Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135352e302f32342d3234203d3e20313336373837.roa
File:                     34352e31302e3135352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          3uWqfac50EUVcjBb4LTiuVhOmkbCmRDqOXaZGR8mh3I=
Subject key identifier:   8B:FD:5D:2C:AC:E2:4D:CC:E5:12:9C:73:F2:67:17:A8:05:75:6B:A9
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       094EC70F754B20F18FE57B961718E60464DECD7D
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135352e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:24 +0000
ROA not before:           Mon 01 Apr 2024 13:58:24 +0000
ROA not after:            Mon 31 Mar 2025 14:03:24 +0000
asID:                     136787
IP address blocks:        45.10.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:4e:c7:0f:75:4b:20:f1:8f:e5:7b:96:17:18:e6:04:64:de:cd:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:24 2024 GMT
            Not After : Mar 31 14:03:24 2025 GMT
        Subject: CN=8BFD5D2CACE24DCCE5129C73F26717A805756BA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:da:aa:c9:0f:2d:1f:91:d9:8c:88:7d:54:5c:
                    9b:6d:c3:23:4c:ce:8a:19:d0:3c:c6:cb:46:85:f6:
                    ff:22:a1:49:81:fe:42:0f:47:f7:98:6b:74:e6:a2:
                    2e:84:6b:54:73:98:5b:25:06:97:0e:ee:94:de:56:
                    05:26:9f:2e:f8:84:ea:99:90:b9:27:de:5c:79:a9:
                    ff:aa:91:ce:cc:ed:af:b9:66:3d:fb:2d:49:95:f3:
                    34:1a:e6:17:32:ae:3e:5e:0d:20:5a:a1:f0:f2:19:
                    51:9c:86:cb:db:cb:cf:dc:17:8b:29:1f:b9:60:b4:
                    d2:c8:a0:35:24:ba:6d:7f:31:aa:e7:49:7c:4f:53:
                    18:f0:7d:63:b4:96:f9:f2:cb:7b:b8:4c:2b:63:b0:
                    82:0f:e6:4e:89:09:97:53:5f:11:fe:64:15:75:ca:
                    9b:c1:1f:37:d7:c0:00:a6:54:8d:34:85:45:bd:e6:
                    5f:7f:1e:e0:33:54:5b:24:0d:80:ae:31:32:7a:bf:
                    bb:0d:53:95:84:dd:cf:6d:fc:4d:14:c8:10:c4:3d:
                    52:80:a5:94:a0:81:15:b0:d9:3c:97:1a:72:59:2e:
                    24:4d:23:ff:a1:4c:01:0e:e7:e0:c4:cd:0f:1e:09:
                    09:9d:3d:db:79:59:2a:02:f8:2d:c8:b7:3b:2b:43:
                    3b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:FD:5D:2C:AC:E2:4D:CC:E5:12:9C:73:F2:67:17:A8:05:75:6B:A9
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d8:3d:c8:f4:5d:32:7b:ca:f0:81:f6:ea:de:3d:1b:df:ad:
         ed:71:19:d0:c6:c0:1f:4e:d8:79:df:12:7d:a7:7a:d9:31:e8:
         fb:0f:1d:f7:e4:c2:92:42:79:80:dc:5d:33:8e:30:c7:24:df:
         85:99:e0:1d:98:c0:52:49:5e:a0:5e:ac:26:09:58:21:7d:ce:
         92:ea:5b:95:44:69:30:9b:bc:18:b7:e5:d1:43:97:c9:93:70:
         9d:c5:8a:83:56:4e:2f:05:3f:fa:6d:98:84:71:ef:da:38:7e:
         f8:02:04:e2:c8:9d:6b:cc:06:aa:85:56:33:2f:09:8f:4f:39:
         3b:7a:cb:d9:60:6b:c1:04:72:2c:17:c9:06:c5:d7:48:30:19:
         b5:cb:3d:1d:80:07:c7:c9:d2:fd:65:a3:0f:eb:0e:a0:c8:92:
         ad:80:0f:0b:f7:2e:af:98:57:9f:07:b7:5c:0b:c0:9d:3a:e4:
         e3:03:a0:a9:e4:8d:ba:98:92:60:bf:e0:a1:ff:b9:76:71:ff:
         5a:ac:95:33:5c:99:e1:97:1e:6c:e2:ec:bb:19:b0:75:e7:aa:
         3f:ca:d7:64:e3:8d:ed:60:fd:55:e2:70:ce:1c:34:75:3a:ce:
         d0:3b:90:d0:5c:dd:55:95:d3:17:c5:ac:7b:ed:43:90:c5:26:
         61:49:42:8a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUCU7HD3VLIPGP5XuWFxjmBGTezX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjRaFw0yNTAzMzExNDAzMjRaMDMxMTAvBgNV
BAMTKDhCRkQ1RDJDQUNFMjREQ0NFNTEyOUM3M0YyNjcxN0E4MDU3NTZCQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD72qrJDy0fkdmMiH1UXJttwyNM
zooZ0DzGy0aF9v8ioUmB/kIPR/eYa3Tmoi6Ea1RzmFslBpcO7pTeVgUmny74hOqZ
kLkn3lx5qf+qkc7M7a+5Zj37LUmV8zQa5hcyrj5eDSBaofDyGVGchsvby8/cF4sp
H7lgtNLIoDUkum1/MarnSXxPUxjwfWO0lvnyy3u4TCtjsIIP5k6JCZdTXxH+ZBV1
ypvBHzfXwACmVI00hUW95l9/HuAzVFskDYCuMTJ6v7sNU5WE3c9t/E0UyBDEPVKA
pZSggRWw2TyXGnJZLiRNI/+hTAEO5+DEzQ8eCQmdPdt5WSoC+C3ItzsrQztpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUi/1dLKziTczlEpxz8mcXqAV1a6kwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMDJlMzEzNTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LQqbMA0GCSqGSIb3DQEBCwUAA4IBAQCB2D3I9F0ye8rwgfbq3j0b363tcRnQxsAf
Tth53xJ9p3rZMej7Dx335MKSQnmA3F0zjjDHJN+FmeAdmMBSSV6gXqwmCVghfc6S
6luVRGkwm7wYt+XRQ5fJk3CdxYqDVk4vBT/6bZiEce/aOH74AgTiyJ1rzAaqhVYz
LwmPTzk7esvZYGvBBHIsF8kGxddIMBm1yz0dgAfHydL9ZaMP6w6gyJKtgA8L9y6v
mFefB7dcC8CdOuTjA6Cp5I26mJJgv+Ch/7l2cf9arJUzXJnhlx5s4uy7GbB156o/
ytdk443tYP1V4nDOHDR1Os7QO5DQXN1VldMXxax77UOQxSZhSUKK
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org