Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130352e302f32342d3234203d3e203632323430.roa
File:                     34352e3133302e3130352e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          lX2sEK3CQFOUIEEvDKDAeEBNxEGaeFaAzuJchjdWAO8=
Subject key identifier:   31:88:F9:B0:0C:62:B2:F1:3D:44:60:2F:20:B0:86:43:12:69:3D:76
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       05AE5C6C6D6AE5918176DD912A7DA0E02F30C18B
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130352e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 01 Apr 2024 14:03:25 +0000
ROA not before:           Mon 01 Apr 2024 13:58:25 +0000
ROA not after:            Mon 31 Mar 2025 14:03:25 +0000
asID:                     62240
IP address blocks:        45.130.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ae:5c:6c:6d:6a:e5:91:81:76:dd:91:2a:7d:a0:e0:2f:30:c1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:25 2024 GMT
            Not After : Mar 31 14:03:25 2025 GMT
        Subject: CN=3188F9B00C62B2F13D44602F20B0864312693D76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:c0:0d:04:2e:2e:40:e8:70:65:2d:c2:c5:
                    35:9a:7b:45:c7:ce:5f:d1:c1:11:ea:e1:07:0e:34:
                    7a:98:98:3c:d1:cf:19:30:7c:56:10:8e:56:a9:52:
                    34:26:7a:cd:1d:ae:52:34:88:7f:c2:49:2a:ca:20:
                    6c:d4:2a:ac:81:aa:13:58:5b:7a:42:f5:32:ec:fa:
                    7b:6a:ea:7a:3f:9a:ba:7a:d4:c4:1a:0f:68:1b:8d:
                    89:ab:c4:ab:5b:f9:bb:4a:17:85:ed:e5:48:29:00:
                    34:1b:a4:3b:6f:a9:8c:6f:97:b7:63:eb:7c:2c:8e:
                    77:43:5e:ec:e2:2b:ba:dc:16:50:68:4c:59:cf:08:
                    7c:13:81:2e:ac:5f:35:4a:ac:5f:0e:f8:5d:0d:db:
                    db:6e:49:7c:55:99:02:03:b3:1d:17:54:7e:ef:eb:
                    1a:55:91:dd:00:40:ea:24:a9:9a:fd:4d:23:79:e8:
                    30:bb:f6:9a:a8:ca:db:c6:56:d8:ac:60:71:f9:12:
                    c2:10:c3:7f:83:45:39:b0:63:24:01:21:6a:0c:77:
                    ed:bd:c4:2a:6d:29:c3:c8:14:56:30:4e:66:b0:ea:
                    e7:db:a5:bb:c2:81:d3:1a:6d:cc:ee:d1:d1:ae:3c:
                    3f:2d:1b:5a:a0:5f:3d:c4:80:67:e3:d9:ec:56:b7:
                    67:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:88:F9:B0:0C:62:B2:F1:3D:44:60:2F:20:B0:86:43:12:69:3D:76
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130352e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:cd:f9:d3:e3:1d:25:f6:37:d7:fe:77:09:73:2b:c9:f8:58:
         67:d9:53:20:b5:0f:3d:4c:d0:57:06:0f:2a:20:6c:50:ce:41:
         fe:93:e6:39:6b:40:3b:c4:46:1b:4b:2c:71:b9:79:a3:c9:97:
         21:8d:e2:f9:b9:ad:73:96:7d:e4:41:43:1f:45:40:c1:c5:9d:
         9b:91:e4:38:e1:bd:11:d1:61:4c:cf:2e:dc:98:a3:89:1d:72:
         42:6a:38:28:30:0f:10:ef:b4:13:28:69:92:65:28:f6:04:e6:
         a0:5f:8d:1e:d6:c5:ab:b2:7f:eb:2e:0d:0d:11:a2:19:56:11:
         83:41:56:ee:eb:9f:55:3b:fc:79:81:6b:53:3f:52:88:b1:4b:
         c7:1c:a5:46:eb:53:cd:b4:e5:44:39:3b:35:ea:83:5f:3d:25:
         62:35:92:bc:f1:52:cf:47:eb:94:3c:1b:da:1d:da:71:5b:64:
         bc:4a:3e:8b:e9:c8:00:1b:63:38:f4:4e:94:97:66:18:31:0b:
         bd:59:28:5c:21:c6:c2:2d:c0:1c:47:40:93:23:50:12:1f:d3:
         18:f2:32:af:02:82:c4:5f:bf:5a:17:6e:10:b7:59:ac:28:f2:
         d6:49:94:39:fb:54:26:d2:22:dc:7d:e5:d3:81:78:2b:51:bf:
         50:d4:cd:e0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUBa5cbG1q5ZGBdt2RKn2g4C8wwYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjVaFw0yNTAzMzExNDAzMjVaMDMxMTAvBgNV
BAMTKDMxODhGOUIwMEM2MkIyRjEzRDQ0NjAyRjIwQjA4NjQzMTI2OTNENzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIsANBC4uQOhwZS3CxTWae0XH
zl/RwRHq4QcONHqYmDzRzxkwfFYQjlapUjQmes0drlI0iH/CSSrKIGzUKqyBqhNY
W3pC9TLs+ntq6no/mrp61MQaD2gbjYmrxKtb+btKF4Xt5UgpADQbpDtvqYxvl7dj
63wsjndDXuziK7rcFlBoTFnPCHwTgS6sXzVKrF8O+F0N29tuSXxVmQIDsx0XVH7v
6xpVkd0AQOokqZr9TSN56DC79pqoytvGVtisYHH5EsIQw3+DRTmwYyQBIWoMd+29
xCptKcPIFFYwTmaw6ufbpbvCgdMabczu0dGuPD8tG1qgXz3EgGfj2exWt2eNAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUMYj5sAxisvE9RGAvILCGQxJpPXYwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMzMwMmUzMTMw
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMyMzIzNDMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LYJpMA0GCSqGSIb3DQEBCwUAA4IBAQB+zfnT4x0l9jfX/ncJcyvJ+Fhn2VMgtQ89
TNBXBg8qIGxQzkH+k+Y5a0A7xEYbSyxxuXmjyZchjeL5ua1zln3kQUMfRUDBxZ2b
keQ44b0R0WFMzy7cmKOJHXJCajgoMA8Q77QTKGmSZSj2BOagX40e1sWrsn/rLg0N
EaIZVhGDQVbu659VO/x5gWtTP1KIsUvHHKVG61PNtOVEOTs16oNfPSViNZK88VLP
R+uUPBvaHdpxW2S8Sj6L6cgAG2M49E6Ul2YYMQu9WShcIcbCLcAcR0CTI1ASH9MY
8jKvAoLEX79aF24Qt1msKPLWSZQ5+1Qm0iLcfeXTgXgrUb9Q1M3g
-----END CERTIFICATE-----
Generated at Sun Nov 24 21:02:16 2024 by rpki-client on console-fra.rpki-client.org