Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3233302e302f32332d3332203d3e203531313637.roa
File:                     34352e3135392e3233302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          SLS9XNbr1wGj2CGneMQP5OyWkimUxKK5ynwzQfq6q7c=
Subject key identifier:   4A:D4:84:93:CF:76:44:8D:BA:A2:46:F7:E7:AB:FC:0F:32:CD:63:65
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       198C3360887943B681B2AAB8B5B2F5E4C63E18E4
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3233302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:53:34 +0000
ROA not before:           Wed 22 May 2024 12:48:34 +0000
ROA not after:            Wed 21 May 2025 12:53:34 +0000
asID:                     51167
IP address blocks:        45.159.230.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:8c:33:60:88:79:43:b6:81:b2:aa:b8:b5:b2:f5:e4:c6:3e:18:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:48:34 2024 GMT
            Not After : May 21 12:53:34 2025 GMT
        Subject: CN=4AD48493CF76448DBAA246F7E7ABFC0F32CD6365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:fb:01:d6:cc:51:94:33:43:93:6f:81:d6:
                    18:0b:cf:fa:12:6e:2b:1f:40:19:e3:79:7f:04:34:
                    2b:c2:02:2b:4b:e0:27:a5:4a:9c:f8:7a:7d:a5:c5:
                    4f:68:14:88:46:11:2f:1f:66:61:23:9d:09:cb:b8:
                    17:54:44:f0:1d:b3:97:98:49:30:16:47:85:65:88:
                    98:a5:96:de:b2:f6:69:87:b3:ad:ea:eb:9a:77:bd:
                    b3:6f:5a:f0:b6:fd:98:3e:af:97:73:bf:0c:71:64:
                    d5:c7:72:1f:8d:46:ce:f3:67:d9:82:2c:94:c9:77:
                    5f:4b:b3:ad:a7:68:a7:d7:34:4d:d8:0e:a4:77:44:
                    96:18:40:42:f1:28:4b:24:8d:0e:31:ba:60:71:b9:
                    8a:67:52:03:08:82:fd:67:98:e1:26:9e:43:77:e5:
                    25:ca:40:07:8e:c3:c9:a4:5f:16:e6:50:dc:3b:cc:
                    21:29:5e:4d:03:c2:eb:98:26:f1:d4:ad:0a:f8:f5:
                    ce:1d:ce:95:a6:de:2a:9a:27:aa:9f:56:35:ec:ec:
                    9d:f5:21:35:02:e2:e4:c6:c7:e7:9d:c8:b6:17:f5:
                    ee:3f:ba:f8:63:fc:45:5d:a1:f2:0c:c5:a2:89:31:
                    02:82:27:ad:b8:87:73:3c:cc:41:8b:7e:e3:b6:c2:
                    4f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:D4:84:93:CF:76:44:8D:BA:A2:46:F7:E7:AB:FC:0F:32:CD:63:65
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e3135392e3233302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:30:7e:22:54:00:2e:0b:7d:cb:57:93:63:29:f0:d9:19:85:
         f7:46:67:2e:60:86:4c:46:4b:7e:dd:05:09:50:0e:91:75:57:
         c3:bb:9a:af:89:2d:22:aa:5a:93:f4:f8:a1:9c:7f:43:4d:ff:
         07:e5:d6:a7:10:69:dc:d0:00:1a:1e:63:7f:6d:a6:55:33:bc:
         ff:b9:86:b5:36:23:08:34:a0:84:12:0e:eb:c5:22:c9:2d:49:
         5d:95:c8:a2:61:4c:60:04:69:e7:dd:45:4d:98:ca:85:e3:3f:
         29:4d:fc:8b:4c:44:9b:54:e3:80:3f:46:5e:ee:e5:01:1f:53:
         00:02:bb:a1:ec:a0:26:64:41:84:4a:96:56:0a:07:30:35:8d:
         e0:fc:87:0f:fa:00:94:a7:4e:1e:49:0e:49:08:2d:35:8e:89:
         4c:3d:7b:1a:53:ec:09:05:da:df:6d:8e:8c:10:12:75:56:c2:
         89:ad:42:06:e7:6b:d5:c1:4d:dd:ce:ed:83:7f:a7:dc:68:91:
         c9:a5:33:4c:45:26:92:5b:09:bf:00:76:52:e2:6a:0b:a4:cf:
         ad:67:b2:89:e5:83:86:4d:55:a5:96:f4:76:f5:f7:62:01:a9:
         54:73:a5:03:86:0b:92:ae:ef:be:e5:41:e6:bc:2b:d6:f8:3b:
         cc:0f:d2:13
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGYwzYIh5Q7aBsqq4tbL15MY+GOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ4MzRaFw0yNTA1MjExMjUzMzRaMDMxMTAvBgNV
BAMTKDRBRDQ4NDkzQ0Y3NjQ0OERCQUEyNDZGN0U3QUJGQzBGMzJDRDYzNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB1/sB1sxRlDNDk2+B1hgLz/oS
bisfQBnjeX8ENCvCAitL4CelSpz4en2lxU9oFIhGES8fZmEjnQnLuBdURPAds5eY
STAWR4VliJillt6y9mmHs63q65p3vbNvWvC2/Zg+r5dzvwxxZNXHch+NRs7zZ9mC
LJTJd19Ls62naKfXNE3YDqR3RJYYQELxKEskjQ4xumBxuYpnUgMIgv1nmOEmnkN3
5SXKQAeOw8mkXxbmUNw7zCEpXk0DwuuYJvHUrQr49c4dzpWm3iqaJ6qfVjXs7J31
ITUC4uTGx+edyLYX9e4/uvhj/EVdofIMxaKJMQKCJ624h3M8zEGLfuO2wk+7AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUStSEk892RI26okb356v8DzLNY2UwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzNTM5MmUzMjMz
MzAyZTMwMmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
LZ/mMA0GCSqGSIb3DQEBCwUAA4IBAQB4MH4iVAAuC33LV5NjKfDZGYX3RmcuYIZM
Rkt+3QUJUA6RdVfDu5qviS0iqlqT9PihnH9DTf8H5danEGnc0AAaHmN/baZVM7z/
uYa1NiMINKCEEg7rxSLJLUldlciiYUxgBGnn3UVNmMqF4z8pTfyLTESbVOOAP0Ze
7uUBH1MAAruh7KAmZEGESpZWCgcwNY3g/IcP+gCUp04eSQ5JCC01jolMPXsaU+wJ
BdrfbY6MEBJ1VsKJrUIG52vVwU3dzu2Df6fcaJHJpTNMRSaSWwm/AHZS4moLpM+t
Z7KJ5YOGTVWllvR29fdiAalUc6UDhguSru++5UHmvCvW+DvMD9IT
-----END CERTIFICATE-----
Generated at Sun Jun 16 14:53:57 2024 by rpki-client on console-ams.rpki-client.org