Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135322e302f32342d3234203d3e20313336373837.roa
File:                     34352e31302e3135322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          qftk8zLy2pGbDaYLtc03or7Hqub5M7EkXaHs+RCh9FY=
Subject key identifier:   5E:6A:4E:D3:9C:7F:53:87:2F:76:E7:00:AC:2E:FD:7B:11:27:B7:8A
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       554A952EBD308701A48D058B2F1D44F6809737AC
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135322e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:22 +0000
ROA not before:           Mon 01 Apr 2024 13:58:22 +0000
ROA not after:            Mon 31 Mar 2025 14:03:22 +0000
asID:                     136787
IP address blocks:        45.10.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:4a:95:2e:bd:30:87:01:a4:8d:05:8b:2f:1d:44:f6:80:97:37:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:22 2024 GMT
            Not After : Mar 31 14:03:22 2025 GMT
        Subject: CN=5E6A4ED39C7F53872F76E700AC2EFD7B1127B78A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9a:d9:57:6e:28:bc:42:f3:dd:dc:e9:f8:9d:
                    3a:ce:5a:65:60:4d:0d:93:96:dc:d5:97:75:28:87:
                    96:95:e1:43:1d:29:aa:8c:83:3d:2e:86:e0:d3:65:
                    f3:bb:a6:66:cb:f0:b4:e0:dd:4c:62:02:28:11:bb:
                    26:bb:93:a2:df:c6:de:da:54:bd:d2:3a:80:b3:59:
                    db:49:1d:bd:b6:60:ac:c7:e4:73:9a:3d:bc:0c:65:
                    dc:8d:c0:1b:aa:bf:80:30:ff:17:7d:72:d7:49:b2:
                    b4:a4:81:37:9c:ca:ff:3a:d6:23:82:73:b3:fe:2c:
                    b8:2f:b9:46:a8:4b:29:24:f9:df:8d:04:bd:58:93:
                    60:69:c1:05:fe:22:e2:dc:04:60:cc:73:d4:8b:97:
                    08:d2:d4:da:e6:f2:f4:79:87:a2:93:ec:7d:2f:89:
                    91:9f:17:77:7e:c0:fb:49:b1:ad:25:58:1e:a3:75:
                    84:d1:b3:ff:29:3a:a5:d1:99:55:62:29:ec:94:67:
                    42:cd:88:01:55:41:83:37:16:33:28:7e:f9:bb:9b:
                    68:a3:b2:1d:de:6b:9e:76:bf:0f:d4:92:91:96:11:
                    47:32:22:a1:95:82:7c:9c:87:cf:da:5d:ff:b2:96:
                    cd:f9:12:bc:7d:22:7c:f9:00:b0:d0:de:10:04:2a:
                    a5:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6A:4E:D3:9C:7F:53:87:2F:76:E7:00:AC:2E:FD:7B:11:27:B7:8A
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:8c:f0:2b:7a:ad:b2:e9:dd:3d:12:fe:d2:3c:ef:36:7d:e4:
         98:18:8a:b6:6b:c3:a7:2a:c6:5a:6a:e3:33:63:e7:83:df:11:
         c8:32:0f:36:13:9c:d2:0d:b8:07:a2:52:bb:31:ac:8b:3e:fa:
         fa:4b:57:7d:24:2e:93:c2:52:c4:35:1a:d7:49:9d:31:71:81:
         e5:a6:3b:2b:45:8b:f1:09:b9:d4:5c:5c:64:8c:ad:57:24:d6:
         13:18:2c:b0:0b:fa:9f:40:80:9d:af:ef:4e:2b:cf:df:22:a3:
         7b:71:87:ca:f7:82:8b:00:e4:a7:86:27:cb:98:73:90:14:46:
         8e:7d:c7:14:a6:71:d6:05:68:bc:d0:79:d7:dc:3c:0a:c3:68:
         b5:58:17:35:22:70:a3:c4:eb:75:e6:82:f0:14:79:da:4b:b6:
         bb:4a:a5:10:f8:9d:c9:c2:cd:40:e9:c3:2f:0a:d5:0c:7b:9a:
         77:24:79:28:0d:7a:73:27:4c:d8:d0:94:65:af:d4:b2:a5:92:
         1b:47:9f:6a:4f:13:4a:23:72:75:89:90:77:45:b1:ad:57:0b:
         58:1f:2d:68:df:1e:45:4f:15:97:2d:6c:a3:8a:22:15:67:a8:
         ee:fe:a6:b6:e2:5a:5f:26:92:4a:23:f0:20:44:30:4d:d6:33:
         aa:ca:23:8a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUVUqVLr0whwGkjQWLLx1E9oCXN6wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjJaFw0yNTAzMzExNDAzMjJaMDMxMTAvBgNV
BAMTKDVFNkE0RUQzOUM3RjUzODcyRjc2RTcwMEFDMkVGRDdCMTEyN0I3OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkmtlXbii8QvPd3On4nTrOWmVg
TQ2TltzVl3Uoh5aV4UMdKaqMgz0uhuDTZfO7pmbL8LTg3UxiAigRuya7k6Lfxt7a
VL3SOoCzWdtJHb22YKzH5HOaPbwMZdyNwBuqv4Aw/xd9ctdJsrSkgTecyv861iOC
c7P+LLgvuUaoSykk+d+NBL1Yk2BpwQX+IuLcBGDMc9SLlwjS1Nrm8vR5h6KT7H0v
iZGfF3d+wPtJsa0lWB6jdYTRs/8pOqXRmVViKeyUZ0LNiAFVQYM3FjMofvm7m2ij
sh3ea552vw/UkpGWEUcyIqGVgnych8/aXf+yls35Erx9Inz5ALDQ3hAEKqVLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUXmpO05x/U4cvducArC79exEnt4owHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMDJlMzEzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LQqYMA0GCSqGSIb3DQEBCwUAA4IBAQBvjPAreq2y6d09Ev7SPO82feSYGIq2a8On
KsZaauMzY+eD3xHIMg82E5zSDbgHolK7MayLPvr6S1d9JC6TwlLENRrXSZ0xcYHl
pjsrRYvxCbnUXFxkjK1XJNYTGCywC/qfQICdr+9OK8/fIqN7cYfK94KLAOSnhifL
mHOQFEaOfccUpnHWBWi80HnX3DwKw2i1WBc1InCjxOt15oLwFHnaS7a7SqUQ+J3J
ws1A6cMvCtUMe5p3JHkoDXpzJ0zY0JRlr9SypZIbR59qTxNKI3J1iZB3RbGtVwtY
Hy1o3x5FTxWXLWyjiiIVZ6ju/qa24lpfJpJKI/AgRDBN1jOqyiOK
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org