Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135352e34332e302f32342d3234203d3e20313336373837.roa
File:                     34352e3135352e34332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          JeYDbaRYWGruLW9UJfmf5tNhr8cI9YVPfbzg63W1bAM=
Subject key identifier:   BC:75:F2:C1:E3:B7:10:44:B0:F3:0D:98:A4:C1:71:23:39:AA:5D:F3
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       2A1D83EA0AB8A837F9EE0E7451E47C68AB55691D
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135352e34332e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 20 May 2024 17:03:45 +0000
ROA not before:           Mon 20 May 2024 16:58:45 +0000
ROA not after:            Mon 19 May 2025 17:03:45 +0000
asID:                     136787
IP address blocks:        45.155.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:1d:83:ea:0a:b8:a8:37:f9:ee:0e:74:51:e4:7c:68:ab:55:69:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: May 20 16:58:45 2024 GMT
            Not After : May 19 17:03:45 2025 GMT
        Subject: CN=BC75F2C1E3B71044B0F30D98A4C1712339AA5DF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cc:da:8f:7f:96:29:bb:23:0e:27:fc:6f:ff:
                    9e:fd:b3:db:20:58:48:45:ab:35:a0:59:d6:28:53:
                    76:6b:a8:04:33:d7:f6:33:b6:07:a1:a9:06:f5:4b:
                    ec:6d:a5:3e:d0:a2:0f:53:34:68:86:3e:34:a8:84:
                    0c:ee:61:05:7a:7c:ad:c9:3b:9b:e4:2d:cd:71:d6:
                    f4:83:a6:6c:22:6e:b3:87:46:7e:26:8a:9f:a1:9a:
                    03:c5:86:08:fb:82:f7:a6:00:93:36:ce:16:27:65:
                    cc:88:10:e6:10:2a:55:6e:78:a9:8e:6d:c3:e1:56:
                    c8:35:8e:16:b2:a4:c5:14:97:ba:20:53:97:c0:a0:
                    68:6b:33:36:7c:36:c8:29:42:34:b8:10:43:cb:24:
                    20:43:fb:7b:b1:8c:77:c0:c2:55:fb:ca:4a:21:a5:
                    40:fa:91:19:f8:67:0b:50:cf:4f:4e:fa:d9:30:cd:
                    4a:52:5a:0b:a5:ae:24:76:53:8c:ed:56:73:3b:55:
                    54:fd:df:26:7b:bd:51:24:1e:88:00:76:e2:e9:bf:
                    8e:49:4d:b9:12:2c:5b:be:dc:67:35:e7:b8:2d:f5:
                    f4:25:5a:7f:73:1d:d1:43:fe:a7:91:55:aa:45:ac:
                    01:7f:d9:c1:e6:99:bc:09:ed:e2:22:a8:8c:f0:b9:
                    7c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:75:F2:C1:E3:B7:10:44:B0:F3:0D:98:A4:C1:71:23:39:AA:5D:F3
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3135352e34332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:5a:9d:53:d0:d9:aa:8c:4f:69:15:58:50:48:46:39:b9:53:
         05:71:70:10:de:17:3d:50:da:8f:af:28:a2:a2:fb:8f:0e:ba:
         e2:86:59:64:6b:b3:6c:3c:1f:b9:41:be:fc:fd:a6:62:53:3c:
         17:a4:40:c4:9c:0c:1e:2f:8b:52:e4:55:fe:bc:96:4c:a9:a4:
         db:79:42:e2:43:05:5e:7c:6e:e0:07:83:58:0b:1c:d5:68:b8:
         85:d7:fe:52:30:52:e6:aa:a7:5b:5b:07:d1:72:50:24:94:dc:
         08:f7:50:e6:5a:30:08:84:25:1b:2d:dc:42:94:e7:d2:e0:69:
         62:cb:b1:c1:c6:8d:3c:66:7e:4a:9e:67:90:1a:52:9b:5c:f4:
         7b:2b:30:fa:1e:44:6e:cd:9e:f4:bc:8b:ad:6e:26:ef:d7:01:
         db:1b:33:d5:6f:77:74:09:59:5b:cc:30:4a:24:a1:14:aa:55:
         f3:e1:23:34:19:07:78:21:11:11:c8:ad:0e:83:a6:f5:32:6b:
         7c:cd:6d:fa:4d:bb:fc:81:9e:68:bd:ce:f6:b2:08:cf:5d:d9:
         23:42:d5:17:55:16:97:6f:04:46:b3:29:83:7b:d1:54:12:26:
         dc:3b:9f:56:fa:e3:24:68:72:a3:90:3d:88:c2:59:5e:81:ff:
         d3:bf:d5:16
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUKh2D6gq4qDf57g50UeR8aKtVaR0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA1MjAxNjU4NDVaFw0yNTA1MTkxNzAzNDVaMDMxMTAvBgNV
BAMTKEJDNzVGMkMxRTNCNzEwNDRCMEYzMEQ5OEE0QzE3MTIzMzlBQTVERjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdzNqPf5YpuyMOJ/xv/579s9sg
WEhFqzWgWdYoU3ZrqAQz1/YztgehqQb1S+xtpT7Qog9TNGiGPjSohAzuYQV6fK3J
O5vkLc1x1vSDpmwibrOHRn4mip+hmgPFhgj7gvemAJM2zhYnZcyIEOYQKlVueKmO
bcPhVsg1jhaypMUUl7ogU5fAoGhrMzZ8NsgpQjS4EEPLJCBD+3uxjHfAwlX7ykoh
pUD6kRn4ZwtQz09O+tkwzUpSWgulriR2U4ztVnM7VVT93yZ7vVEkHogAduLpv45J
TbkSLFu+3Gc157gt9fQlWn9zHdFD/qeRVapFrAF/2cHmmbwJ7eIiqIzwuXy9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUvHXyweO3EESw8w2YpMFxIzmqXfMwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzNTM1MmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZsrMA0GCSqGSIb3DQEBCwUAA4IBAQCgWp1T0NmqjE9pFVhQSEY5uVMFcXAQ3hc9
UNqPryiiovuPDrrihllka7NsPB+5Qb78/aZiUzwXpEDEnAweL4tS5FX+vJZMqaTb
eULiQwVefG7gB4NYCxzVaLiF1/5SMFLmqqdbWwfRclAklNwI91DmWjAIhCUbLdxC
lOfS4Gliy7HBxo08Zn5KnmeQGlKbXPR7KzD6HkRuzZ70vIutbibv1wHbGzPVb3d0
CVlbzDBKJKEUqlXz4SM0GQd4IRERyK0Og6b1Mmt8zW36Tbv8gZ5ovc72sgjPXdkj
QtUXVRaXbwRGsymDe9FUEibcO59W+uMkaHKjkD2Iwllegf/Tv9UW
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org