Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134392e3230342e302f32332d3332203d3e203531313637.roa
File:                     34352e3134392e3230342e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          gUTAepLAoAIeM07dVVtbK1O/45AnDoko5mbbZVeghh0=
Subject key identifier:   C1:85:2A:0E:94:B6:8D:9D:5E:45:85:61:39:C3:F9:D0:BA:11:33:C2
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4947CDD0F6BE5AB259E6FFA5C036790448613568
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134392e3230342e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:53:43 +0000
ROA not before:           Wed 22 May 2024 12:48:43 +0000
ROA not after:            Wed 21 May 2025 12:53:43 +0000
asID:                     51167
IP address blocks:        45.149.204.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:47:cd:d0:f6:be:5a:b2:59:e6:ff:a5:c0:36:79:04:48:61:35:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:48:43 2024 GMT
            Not After : May 21 12:53:43 2025 GMT
        Subject: CN=C1852A0E94B68D9D5E45856139C3F9D0BA1133C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:28:63:bb:53:23:75:6c:f2:05:c8:76:47:53:
                    dd:49:98:30:5d:ab:e5:24:87:5e:9b:c6:a9:cd:30:
                    d1:d1:1d:a8:ce:f5:e3:4f:c4:25:2d:a4:6f:d7:92:
                    32:81:e0:50:1c:23:8b:cc:c2:fb:90:ea:bb:1b:41:
                    a5:86:9e:f7:2f:0d:f0:f1:0b:79:ee:f2:b0:4c:a7:
                    9e:85:1a:93:e2:f1:45:4c:a2:81:a5:23:fe:e3:99:
                    6a:60:36:d8:3c:c7:86:fa:c3:ef:da:a8:80:6a:b2:
                    58:41:c9:9e:ee:99:43:ff:2d:a5:83:9f:f8:e1:1a:
                    e9:00:21:f7:6d:cc:c1:a3:da:c8:78:94:40:58:e8:
                    64:05:29:37:f6:f6:d0:23:52:9c:e5:61:01:7f:bf:
                    31:48:14:eb:71:0c:cf:63:20:42:a6:56:5c:4a:bc:
                    54:fe:39:90:2a:a6:4a:00:3f:07:7d:fa:f7:44:49:
                    56:0e:10:e0:9a:fe:6c:42:53:28:3f:a0:5a:d6:cf:
                    90:17:bd:87:36:96:2f:08:d9:c5:71:23:7c:74:09:
                    cb:35:88:b1:04:2d:46:c0:6a:21:42:1a:8a:4b:d7:
                    e1:63:60:97:ce:19:e1:80:b7:43:8e:d6:ec:f1:23:
                    6f:08:f8:36:d9:35:8f:cd:30:da:19:3d:0e:89:6a:
                    f5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:85:2A:0E:94:B6:8D:9D:5E:45:85:61:39:C3:F9:D0:BA:11:33:C2
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3134392e3230342e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:ca:5f:97:94:72:88:a4:e1:97:d4:24:a5:5a:78:40:e5:d2:
         11:00:df:8e:82:79:1b:bc:cd:ed:27:42:6f:98:55:68:94:12:
         3e:fb:f1:d9:7e:dd:38:6d:d3:6c:3d:98:40:c4:ce:63:ea:e1:
         d3:31:94:1e:4b:22:19:d3:06:2e:dd:63:3a:16:ec:ec:7b:0b:
         9c:07:7d:67:dc:9b:7f:69:4c:0d:98:30:a6:1f:f1:ce:24:6c:
         08:89:92:d3:53:9f:3a:b5:bc:97:ca:29:4d:b7:17:86:0d:23:
         7a:65:10:aa:09:70:0e:1d:c6:82:cb:36:f1:ea:ce:59:ca:ac:
         5e:1f:72:0c:cc:5d:2d:29:36:d3:aa:ae:2d:fa:cc:30:ce:7f:
         4f:8d:1e:bc:22:28:27:7e:9c:0b:ec:a9:2a:4e:91:1a:4d:10:
         10:02:a7:2d:f0:dc:c0:c8:f9:c5:4b:63:f5:e8:d3:e9:1b:90:
         68:04:9c:4c:0e:98:d9:81:cd:a8:a0:28:9f:4e:36:b3:35:70:
         27:16:f7:9c:13:9a:2a:a9:ac:6c:0b:73:3f:a6:6d:83:7f:0f:
         64:ca:65:29:07:90:f9:8c:5e:65:12:46:4f:2f:06:89:a5:fd:
         c0:65:e2:16:07:81:5f:01:6a:22:af:fc:13:84:98:4e:8b:bd:
         98:b7:48:52
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUSUfN0Pa+WrJZ5v+lwDZ5BEhhNWgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ4NDNaFw0yNTA1MjExMjUzNDNaMDMxMTAvBgNV
BAMTKEMxODUyQTBFOTRCNjhEOUQ1RTQ1ODU2MTM5QzNGOUQwQkExMTMzQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfKGO7UyN1bPIFyHZHU91JmDBd
q+Ukh16bxqnNMNHRHajO9eNPxCUtpG/XkjKB4FAcI4vMwvuQ6rsbQaWGnvcvDfDx
C3nu8rBMp56FGpPi8UVMooGlI/7jmWpgNtg8x4b6w+/aqIBqslhByZ7umUP/LaWD
n/jhGukAIfdtzMGj2sh4lEBY6GQFKTf29tAjUpzlYQF/vzFIFOtxDM9jIEKmVlxK
vFT+OZAqpkoAPwd9+vdESVYOEOCa/mxCUyg/oFrWz5AXvYc2li8I2cVxI3x0Ccs1
iLEELUbAaiFCGopL1+FjYJfOGeGAt0OO1uzxI28I+DbZNY/NMNoZPQ6JavXRAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUwYUqDpS2jZ1eRYVhOcP50LoRM8IwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNDM5MmUzMjMw
MzQyZTMwMmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LZXMMA0GCSqGSIb3DQEBCwUAA4IBAQBeyl+XlHKIpOGX1CSlWnhA5dIRAN+Ognkb
vM3tJ0JvmFVolBI++/HZft04bdNsPZhAxM5j6uHTMZQeSyIZ0wYu3WM6Fuzsewuc
B31n3Jt/aUwNmDCmH/HOJGwIiZLTU586tbyXyilNtxeGDSN6ZRCqCXAOHcaCyzbx
6s5ZyqxeH3IMzF0tKTbTqq4t+swwzn9PjR68IignfpwL7KkqTpEaTRAQAqct8NzA
yPnFS2P16NPpG5BoBJxMDpjZgc2ooCifTjazNXAnFvecE5oqqaxsC3M/pm2Dfw9k
ymUpB5D5jF5lEkZPLwaJpf3AZeIWB4FfAWoir/wThJhOi72Yt0hS
-----END CERTIFICATE-----
Generated at Sun Jun 16 14:53:57 2024 by rpki-client on console-ams.rpki-client.org