Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232382e302f32332d3332203d3e203531313637.roa
File:                     34352e3135392e3232382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          Uf9BQgblnrtpS3/pLu+6GgB5+E2k6CaY92EDZuo3O5k=
Subject key identifier:   36:51:38:FC:2C:DA:DD:AD:A5:B8:28:78:DE:8F:41:F0:5D:83:DF:6F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5C94D7A82548D1DE9650160423BAC13336EA239A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232382e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:53:25 +0000
ROA not before:           Wed 22 May 2024 12:48:25 +0000
ROA not after:            Wed 21 May 2025 12:53:25 +0000
asID:                     51167
IP address blocks:        45.159.228.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:94:d7:a8:25:48:d1:de:96:50:16:04:23:ba:c1:33:36:ea:23:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:48:25 2024 GMT
            Not After : May 21 12:53:25 2025 GMT
        Subject: CN=365138FC2CDADDADA5B82878DE8F41F05D83DF6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d8:05:bc:50:ce:9e:0c:31:53:06:d8:65:17:
                    ef:b5:a6:53:0b:2d:12:47:e5:34:34:b2:ad:3f:ae:
                    47:06:3f:16:07:72:e1:d4:eb:5c:94:38:2d:b6:8e:
                    55:0b:32:5d:58:dd:3a:9b:31:fb:b9:d9:73:a9:c5:
                    a3:f1:07:40:3c:df:87:6f:f0:c0:2c:a3:ed:51:41:
                    02:8c:b1:c0:be:be:54:7e:67:04:53:e7:5d:30:ce:
                    16:00:e2:b6:0d:f7:2b:d4:48:af:b1:cf:18:33:38:
                    fb:20:86:79:7a:62:b7:ba:ca:d8:05:df:4c:3e:8a:
                    9e:27:0b:4b:99:44:30:9b:72:28:e5:04:4a:7c:cf:
                    20:b5:d5:56:ce:46:39:13:57:9a:b5:40:13:c7:df:
                    9d:b9:b7:5e:30:b5:46:7d:90:5f:6f:92:c3:51:b9:
                    d9:e9:9b:46:5c:51:f9:79:ce:27:b9:ac:e2:5b:2c:
                    c7:6f:ac:b5:fb:cc:31:3e:ea:33:1b:97:04:1d:bc:
                    a8:fd:f7:d6:e2:da:90:7a:7e:24:7f:f2:a5:a0:66:
                    52:ae:63:39:e4:a3:ea:b6:af:0b:c5:27:b3:37:a7:
                    13:57:7a:98:a0:02:ce:cc:1f:30:40:bd:29:a7:20:
                    28:68:12:18:43:1f:88:df:2c:69:ee:62:58:0c:c9:
                    dd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:51:38:FC:2C:DA:DD:AD:A5:B8:28:78:DE:8F:41:F0:5D:83:DF:6F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3232382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:d1:0a:8a:0d:e3:4b:76:d3:e3:9a:39:0e:aa:35:17:9d:a7:
         80:51:51:ee:d7:e7:5e:09:f1:4a:88:6c:8a:a5:15:b8:fc:fe:
         ac:4b:22:b7:4d:d1:03:77:c7:d1:7b:9d:b9:3e:0a:3d:3f:26:
         9d:fa:63:c4:cd:8a:d2:8f:23:74:7e:fe:8b:10:a5:e7:29:04:
         19:a4:59:33:40:88:1b:c7:82:fd:e5:2b:23:77:d5:40:fc:f4:
         06:f9:ed:4b:09:3d:81:51:ac:a4:b0:42:66:1b:fb:6a:5a:cf:
         ff:49:9f:b5:bb:c9:5b:bb:09:ee:93:5b:9b:f6:99:59:9a:a2:
         48:40:29:ed:b5:ae:03:e3:5b:6e:af:c1:0f:48:49:bc:01:b9:
         17:05:f3:0a:e2:8b:8e:0a:6e:e8:c5:c3:14:fe:8d:79:f6:e7:
         ec:33:93:d5:83:70:ee:01:e2:29:f6:4d:3d:d7:2c:ec:56:b1:
         5a:6a:35:0f:d2:42:05:f1:75:99:97:ba:9c:ff:13:03:02:0b:
         31:9e:19:cc:7e:63:42:55:ca:97:2a:cb:c9:04:1c:1d:09:c3:
         a6:01:a7:53:2e:8e:e5:dd:29:47:85:cb:7c:49:0b:58:f3:3f:
         b6:fe:9a:ed:78:e8:ce:7c:fe:96:8a:71:33:9c:6f:05:4f:1c:
         ab:5e:de:f7
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUXJTXqCVI0d6WUBYEI7rBMzbqI5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ4MjVaFw0yNTA1MjExMjUzMjVaMDMxMTAvBgNV
BAMTKDM2NTEzOEZDMkNEQUREQURBNUI4Mjg3OERFOEY0MUYwNUQ4M0RGNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg2AW8UM6eDDFTBthlF++1plML
LRJH5TQ0sq0/rkcGPxYHcuHU61yUOC22jlULMl1Y3TqbMfu52XOpxaPxB0A834dv
8MAso+1RQQKMscC+vlR+ZwRT510wzhYA4rYN9yvUSK+xzxgzOPsghnl6Yre6ytgF
30w+ip4nC0uZRDCbcijlBEp8zyC11VbORjkTV5q1QBPH3525t14wtUZ9kF9vksNR
udnpm0ZcUfl5zie5rOJbLMdvrLX7zDE+6jMblwQdvKj999bi2pB6fiR/8qWgZlKu
Yznko+q2rwvFJ7M3pxNXepigAs7MHzBAvSmnIChoEhhDH4jfLGnuYlgMyd0pAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUNlE4/Cza3a2luCh43o9B8F2D328wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNTM5MmUzMjMy
MzgyZTMwMmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LZ/kMA0GCSqGSIb3DQEBCwUAA4IBAQCU0QqKDeNLdtPjmjkOqjUXnaeAUVHu1+de
CfFKiGyKpRW4/P6sSyK3TdEDd8fRe525Pgo9Pyad+mPEzYrSjyN0fv6LEKXnKQQZ
pFkzQIgbx4L95Ssjd9VA/PQG+e1LCT2BUayksEJmG/tqWs//SZ+1u8lbuwnuk1ub
9plZmqJIQCntta4D41tur8EPSEm8AbkXBfMK4ouOCm7oxcMU/o159ufsM5PVg3Du
AeIp9k091yzsVrFaajUP0kIF8XWZl7qc/xMDAgsxnhnMfmNCVcqXKsvJBBwdCcOm
AadTLo7l3SlHhct8SQtY8z+2/prteOjOfP6WinEznG8FTxyrXt73
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:05:59 2024 by rpki-client on console-fra.rpki-client.org