74:72:90:6b:75:c0:c6:c3:e4:cd:8d:26:66:3d:90:da:52:9c:
         e1:6f:ed:46:98:09:5b:dd:3a:cb:ab:69:51:2e:58:17:cf:55:
         9d:a5:18:82:7e:f5:bf:f5:68:ed:4a:7a:f5:9e:d5:4f:0c:00:
         eb:5e:33:3d:05:49:20:7b:f5:4c:2a:1e:54:34:a5:d5:c9:3c:
         28:df:44:91:02:c0:52:2a:d1:54:56:06:fd:cb:43:33:c9:ea:
         91:3f:e5:29:65:59:92:66:a7:32:0b:1e:21:6f:54:1c:ae:56:
         7a:75:9d:5a:b1:72:90:49:01:26:66:74:6a:b1:fd:85:e9:d7:
         6f:b1:7c:04:6e:4c:ba:75:03:9f:e9:19:d6:ab:5e:74:45:eb:
         e8:25:65:20:f5:ee:b2:f1:05:9e:44:3b:1a:da:f8:72:4c:05:
         1e:32:35:40:1e:f5:b6:36:78:9e:98:3e:06:af:23:21:53:c1:
         59:17:63:ed:99:c7:b0:97:8b:66:91:54:23:c9:5d:26:50:62:
         94:fc:77:59:60:fe:36:d9:87:4c:dd:11:d4:1e:c9:de:e9:77:
         b6:8e:12:8f:21:ac:a5:2f:48:60:4a:75:00:00:a4:10:c6:dc:
         ad:9c:77:44
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUBPNFu8/HR8sqIbVMWQAAnmrZcuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDJaFw0yNTAyMjQwODUyNDJaMDMxMTAvBgNV
BAMTKDgzQzRFMzU1NDU3OTY0NkYyMEI3N0FBNjA5MkQ5NjdDNjZGREVFMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzo8JortwiVDzZkMDxFRaLhqV0
O883CeL1oLWdR5U4tPBrcrWO3IJR7/9psQ7JPvMiGAh/cr9zfDW7nxUcGUJP/QQB
tFaeeSPw0WL4bNUOseD4Jj2rFroqHlsWCWMTBfsv5RgCqN161zTTO35WYzd4jRL+
MMraslDIdNVEgkti+VMT/fx3pPxQ+ZYA2n252LV3rmlstZKtIXYfglsuwB/V8uJY
YZ4t0avkScW0gIfMvk6p0PTVqOMDf2VjWARRKsO6VY+4ZhCy0T4X7SjZNvJtkvFm
KLxUFlKt6ywein/4DdJZfM67DQjGfVlWcKmSsNnw+loKPkC7h02QLKMvYHvrAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUg8TjVUV5ZG8gt3qmCS2WfGb97gQwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNDM0MmUzODMz
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZBTMA0GCSqGSIb3DQEBCwUAA4IBAQANuX69tpurwNPr18/LVQvK4El0cpBrdcDG
w+TNjSZmPZDaUpzhb+1GmAlb3TrLq2lRLlgXz1WdpRiCfvW/9WjtSnr1ntVPDADr
XjM9BUkge/VMKh5UNKXVyTwo30SRAsBSKtFUVgb9y0MzyeqRP+UpZVmSZqcyCx4h
b1QcrlZ6dZ1asXKQSQEmZnRqsf2F6ddvsXwEbky6dQOf6RnWq150RevoJWUg9e6y
8QWeRDsa2vhyTAUeMjVAHvW2NniemD4GryMhU8FZF2Ptmcewl4tmkVQjyV0mUGKU
/HdZYP422YdM3RHUHsne6Xe2jhKPIaylL0hgSnUAAKQQxtytnHdE
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org