Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232322e302f32332d3332203d3e203531313637.roa
File:                     34352e3135392e3232322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          d35SfxC5JYpGcpHDVcuzlobAccKB8W11jm1MkLFa8CI=
Subject key identifier:   60:5B:3B:12:7E:FF:93:90:9D:62:66:54:B4:E8:E5:64:87:F5:1C:E9
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       461ADAEB94D7420FE65F3F8C08CC9AADD0806179
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:53:11 +0000
ROA not before:           Wed 22 May 2024 12:48:11 +0000
ROA not after:            Wed 21 May 2025 12:53:11 +0000
asID:                     51167
IP address blocks:        45.159.222.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:1a:da:eb:94:d7:42:0f:e6:5f:3f:8c:08:cc:9a:ad:d0:80:61:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:48:11 2024 GMT
            Not After : May 21 12:53:11 2025 GMT
        Subject: CN=605B3B127EFF93909D626654B4E8E56487F51CE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4d:26:40:8b:bb:aa:a6:ac:cd:9f:00:c3:d5:
                    88:ff:7e:72:78:68:c3:dc:8b:7e:05:b7:b7:e7:be:
                    ff:97:96:7c:64:1d:7c:a4:37:9c:01:d0:8a:47:85:
                    b1:d6:ac:f2:59:ef:3b:c0:53:d9:c4:b0:00:13:5b:
                    17:d3:85:63:c2:82:65:96:1f:58:18:e9:bc:b6:af:
                    17:43:15:73:9e:9e:be:5e:58:21:0a:cc:14:95:6a:
                    94:9c:1e:3d:1c:2a:18:bd:93:07:eb:57:ce:e6:19:
                    78:de:08:d9:01:fb:62:77:d7:69:12:d0:49:75:60:
                    a5:1b:ef:00:ca:e4:ca:00:2f:7f:b2:65:3b:df:30:
                    20:5f:19:45:26:29:d3:34:13:bd:b0:a5:ed:8a:83:
                    3e:fa:d1:0d:c8:d7:32:3f:53:b5:67:82:b6:3f:b8:
                    62:99:b3:93:28:6a:ba:86:af:06:ed:4f:6f:e9:5d:
                    11:26:98:2c:d8:8a:1c:90:8a:1d:88:7e:fe:b1:2d:
                    31:78:d8:92:36:97:f6:58:ef:82:ba:6d:b3:c1:8b:
                    1d:f9:2a:ba:3b:84:a9:5d:29:2d:70:49:7d:2c:d3:
                    14:63:15:b0:f1:25:9a:32:6d:a8:0b:33:4d:d3:3e:
                    78:6b:9d:47:5f:8e:ad:57:26:c9:65:f7:bc:48:e9:
                    2a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5B:3B:12:7E:FF:93:90:9D:62:66:54:B4:E8:E5:64:87:F5:1C:E9
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:f2:00:1c:98:f1:b8:00:6e:55:17:ad:43:29:60:17:62:1d:
         d5:90:a7:73:a1:42:1a:f1:13:fd:11:3d:30:e7:57:9f:05:23:
         a3:b0:9e:cb:0a:a1:c9:ae:6f:72:f3:99:91:d5:e3:d1:57:f1:
         77:a2:e9:4c:06:b9:94:67:b5:2f:3e:78:38:9c:b7:b9:d1:ee:
         91:b5:37:f8:8b:e3:96:27:63:ff:3d:b8:9d:91:7d:32:c3:19:
         49:8f:3d:80:f6:0c:9d:d2:13:ca:7a:98:ee:cc:12:83:6b:9b:
         55:99:1f:6a:93:90:f6:49:d7:d2:72:da:f5:d0:18:ce:5e:fa:
         2a:a9:89:46:e5:4c:86:3a:a7:43:a7:03:47:a7:fb:5c:4c:a0:
         de:47:0c:02:a6:e0:b3:2e:86:a0:6e:31:63:6d:8c:c9:69:35:
         92:be:9b:a7:5c:76:71:72:13:ca:23:e1:6f:c6:29:0e:5b:67:
         79:82:a7:3e:d9:fa:ba:36:c7:50:49:77:e9:54:76:e0:29:7c:
         91:4a:6b:b7:28:9a:c2:e6:b9:b5:28:fc:2d:27:29:e2:9d:ab:
         32:74:31:96:ac:00:68:eb:25:1f:ad:1b:ab:49:c4:43:19:16:
         62:e3:65:b4:73:15:88:5d:42:3c:14:60:aa:42:fd:17:f3:c9:
         36:91:ee:76
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIURhra65TXQg/mXz+MCMyardCAYXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ4MTFaFw0yNTA1MjExMjUzMTFaMDMxMTAvBgNV
BAMTKDYwNUIzQjEyN0VGRjkzOTA5RDYyNjY1NEI0RThFNTY0ODdGNTFDRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDITSZAi7uqpqzNnwDD1Yj/fnJ4
aMPci34Ft7fnvv+XlnxkHXykN5wB0IpHhbHWrPJZ7zvAU9nEsAATWxfThWPCgmWW
H1gY6by2rxdDFXOenr5eWCEKzBSVapScHj0cKhi9kwfrV87mGXjeCNkB+2J312kS
0El1YKUb7wDK5MoAL3+yZTvfMCBfGUUmKdM0E72wpe2Kgz760Q3I1zI/U7VngrY/
uGKZs5MoarqGrwbtT2/pXREmmCzYihyQih2Ifv6xLTF42JI2l/ZY74K6bbPBix35
Kro7hKldKS1wSX0s0xRjFbDxJZoybagLM03TPnhrnUdfjq1XJsll97xI6SqJAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUYFs7En7/k5CdYmZUtOjlZIf1HOkwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNTM5MmUzMjMy
MzIyZTMwMmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LZ/eMA0GCSqGSIb3DQEBCwUAA4IBAQAP8gAcmPG4AG5VF61DKWAXYh3VkKdzoUIa
8RP9ET0w51efBSOjsJ7LCqHJrm9y85mR1ePRV/F3oulMBrmUZ7UvPng4nLe50e6R
tTf4i+OWJ2P/PbidkX0ywxlJjz2A9gyd0hPKepjuzBKDa5tVmR9qk5D2SdfSctr1
0BjOXvoqqYlG5UyGOqdDpwNHp/tcTKDeRwwCpuCzLoagbjFjbYzJaTWSvpunXHZx
chPKI+FvxikOW2d5gqc+2fq6NsdQSXfpVHbgKXyRSmu3KJrC5rm1KPwtJyninasy
dDGWrABo6yUfrRurScRDGRZi42W0cxWIXUI8FGCqQv0X88k2ke52
-----END CERTIFICATE-----
Generated at Sun Jun 16 14:53:57 2024 by rpki-client on console-ams.rpki-client.org