Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3131322e302f32322d3234203d3e20323033303631.roa
File:                     34352e39302e3131322e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          UVyEGHE5IAoinCzRjxdnFzS82rBKZ0zX9I5+2pjTv+Q=
Subject key identifier:   FD:97:B4:9F:CD:31:85:73:AF:7D:92:A5:12:D2:63:06:C2:EC:85:07
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       65DE33C968720BB06207E6F8847C7966CDFCEAAB
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3131322e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 27 Jan 2025 09:44:49 +0000
ROA not before:           Mon 27 Jan 2025 09:39:49 +0000
ROA not after:            Mon 26 Jan 2026 09:44:49 +0000
asID:                     203061
IP address blocks:        45.90.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:de:33:c9:68:72:0b:b0:62:07:e6:f8:84:7c:79:66:cd:fc:ea:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:49 2025 GMT
            Not After : Jan 26 09:44:49 2026 GMT
        Subject: CN=FD97B49FCD318573AF7D92A512D26306C2EC8507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2e:d9:81:8f:b8:63:46:bf:41:c1:f7:59:42:
                    d5:81:16:1e:cf:40:3f:93:3e:2d:e9:1b:fc:f2:f1:
                    6f:17:b5:76:b0:a9:07:55:86:56:a6:81:1a:6b:14:
                    97:9f:31:f0:ba:96:d4:3e:df:e4:25:1e:f0:c1:10:
                    95:e7:ca:f3:06:f4:de:a3:d8:f3:b2:68:fb:36:78:
                    88:18:0b:84:5c:27:93:52:b3:9f:44:7e:e9:ba:c7:
                    3d:5d:38:92:59:7b:61:0c:8f:b3:46:44:6e:e0:9d:
                    17:5b:62:9b:16:7c:e0:65:59:8d:57:1f:31:af:6d:
                    92:68:26:b2:67:2e:86:0e:6a:64:63:e6:bf:88:d3:
                    c9:37:da:44:9d:02:0b:c5:f0:75:ae:bc:c8:aa:d0:
                    51:70:03:b2:d0:9a:2c:57:7c:67:32:b9:64:7f:ea:
                    0b:44:40:40:cc:cf:a8:df:07:89:dd:7d:fb:f3:79:
                    ff:09:0c:43:0e:3b:3c:41:4c:a6:6f:23:14:c8:07:
                    5f:95:3a:6e:4d:81:d4:f9:91:af:3b:2d:62:5e:1c:
                    70:c4:8d:9b:45:dd:98:94:15:16:99:6b:f8:ea:ef:
                    ec:fa:20:86:ba:7c:1a:da:a0:83:c4:18:e0:e2:2a:
                    28:22:29:88:5e:cc:15:23:10:12:8a:32:8a:25:bb:
                    11:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:97:B4:9F:CD:31:85:73:AF:7D:92:A5:12:D2:63:06:C2:EC:85:07
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3131322e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:1d:22:5d:6d:0f:6b:7a:a6:98:b7:a4:31:d4:d7:e2:16:03:
         4b:56:29:77:14:4a:b3:93:77:e5:77:de:47:61:f5:10:92:ee:
         8d:fe:c5:23:f6:a3:ec:90:96:72:33:ce:7d:c7:c4:d4:9e:3b:
         0c:89:49:7f:5f:7f:cf:88:2e:ca:4c:c3:1a:66:df:d5:a7:31:
         78:58:2d:71:7b:21:e2:bf:e5:8e:91:34:5a:0b:aa:79:29:48:
         a1:8f:50:54:f9:d3:68:a6:20:b6:47:c7:79:16:91:dd:68:cc:
         94:7f:57:63:52:d1:03:55:6c:b6:53:b2:84:36:20:1d:82:d9:
         d7:c8:57:89:80:97:0d:73:24:47:9c:24:5b:ce:bc:a4:d6:a7:
         91:ad:ad:1f:df:df:8a:46:25:d3:6a:bf:85:cd:c3:08:bd:f0:
         89:41:e9:52:35:e6:d2:d1:25:98:f0:e8:67:c3:0f:c6:c8:40:
         52:1b:e6:6e:d7:56:52:3f:ed:f6:e9:21:82:08:51:e7:73:16:
         cc:3b:07:de:54:af:2d:ba:ef:f8:8d:03:44:22:80:11:83:3d:
         8d:db:8a:38:50:a5:37:c9:44:e9:10:63:05:bf:3f:4f:dc:0d:
         97:11:73:d9:09:e0:ac:79:e2:ee:e8:f1:4e:04:e3:9e:df:d4:
         f1:82:a0:da
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUZd4zyWhyC7BiB+b4hHx5Zs386qswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDlaFw0yNjAxMjYwOTQ0NDlaMDMxMTAvBgNV
BAMTKEZEOTdCNDlGQ0QzMTg1NzNBRjdEOTJBNTEyRDI2MzA2QzJFQzg1MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxLtmBj7hjRr9BwfdZQtWBFh7P
QD+TPi3pG/zy8W8XtXawqQdVhlamgRprFJefMfC6ltQ+3+QlHvDBEJXnyvMG9N6j
2POyaPs2eIgYC4RcJ5NSs59Efum6xz1dOJJZe2EMj7NGRG7gnRdbYpsWfOBlWY1X
HzGvbZJoJrJnLoYOamRj5r+I08k32kSdAgvF8HWuvMiq0FFwA7LQmixXfGcyuWR/
6gtEQEDMz6jfB4ndffvzef8JDEMOOzxBTKZvIxTIB1+VOm5NgdT5ka87LWJeHHDE
jZtF3ZiUFRaZa/jq7+z6IIa6fBraoIPEGODiKigiKYhezBUjEBKKMooluxEzAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU/Ze0n80xhXOvfZKlEtJjBsLshQcwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMTMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMDMzMzAzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LVpwMA0GCSqGSIb3DQEBCwUAA4IBAQBfHSJdbQ9reqaYt6Qx1NfiFgNLVil3FEqz
k3fld95HYfUQku6N/sUj9qPskJZyM859x8TUnjsMiUl/X3/PiC7KTMMaZt/VpzF4
WC1xeyHiv+WOkTRaC6p5KUihj1BU+dNopiC2R8d5FpHdaMyUf1djUtEDVWy2U7KE
NiAdgtnXyFeJgJcNcyRHnCRbzryk1qeRra0f39+KRiXTar+FzcMIvfCJQelSNebS
0SWY8Ohnww/GyEBSG+Zu11ZSP+326SGCCFHncxbMOwfeVK8tuu/4jQNEIoARgz2N
24o4UKU3yUTpEGMFvz9P3A2XEXPZCeCseeLu6PFOBOOe39TxgqDa
-----END CERTIFICATE-----
Generated at Sun Feb 16 21:00:09 2025 by rpki-client