Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e31302e302f32332d3332203d3e203531313637.roa
File:                     34352e39322e31302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          d2x6D78RmRAZGxBl8ogvAop1FwBQ0EfPVl1vp5zeYVU=
Subject key identifier:   DB:AC:9A:4A:4F:4B:51:90:62:FC:B0:86:17:64:4F:67:B0:74:9F:B4
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       5B8B96934DB32603CFC02651E26D5FD42755D437
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e31302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:52:04 +0000
ROA not before:           Wed 22 May 2024 12:47:04 +0000
ROA not after:            Wed 21 May 2025 12:52:04 +0000
asID:                     51167
IP address blocks:        45.92.10.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:8b:96:93:4d:b3:26:03:cf:c0:26:51:e2:6d:5f:d4:27:55:d4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: May 22 12:47:04 2024 GMT
            Not After : May 21 12:52:04 2025 GMT
        Subject: CN=DBAC9A4A4F4B519062FCB08617644F67B0749FB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:90:36:e8:7f:86:e1:14:2d:28:88:3b:3f:b6:
                    29:dd:9d:85:99:ce:7e:e1:0c:cc:8d:ea:eb:e6:b9:
                    d5:3d:41:3a:b6:62:1d:a6:0e:f1:c9:5e:73:83:78:
                    56:43:cb:ad:15:6e:9f:07:b4:fe:26:6b:38:ee:f5:
                    1c:32:f2:c2:ae:e4:a7:22:de:1f:da:44:2e:dd:75:
                    0d:4c:99:b7:5e:39:15:48:e2:f1:c9:03:fa:b7:13:
                    fa:7b:6b:d1:80:b9:90:93:8f:39:12:d4:47:64:61:
                    09:fe:df:d8:af:23:e2:d1:67:99:fc:23:cd:76:5d:
                    00:2e:74:56:9d:98:c9:47:ac:ea:32:25:19:76:f2:
                    0e:48:bd:d1:bd:a4:11:04:33:bd:1c:65:d5:ce:b7:
                    0f:05:3f:17:b8:f2:30:26:2f:4c:ae:93:31:1c:4f:
                    e6:67:96:91:cc:1e:66:bc:91:16:b9:49:03:f9:c4:
                    ca:7b:81:98:b8:21:c2:e8:41:44:00:be:01:f6:f4:
                    b3:b2:c0:60:6a:be:5c:56:6a:ad:9d:8d:fb:0a:af:
                    b1:d8:2d:2e:ad:26:1a:4b:1c:e1:20:68:44:2d:f4:
                    09:21:60:67:66:83:a9:93:3b:73:d2:25:7f:81:f6:
                    59:30:e3:f1:7b:5d:be:8c:18:77:e1:14:81:32:be:
                    8b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AC:9A:4A:4F:4B:51:90:62:FC:B0:86:17:64:4F:67:B0:74:9F:B4
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e31302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:44:b3:82:34:f1:ef:ee:a7:32:85:75:a4:70:54:5e:5d:74:
         b0:9d:21:16:d9:f7:80:3f:c2:f4:70:43:fd:db:93:94:47:1c:
         8e:6b:87:44:1f:06:3a:4b:13:bd:64:7c:73:55:b2:0c:89:8f:
         43:39:06:df:b9:ef:3d:29:f5:74:61:a5:10:1d:d6:3d:80:30:
         07:3d:fe:4d:49:e4:3a:a0:fb:ff:2e:b7:19:f9:58:45:4a:32:
         f1:40:41:db:e5:3a:c7:75:69:7d:a6:fe:25:48:bf:61:45:19:
         5e:c4:96:e5:93:00:3d:45:71:66:48:6d:41:1b:1d:25:5f:d2:
         c6:c2:5e:94:d9:ec:c8:61:80:a2:9d:99:8c:86:f1:56:7e:20:
         66:e4:3f:23:a4:a4:08:60:f8:9c:fb:fa:3f:51:ab:17:75:f0:
         6c:32:9d:30:06:48:ea:c3:03:cd:de:68:99:fb:3c:8d:dd:78:
         10:81:63:02:67:b1:a7:e0:fa:d9:8d:b7:2a:3a:1d:18:fc:a1:
         b2:1c:e3:36:36:a3:74:f5:37:12:53:b9:a6:51:f7:4c:19:b0:
         ce:9f:b7:ac:aa:5c:fc:e7:d4:31:e2:de:6f:2d:34:9d:52:17:
         e6:2d:19:fd:6e:0d:a1:b0:8e:a8:0d:cd:3d:3a:e9:87:00:8b:
         75:be:ac:0c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW4uWk02zJgPPwCZR4m1f1CdV1DcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA1MjIxMjQ3MDRaFw0yNTA1MjExMjUyMDRaMDMxMTAvBgNV
BAMTKERCQUM5QTRBNEY0QjUxOTA2MkZDQjA4NjE3NjQ0RjY3QjA3NDlGQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSkDbof4bhFC0oiDs/tindnYWZ
zn7hDMyN6uvmudU9QTq2Yh2mDvHJXnODeFZDy60Vbp8HtP4mazju9Rwy8sKu5Kci
3h/aRC7ddQ1MmbdeORVI4vHJA/q3E/p7a9GAuZCTjzkS1EdkYQn+39ivI+LRZ5n8
I812XQAudFadmMlHrOoyJRl28g5IvdG9pBEEM70cZdXOtw8FPxe48jAmL0yukzEc
T+ZnlpHMHma8kRa5SQP5xMp7gZi4IcLoQUQAvgH29LOywGBqvlxWaq2djfsKr7HY
LS6tJhpLHOEgaEQt9AkhYGdmg6mTO3PSJX+B9lkw4/F7Xb6MGHfhFIEyvostAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU26yaSk9LUZBi/LCGF2RPZ7B0n7QwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzkzMjJlMzEzMDJl
MzAyZjMyMzMyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtXAow
DQYJKoZIhvcNAQELBQADggEBAG9Es4I08e/upzKFdaRwVF5ddLCdIRbZ94A/wvRw
Q/3bk5RHHI5rh0QfBjpLE71kfHNVsgyJj0M5Bt+57z0p9XRhpRAd1j2AMAc9/k1J
5Dqg+/8utxn5WEVKMvFAQdvlOsd1aX2m/iVIv2FFGV7EluWTAD1FcWZIbUEbHSVf
0sbCXpTZ7MhhgKKdmYyG8VZ+IGbkPyOkpAhg+Jz7+j9Rqxd18GwynTAGSOrDA83e
aJn7PI3deBCBYwJnsafg+tmNtyo6HRj8obIc4zY2o3T1NxJTuaZR90wZsM6ft6yq
XPzn1DHi3m8tNJ1SF+YtGf1uDaGwjqgNzT066YcAi3W+rAw=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org