Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38342e3136302e302f32322d3234203d3e20323033303631.roa
File:                     34352e38342e3136302e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          N2BpJus2uI07c0jHNWG1l5CpsRIlqIQCv7QVSAm+4X4=
Subject key identifier:   01:82:7B:80:26:4A:76:A7:5E:CC:2F:0C:A9:C3:8F:DD:70:A7:1D:31
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3F2ECBA7538B10921DFDD72A0C15F7BAA44D1E06
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38342e3136302e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:42 +0000
ROA not before:           Mon 26 Feb 2024 08:47:42 +0000
ROA not after:            Mon 24 Feb 2025 08:52:42 +0000
asID:                     203061
IP address blocks:        45.84.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:2e:cb:a7:53:8b:10:92:1d:fd:d7:2a:0c:15:f7:ba:a4:4d:1e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:42 2024 GMT
            Not After : Feb 24 08:52:42 2025 GMT
        Subject: CN=01827B80264A76A75ECC2F0CA9C38FDD70A71D31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:56:ee:50:46:ee:7d:be:14:f3:04:cc:4c:7a:
                    de:d8:dd:2b:eb:71:a5:3d:bb:66:a1:9b:83:55:b5:
                    4b:2c:03:c7:3a:60:9c:ed:ab:86:e9:69:ff:cb:8e:
                    90:c1:17:5f:82:63:e0:d3:55:a0:c5:ef:18:ee:c4:
                    f6:91:ec:4f:5c:46:54:de:13:85:14:9b:81:9a:e4:
                    c3:c1:89:56:ac:01:97:57:08:0d:8b:4a:83:de:9d:
                    80:aa:d9:82:c8:11:3b:5f:69:d3:ce:f2:11:e7:89:
                    db:15:bc:9a:e3:68:89:c9:5b:b2:04:1b:69:6e:59:
                    65:6c:79:bf:4e:87:ef:18:76:91:6d:87:71:88:86:
                    f2:78:3a:7f:e5:89:64:2d:52:f3:fc:e0:43:42:ad:
                    5a:26:e6:a6:9e:7f:85:df:7e:25:a4:9a:54:2d:cd:
                    cd:6a:de:77:8f:ad:62:45:a6:a4:04:97:93:22:7e:
                    a4:a8:b7:e5:2b:4c:18:cb:14:c1:86:ba:ae:59:6e:
                    21:af:85:ac:90:75:aa:4f:63:d5:67:8b:d6:98:e7:
                    50:c6:28:62:e2:4b:cc:f7:65:4b:14:a8:3f:30:32:
                    b2:46:04:bb:9b:19:1c:67:0c:03:76:8e:c1:bc:c1:
                    bf:63:3a:80:a0:00:5b:b6:52:a5:93:3c:eb:aa:26:
                    2d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:82:7B:80:26:4A:76:A7:5E:CC:2F:0C:A9:C3:8F:DD:70:A7:1D:31
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38342e3136302e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:ec:f5:7e:d9:b5:39:93:6d:67:80:2b:d6:95:06:14:d4:76:
         96:bd:7f:3b:8e:11:84:c8:53:a3:bb:09:97:e1:7a:50:f9:8c:
         9b:3e:b5:12:44:50:09:78:d7:7a:12:fb:6a:a7:8b:77:5e:5f:
         15:65:96:54:c2:13:0c:5b:ad:dc:2d:60:4f:55:5e:73:a8:22:
         bc:45:69:74:ed:40:6c:b3:68:4d:ce:c3:74:09:d6:44:bb:fa:
         62:1a:29:b1:0b:f7:31:d7:9a:2b:a4:27:c3:b7:42:cf:ce:7e:
         79:93:2a:8f:18:db:1a:91:58:15:4a:d0:67:b8:4c:db:db:bc:
         db:80:c0:14:7d:11:1d:7c:a9:b9:a2:94:cf:92:64:1f:a8:55:
         5c:52:ac:ef:9d:81:44:a7:79:3b:25:dc:b7:61:4d:31:70:3d:
         49:f8:b3:9d:7d:96:98:bf:2e:4e:79:3c:b0:0d:2c:ae:c7:48:
         52:f6:83:14:a5:5d:9d:75:eb:1f:ce:68:49:f8:46:67:4b:b6:
         1d:e5:d0:1b:05:69:87:6b:6f:d3:1c:21:48:f1:84:c8:20:e9:
         de:c6:09:bf:3a:f0:4d:3f:3c:1e:15:f5:8b:fd:62:37:de:63:
         ac:38:27:2f:35:79:94:7a:22:97:b2:b4:a4:7c:c4:3e:05:3e:
         f5:2b:52:94
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUPy7Lp1OLEJId/dcqDBX3uqRNHgYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDJaFw0yNTAyMjQwODUyNDJaMDMxMTAvBgNV
BAMTKDAxODI3QjgwMjY0QTc2QTc1RUNDMkYwQ0E5QzM4RkRENzBBNzFEMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCVu5QRu59vhTzBMxMet7Y3Svr
caU9u2ahm4NVtUssA8c6YJztq4bpaf/LjpDBF1+CY+DTVaDF7xjuxPaR7E9cRlTe
E4UUm4Ga5MPBiVasAZdXCA2LSoPenYCq2YLIETtfadPO8hHnidsVvJrjaInJW7IE
G2luWWVseb9Oh+8YdpFth3GIhvJ4On/liWQtUvP84ENCrVom5qaef4XffiWkmlQt
zc1q3nePrWJFpqQEl5MifqSot+UrTBjLFMGGuq5ZbiGvhayQdapPY9Vni9aY51DG
KGLiS8z3ZUsUqD8wMrJGBLubGRxnDAN2jsG8wb9jOoCgAFu2UqWTPOuqJi2TAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUAYJ7gCZKdqdezC8MqcOP3XCnHTEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMDMzMzAzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LVSgMA0GCSqGSIb3DQEBCwUAA4IBAQB37PV+2bU5k21ngCvWlQYU1HaWvX87jhGE
yFOjuwmX4XpQ+YybPrUSRFAJeNd6Evtqp4t3Xl8VZZZUwhMMW63cLWBPVV5zqCK8
RWl07UBss2hNzsN0CdZEu/piGimxC/cx15orpCfDt0LPzn55kyqPGNsakVgVStBn
uEzb27zbgMAUfREdfKm5opTPkmQfqFVcUqzvnYFEp3k7Jdy3YU0xcD1J+LOdfZaY
vy5OeTywDSyux0hS9oMUpV2ddesfzmhJ+EZnS7Yd5dAbBWmHa2/THCFI8YTIIOne
xgm/OvBNPzweFfWL/WI33mOsOCcvNXmUeiKXsrSkfMQ+BT71K1KU
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org