Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232302e302f32332d3332203d3e203531313637.roa
File:                     34352e3135392e3232302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          1smvn9DvvQww0o/4SdljSwOSBa63s7OQajoHSI1oX/Y=
Subject key identifier:   81:22:BA:2A:87:32:51:65:68:EA:3F:26:D4:96:99:B1:01:AD:90:4C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       59045387DB5D8744B819FDEC0805E71F0AAFD693
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:53:01 +0000
ROA not before:           Wed 22 May 2024 12:48:01 +0000
ROA not after:            Wed 21 May 2025 12:53:01 +0000
asID:                     51167
IP address blocks:        45.159.220.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:04:53:87:db:5d:87:44:b8:19:fd:ec:08:05:e7:1f:0a:af:d6:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:48:01 2024 GMT
            Not After : May 21 12:53:01 2025 GMT
        Subject: CN=8122BA2A8732516568EA3F26D49699B101AD904C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d8:06:cd:7f:7d:e4:34:11:62:fe:0b:6b:2c:
                    ee:37:9e:9e:73:fc:7b:77:38:a3:e7:2c:5a:63:1b:
                    65:01:1f:16:e1:6c:a1:05:bb:33:a5:ad:6e:1f:6c:
                    92:c5:7a:44:ab:71:2e:2d:8d:22:7b:8f:1c:90:b4:
                    9d:53:8a:47:a5:2d:fe:6d:c1:9b:1a:18:5b:93:5b:
                    18:e0:00:ee:08:6f:bd:4f:03:9a:86:ee:fe:84:95:
                    38:3c:c8:7a:67:a9:37:59:dd:bf:39:22:da:67:12:
                    6b:9f:e3:88:36:b6:df:c1:66:11:a3:c6:7d:75:33:
                    fb:9d:a2:4f:52:59:44:c2:28:16:f7:0d:8c:df:74:
                    b4:14:18:b2:b4:a8:63:e1:84:ff:a5:65:46:4e:51:
                    52:3f:0c:a0:95:5b:4f:95:95:c1:e6:bb:37:fb:e5:
                    f3:77:13:fd:f3:ba:40:78:32:a1:b4:cb:09:24:b6:
                    35:9e:23:d6:66:a5:2a:cd:5e:9c:c9:a8:e5:fc:ca:
                    05:e2:c6:57:27:a1:b8:4e:65:16:f0:6f:ed:99:d9:
                    1f:d5:12:a4:85:ea:57:e8:cf:5a:9d:33:0b:e8:0a:
                    d9:48:a0:4e:07:2d:47:de:b0:90:6a:75:a3:3a:77:
                    ee:25:29:5f:f9:59:a7:03:38:9b:5d:f1:23:34:ac:
                    8a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:22:BA:2A:87:32:51:65:68:EA:3F:26:D4:96:99:B1:01:AD:90:4C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:bd:93:44:ca:71:ad:6f:37:35:0c:6c:e3:d2:09:31:71:33:
         50:52:bb:5a:a1:fb:4c:be:20:47:ee:f9:7b:e5:10:38:9a:00:
         3e:a9:f3:ef:1e:f1:97:07:fb:f3:91:24:58:27:d1:65:b4:b9:
         51:79:31:b6:55:a8:c0:67:63:77:3d:94:a9:2b:22:35:92:68:
         67:9d:2b:77:8c:78:20:7b:d6:f6:a8:24:0f:9f:0a:6a:1b:ce:
         94:98:40:4e:b6:c8:e7:55:75:37:1b:ff:52:72:8e:43:37:7e:
         7f:c1:2a:29:b8:96:ac:9e:69:63:7c:76:26:18:fa:32:d7:b0:
         e8:75:e4:81:86:0d:8d:32:78:44:a0:cf:86:5c:39:8c:a2:55:
         e6:98:74:1d:ae:9f:37:95:e8:97:e9:c8:26:6d:fd:a2:e5:33:
         88:5e:28:d0:07:db:d0:2e:ec:77:82:12:a2:4f:30:bd:c9:5d:
         3b:f1:c2:01:9f:94:e2:a9:e4:12:97:ab:32:24:97:6a:90:87:
         55:1f:34:cc:ac:f2:66:87:cd:fe:f8:cb:ef:75:31:dc:69:db:
         51:1d:63:b2:01:10:70:13:42:30:ce:35:4d:94:2c:2f:9e:a3:
         1c:bb:4c:83:d2:ed:4c:9e:bf:95:c4:d5:ce:ba:bb:30:ef:07:
         1c:7d:23:91
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWQRTh9tdh0S4Gf3sCAXnHwqv1pMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ4MDFaFw0yNTA1MjExMjUzMDFaMDMxMTAvBgNV
BAMTKDgxMjJCQTJBODczMjUxNjU2OEVBM0YyNkQ0OTY5OUIxMDFBRDkwNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr2AbNf33kNBFi/gtrLO43np5z
/Ht3OKPnLFpjG2UBHxbhbKEFuzOlrW4fbJLFekSrcS4tjSJ7jxyQtJ1TikelLf5t
wZsaGFuTWxjgAO4Ib71PA5qG7v6ElTg8yHpnqTdZ3b85ItpnEmuf44g2tt/BZhGj
xn11M/udok9SWUTCKBb3DYzfdLQUGLK0qGPhhP+lZUZOUVI/DKCVW0+VlcHmuzf7
5fN3E/3zukB4MqG0ywkktjWeI9ZmpSrNXpzJqOX8ygXixlcnobhOZRbwb+2Z2R/V
EqSF6lfoz1qdMwvoCtlIoE4HLUfesJBqdaM6d+4lKV/5WacDOJtd8SM0rIopAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUgSK6KocyUWVo6j8m1JaZsQGtkEwwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNTM5MmUzMjMy
MzAyZTMwMmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LZ/cMA0GCSqGSIb3DQEBCwUAA4IBAQCNvZNEynGtbzc1DGzj0gkxcTNQUrtaoftM
viBH7vl75RA4mgA+qfPvHvGXB/vzkSRYJ9FltLlReTG2VajAZ2N3PZSpKyI1kmhn
nSt3jHgge9b2qCQPnwpqG86UmEBOtsjnVXU3G/9Sco5DN35/wSopuJasnmljfHYm
GPoy17DodeSBhg2NMnhEoM+GXDmMolXmmHQdrp83leiX6cgmbf2i5TOIXijQB9vQ
Lux3ghKiTzC9yV078cIBn5TiqeQSl6syJJdqkIdVHzTMrPJmh83++MvvdTHcadtR
HWOyARBwE0IwzjVNlCwvnqMcu0yD0u1Mnr+VxNXOursw7wccfSOR
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:05:59 2024 by rpki-client on console-fra.rpki-client.org