Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135312e3132332e302f32342d3332203d3e203531313637.roa
File:                     34352e3135312e3132332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          TcPZsaJ5511CiyA1e6aH1ROT6t27BoLSZ0kpJBZl+dk=
Subject key identifier:   FD:0A:E8:C4:67:06:C4:F3:BE:63:9B:24:CB:18:FA:ED:D1:17:70:53
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4E6BB264396A9B607B43C4379EBD90334A62C9BD
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135312e3132332e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:39 +0000
ROA not before:           Mon 26 Feb 2024 08:48:39 +0000
ROA not after:            Mon 24 Feb 2025 08:53:39 +0000
asID:                     51167
IP address blocks:        45.151.123.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:6b:b2:64:39:6a:9b:60:7b:43:c4:37:9e:bd:90:33:4a:62:c9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:39 2024 GMT
            Not After : Feb 24 08:53:39 2025 GMT
        Subject: CN=FD0AE8C46706C4F3BE639B24CB18FAEDD1177053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:86:01:c1:33:35:84:29:55:01:6d:d6:b1:de:
                    91:50:24:d7:1e:1d:5a:a4:d6:67:56:31:07:4d:bb:
                    1b:ce:83:a7:79:11:62:7b:6b:35:34:b5:cd:4e:52:
                    ad:e6:eb:72:41:26:07:f4:2b:02:f9:b8:7e:c1:70:
                    73:7d:e2:f3:a2:13:69:1e:84:96:3e:09:06:54:84:
                    80:77:f7:1f:70:c4:d5:5b:ae:1e:c1:c9:42:eb:76:
                    29:cd:38:f9:3e:ce:36:95:8f:9d:05:97:a0:25:89:
                    f3:ae:93:b5:36:eb:18:c8:59:0a:af:bb:1f:5d:25:
                    40:34:a0:09:02:41:fa:6f:65:32:b2:bd:c2:ad:2b:
                    4f:df:ae:74:b8:a4:af:7a:a9:f5:eb:f3:2e:20:59:
                    a5:7c:03:59:a1:10:fe:12:51:50:22:94:4b:95:9a:
                    f3:6a:dd:6c:dd:c1:05:76:03:35:cf:20:4e:33:13:
                    a8:17:b5:96:75:41:ac:bf:fa:52:58:44:28:3d:39:
                    69:55:22:23:f9:a3:41:0f:56:8d:eb:a4:34:6a:52:
                    c6:6e:f7:54:e2:0d:cf:59:92:c4:1c:dd:11:59:68:
                    fd:11:0e:91:45:fd:94:b6:b8:a6:11:1e:0b:55:f4:
                    d8:04:7e:87:f3:b4:ec:6e:17:8c:80:8f:34:eb:8e:
                    34:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:0A:E8:C4:67:06:C4:F3:BE:63:9B:24:CB:18:FA:ED:D1:17:70:53
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135312e3132332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:fa:85:83:ef:28:ad:36:7a:9b:91:dc:53:a4:20:1d:df:60:
         8a:37:9f:49:a8:8e:da:c7:7c:a0:9e:f4:14:ed:43:b9:58:bc:
         35:ba:9e:81:2b:f8:f9:dd:f9:f8:3a:2f:78:44:f8:24:7e:c8:
         9e:00:34:4b:b6:a2:72:02:24:13:b4:72:a5:74:2e:59:2a:28:
         8d:96:ca:e2:6f:26:5c:b2:d4:e3:db:40:83:3c:e8:f0:36:8b:
         c9:5d:22:ec:09:28:d8:b0:b3:9f:0a:05:e2:91:b0:24:36:91:
         b0:21:3c:11:61:81:88:68:e6:f3:67:7b:5b:02:53:96:f1:5f:
         69:52:ea:db:3c:ca:8d:bd:40:32:f9:82:34:e7:7c:66:85:8a:
         91:86:9b:1a:c7:5e:b5:a3:d7:c7:d1:50:c2:e8:e6:ae:8a:30:
         b0:9f:e2:6f:f3:ae:f4:47:0a:07:03:cc:f5:f1:df:b7:ba:77:
         c2:d7:36:07:09:71:8c:25:42:ee:a3:7b:c1:c7:5e:86:40:9d:
         cc:e1:a8:a6:34:d5:3f:04:3e:6f:87:e5:1c:84:8c:d0:46:58:
         1c:5f:bc:54:5e:e6:7d:e9:97:e0:10:be:f5:5e:6e:2a:fc:34:
         9e:a8:59:c6:08:a6:7d:b5:f2:5e:81:4f:2e:64:9a:9b:1c:33:
         a0:c4:ec:8c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTmuyZDlqm2B7Q8Q3nr2QM0piyb0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzlaFw0yNTAyMjQwODUzMzlaMDMxMTAvBgNV
BAMTKEZEMEFFOEM0NjcwNkM0RjNCRTYzOUIyNENCMThGQUVERDExNzcwNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEhgHBMzWEKVUBbdax3pFQJNce
HVqk1mdWMQdNuxvOg6d5EWJ7azU0tc1OUq3m63JBJgf0KwL5uH7BcHN94vOiE2ke
hJY+CQZUhIB39x9wxNVbrh7ByULrdinNOPk+zjaVj50Fl6AlifOuk7U26xjIWQqv
ux9dJUA0oAkCQfpvZTKyvcKtK0/frnS4pK96qfXr8y4gWaV8A1mhEP4SUVAilEuV
mvNq3WzdwQV2AzXPIE4zE6gXtZZ1Qay/+lJYRCg9OWlVIiP5o0EPVo3rpDRqUsZu
91TiDc9ZksQc3RFZaP0RDpFF/ZS2uKYRHgtV9NgEfofztOxuF4yAjzTrjjQ5AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU/QroxGcGxPO+Y5skyxj67dEXcFMwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzNTMxMmUzMTMy
MzMyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZd7MA0GCSqGSIb3DQEBCwUAA4IBAQAT+oWD7yitNnqbkdxTpCAd32CKN59JqI7a
x3ygnvQU7UO5WLw1up6BK/j53fn4Oi94RPgkfsieADRLtqJyAiQTtHKldC5ZKiiN
lsribyZcstTj20CDPOjwNovJXSLsCSjYsLOfCgXikbAkNpGwITwRYYGIaObzZ3tb
AlOW8V9pUurbPMqNvUAy+YI053xmhYqRhpsax161o9fH0VDC6OauijCwn+Jv8670
RwoHA8z18d+3unfC1zYHCXGMJULuo3vBx16GQJ3M4aimNNU/BD5vh+UchIzQRlgc
X7xUXuZ96ZfgEL71Xm4q/DSeqFnGCKZ9tfJegU8uZJqbHDOgxOyM
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org