Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130342e302f32342d3332203d3e203531313637.roa
File:                     34352e3133302e3130342e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          q2sfwe1m5DpFJ2mWHnpwoM2zUo/f19weqla08yqJB8Q=
Subject key identifier:   7E:43:33:EF:57:98:9F:C6:EE:23:8C:4F:EE:96:CD:C7:3F:01:91:DE
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       65114D00D4BC20A5C6E2455B38FCD5B689281134
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130342e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     51167
IP address blocks:        45.130.104.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:11:4d:00:d4:bc:20:a5:c6:e2:45:5b:38:fc:d5:b6:89:28:11:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=7E4333EF57989FC6EE238C4FEE96CDC73F0191DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2e:83:d4:26:a0:36:f7:2a:0a:17:25:3c:cf:
                    8d:2b:12:3b:b6:d0:af:7f:a0:ba:eb:06:9a:ef:36:
                    3d:66:1b:dc:30:f0:67:4f:74:6f:c5:68:7a:76:b8:
                    db:90:de:e4:30:11:dc:f3:87:a6:54:0b:c2:6b:ef:
                    b1:99:89:48:fa:f0:9a:6a:28:17:6f:c6:55:3a:ce:
                    98:08:28:61:4d:17:ed:42:aa:03:fe:f3:9a:d2:19:
                    80:9c:ea:d9:4c:f4:38:a0:87:df:b1:7a:42:b5:b5:
                    4a:37:10:b8:ea:4a:06:6d:17:b4:4d:49:64:58:9f:
                    c3:c5:0d:dc:17:65:84:a4:da:10:ec:17:ec:6c:24:
                    f0:50:c5:f8:77:0b:6a:b1:04:3d:16:e6:42:ef:92:
                    37:e7:04:0e:4b:74:7f:8c:ab:c4:2c:72:a0:92:cb:
                    6a:03:c7:44:0b:10:96:e5:a4:be:56:a4:fb:ab:8e:
                    68:ce:e6:88:ad:1f:0d:a2:da:0b:5f:ce:78:d9:51:
                    8e:75:af:19:cc:f3:d4:c1:0e:8d:8f:f5:1f:a9:c8:
                    c7:8a:a7:ca:17:f0:34:98:ce:b8:c2:aa:f3:28:85:
                    35:b0:79:e3:b7:55:26:d8:d7:75:53:9c:00:60:c4:
                    b5:6f:43:eb:00:3d:49:75:4f:e2:30:07:90:4f:19:
                    6b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:43:33:EF:57:98:9F:C6:EE:23:8C:4F:EE:96:CD:C7:3F:01:91:DE
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130342e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ca:b3:15:fd:c6:7d:3a:82:7b:dc:8b:5c:97:16:9a:df:2c:
         57:5c:21:0b:88:95:3f:50:04:3a:41:d6:7c:3a:9f:d4:7f:a6:
         cb:97:a1:a7:40:40:56:71:d4:41:ba:dd:b1:b8:ab:56:5e:29:
         70:67:a8:ce:6c:1c:00:04:ef:da:ac:ec:2e:e8:94:12:eb:c5:
         13:6f:f9:d6:22:3e:f8:bc:e0:a3:06:4a:cd:55:4a:30:85:95:
         57:bd:4b:c0:22:6d:9b:83:85:cb:1d:33:4d:9f:fa:54:c9:41:
         51:12:c4:11:78:fc:4c:8e:1b:3d:f0:da:8f:66:98:e5:14:dc:
         37:54:90:96:c6:e7:35:19:83:9f:1f:98:6e:8a:af:83:d4:1f:
         1b:5e:e6:86:1f:30:00:f8:21:97:09:cf:aa:bd:c9:65:b3:f2:
         1f:38:88:a2:7a:6a:73:68:b9:21:e4:c8:1b:f0:16:f8:ea:d7:
         3c:b0:13:04:6b:39:02:d9:3a:73:a3:2f:f2:9a:04:ec:bd:1e:
         1d:78:d7:bd:79:a2:8e:8a:93:44:82:31:47:fb:ae:a6:fe:b7:
         8f:7d:e0:34:22:fc:5c:29:66:55:5c:89:32:2e:a5:8b:d2:0e:
         fb:08:cf:2f:28:88:ee:62:8c:72:6b:d1:2a:ad:3b:18:bc:dd:
         f6:93:11:de
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUZRFNANS8IKXG4kVbOPzVtokoETQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKDdFNDMzM0VGNTc5ODlGQzZFRTIzOEM0RkVFOTZDREM3M0YwMTkxREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXLoPUJqA29yoKFyU8z40rEju2
0K9/oLrrBprvNj1mG9ww8GdPdG/FaHp2uNuQ3uQwEdzzh6ZUC8Jr77GZiUj68Jpq
KBdvxlU6zpgIKGFNF+1CqgP+85rSGYCc6tlM9Digh9+xekK1tUo3ELjqSgZtF7RN
SWRYn8PFDdwXZYSk2hDsF+xsJPBQxfh3C2qxBD0W5kLvkjfnBA5LdH+Mq8QscqCS
y2oDx0QLEJblpL5WpPurjmjO5oitHw2i2gtfznjZUY51rxnM89TBDo2P9R+pyMeK
p8oX8DSYzrjCqvMohTWweeO3VSbY13VTnABgxLVvQ+sAPUl1T+IwB5BPGWtXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUfkMz71eYn8buI4xP7pbNxz8Bkd4wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMzMwMmUzMTMw
MzQyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYJoMA0GCSqGSIb3DQEBCwUAA4IBAQB8yrMV/cZ9OoJ73Itclxaa3yxXXCELiJU/
UAQ6QdZ8Op/Uf6bLl6GnQEBWcdRBut2xuKtWXilwZ6jObBwABO/arOwu6JQS68UT
b/nWIj74vOCjBkrNVUowhZVXvUvAIm2bg4XLHTNNn/pUyUFREsQRePxMjhs98NqP
ZpjlFNw3VJCWxuc1GYOfH5huiq+D1B8bXuaGHzAA+CGXCc+qvclls/IfOIiiempz
aLkh5Mgb8Bb46tc8sBMEazkC2Tpzoy/ymgTsvR4deNe9eaKOipNEgjFH+66m/reP
feA0IvxcKWZVXIkyLqWL0g77CM8vKIjuYoxya9EqrTsYvN32kxHe
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org