Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39312e3137362e302f32322d3234203d3e20323033303631.roa
File:                     34352e39312e3137362e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          CIpN5DIfEUQ/fde+kynnw/RFJQ0ooFSjCwgiy9+yHeQ=
Subject key identifier:   63:35:EF:ED:55:78:47:A7:DF:FE:2B:81:CE:9D:79:3E:CE:FA:30:73
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       080814D9BD644719A1290D2A30908E90B37A2CA1
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39312e3137362e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     203061
IP address blocks:        45.91.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:08:14:d9:bd:64:47:19:a1:29:0d:2a:30:90:8e:90:b3:7a:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=6335EFED557847A7DFFE2B81CE9D793ECEFA3073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a3:17:f6:cb:22:24:6f:52:e1:bf:1f:cb:6f:
                    e3:4b:76:31:85:b5:f3:33:e2:ae:59:e5:f0:d1:a7:
                    9d:dc:b3:53:e2:f8:88:e5:1b:db:e0:2a:57:40:82:
                    b3:16:88:43:0c:f6:0e:ab:20:9c:20:94:c8:a3:76:
                    b3:d3:7f:cb:5e:e5:01:5b:27:00:61:04:37:bd:ef:
                    da:0f:a5:cd:e7:92:5d:2e:92:75:6f:e1:00:f0:55:
                    d9:c4:de:fa:6a:74:e0:8b:0f:a2:49:50:ab:df:83:
                    88:83:b0:d2:76:9a:5e:8f:13:b5:dc:91:2e:96:19:
                    a3:46:6a:e6:d8:e2:70:69:88:e0:fc:5c:32:ca:cf:
                    4b:d0:21:7f:ec:8a:e9:da:27:ca:fb:78:38:97:27:
                    c8:2a:44:ee:5d:7c:e6:c7:5b:bd:2e:08:1a:64:fa:
                    16:ea:12:73:1e:13:d5:e4:a6:2d:df:f1:53:63:ba:
                    b7:eb:4e:73:02:90:18:de:a1:83:a1:1e:85:d4:43:
                    a1:a3:dd:a2:f5:95:46:12:ca:06:8f:3a:0e:00:29:
                    10:8e:7c:ce:77:44:2a:9b:4f:47:1f:33:e5:2d:d3:
                    dc:cd:be:05:ad:c1:91:05:c7:bc:10:14:6d:b2:79:
                    67:76:64:a6:e0:5e:e4:0c:7d:ea:1e:79:f6:fd:92:
                    a2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:35:EF:ED:55:78:47:A7:DF:FE:2B:81:CE:9D:79:3E:CE:FA:30:73
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39312e3137362e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:3c:60:81:de:59:17:60:11:99:63:f6:12:e1:a1:f3:25:30:
         ff:d4:46:61:5c:c1:89:e1:14:df:7d:38:f9:d1:ca:fd:60:35:
         d6:aa:66:24:ed:1e:eb:e7:f9:0e:97:cd:57:3e:35:eb:8c:75:
         99:19:ab:ba:21:9c:c6:e0:1d:8a:67:70:0d:88:c8:04:3b:09:
         9d:9d:e1:c9:a5:78:ce:48:1f:1d:0c:0e:4b:a4:a1:c0:2a:5e:
         f9:28:78:27:8d:75:fa:50:e8:b5:9a:99:cf:60:3b:db:81:79:
         ea:6f:f0:de:27:56:2e:55:67:5e:22:a7:e7:dc:d2:24:bb:bb:
         1a:55:b4:5d:b5:54:83:b4:61:82:e0:aa:84:c9:57:63:76:c7:
         ca:fe:c6:83:55:32:87:f4:e1:ec:de:71:92:5c:24:9e:a5:62:
         d9:4f:0b:5b:83:7c:a9:c0:f1:d5:3c:0a:44:39:b3:52:8e:67:
         8e:f1:28:25:2b:cb:d3:e4:ef:d5:f7:cc:19:6c:dd:6d:ad:74:
         83:46:46:03:d5:3d:c1:5f:54:11:54:41:19:48:36:88:7d:e9:
         bc:de:69:06:b4:75:7f:75:55:e3:d1:d3:84:49:1d:24:9d:ef:
         1f:45:2f:90:a6:23:bb:57:6d:e9:30:37:30:bf:21:d2:78:86:
         e9:ee:51:4c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUCAgU2b1kRxmhKQ0qMJCOkLN6LKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKDYzMzVFRkVENTU3ODQ3QTdERkZFMkI4MUNFOUQ3OTNFQ0VGQTMwNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPoxf2yyIkb1Lhvx/Lb+NLdjGF
tfMz4q5Z5fDRp53cs1Pi+IjlG9vgKldAgrMWiEMM9g6rIJwglMijdrPTf8te5QFb
JwBhBDe979oPpc3nkl0uknVv4QDwVdnE3vpqdOCLD6JJUKvfg4iDsNJ2ml6PE7Xc
kS6WGaNGaubY4nBpiOD8XDLKz0vQIX/siunaJ8r7eDiXJ8gqRO5dfObHW70uCBpk
+hbqEnMeE9Xkpi3f8VNjurfrTnMCkBjeoYOhHoXUQ6Gj3aL1lUYSygaPOg4AKRCO
fM53RCqbT0cfM+Ut09zNvgWtwZEFx7wQFG2yeWd2ZKbgXuQMfeoeefb9kqKBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUYzXv7VV4R6ff/iuBzp15Ps76MHMwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMTJlMzEzNzM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMDMzMzAzNjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LVuwMA0GCSqGSIb3DQEBCwUAA4IBAQAkPGCB3lkXYBGZY/YS4aHzJTD/1EZhXMGJ
4RTffTj50cr9YDXWqmYk7R7r5/kOl81XPjXrjHWZGau6IZzG4B2KZ3ANiMgEOwmd
neHJpXjOSB8dDA5LpKHAKl75KHgnjXX6UOi1mpnPYDvbgXnqb/DeJ1YuVWdeIqfn
3NIku7saVbRdtVSDtGGC4KqEyVdjdsfK/saDVTKH9OHs3nGSXCSepWLZTwtbg3yp
wPHVPApEObNSjmeO8SglK8vT5O/V98wZbN1trXSDRkYD1T3BX1QRVEEZSDaIfem8
3mkGtHV/dVXj0dOESR0kne8fRS+QpiO7V23pMDcwvyHSeIbp7lFM
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org