Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39342e3231302e302f32342d3234203d3e20313437303439.roa
File:                     34352e39342e3231302e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          gNKrtIXhx/viw4pLI5E6qROqwWoAwuCh6TqPPfqSO/E=
Subject key identifier:   69:C9:98:2A:37:E2:29:CA:11:AC:2F:B1:D3:96:03:8B:39:58:BA:5A
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       5F80AB21B801A44716A7D0F712A94DA7833A39B8
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39342e3231302e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     147049
IP address blocks:        45.94.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:80:ab:21:b8:01:a4:47:16:a7:d0:f7:12:a9:4d:a7:83:3a:39:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=69C9982A37E229CA11AC2FB1D396038B3958BA5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cd:14:95:b0:74:e0:00:63:ce:52:b2:1d:91:
                    f2:c4:0f:bc:8e:c4:81:31:7a:85:98:8e:ba:4f:f6:
                    ca:13:af:2e:55:b7:9f:aa:65:26:ec:0d:24:01:53:
                    64:95:65:84:c4:87:57:76:e1:51:4e:0b:9f:1d:8c:
                    79:14:3b:f9:87:59:a2:19:2a:75:ab:ca:ca:56:88:
                    f3:1b:cd:40:f5:a7:1c:06:5b:86:61:56:9f:b8:9a:
                    0a:8b:f7:00:2c:34:53:9b:b7:fa:c3:29:f7:f6:e7:
                    ed:fc:dd:e9:31:f1:17:67:87:9b:0a:3a:d3:b3:07:
                    00:2c:43:b0:cf:95:cf:38:2b:18:42:d3:ea:b7:f4:
                    90:b7:55:26:27:e1:89:24:d6:72:bf:e4:16:d5:c0:
                    d8:dc:32:25:c5:cf:b0:71:a9:70:27:5f:f7:d6:2b:
                    8b:8c:23:d8:d9:6d:19:91:7d:8f:97:aa:9d:60:1a:
                    4f:a2:a1:42:9c:5d:49:36:c4:df:d2:72:39:f9:1e:
                    41:47:c6:d6:9e:07:21:b3:81:28:e2:26:03:ea:46:
                    aa:ba:36:d5:39:33:47:84:62:ff:a9:79:0e:71:7c:
                    03:3f:4b:cd:8c:bf:c1:b0:a7:7f:3e:a0:89:72:d0:
                    c5:f9:98:39:80:b8:19:da:7c:1e:24:a3:34:b0:49:
                    fc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C9:98:2A:37:E2:29:CA:11:AC:2F:B1:D3:96:03:8B:39:58:BA:5A
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39342e3231302e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:79:d0:de:d6:30:c3:5c:ae:46:b3:4b:39:9d:21:b5:4a:b4:
         51:63:09:c5:7a:50:40:b7:38:93:f3:1a:95:d8:fa:0c:e0:17:
         55:15:2e:86:38:16:a6:26:2f:32:34:cb:44:b7:9c:bf:cb:ce:
         2e:31:7a:59:a8:1c:6b:ac:fb:88:b8:13:6b:35:aa:f0:05:1c:
         03:7e:86:48:2b:b8:3d:5d:c7:e0:72:40:95:ac:fa:c6:f8:70:
         64:83:5e:61:c2:4d:07:95:49:2a:a7:04:67:7d:bd:88:30:ad:
         2a:28:86:68:27:d5:a3:39:7f:e6:85:52:4e:f6:85:ec:bc:00:
         96:22:4d:c4:f2:70:b6:ae:3f:ea:8b:d7:2e:a5:a3:86:8e:c1:
         b0:46:45:dc:ef:fa:8d:d7:c8:94:02:2d:15:94:e6:74:20:46:
         1d:d9:6f:f8:db:c6:07:02:8a:80:54:68:82:4b:a7:25:49:33:
         ee:3a:8d:76:f9:09:0b:c7:dc:ff:20:91:56:76:95:74:83:26:
         e2:c6:79:c2:80:74:60:8c:59:15:e9:c6:77:03:72:ac:15:4c:
         34:86:c9:eb:b3:07:a7:08:46:a6:a3:c0:9e:12:0f:fd:9b:31:
         76:73:6b:43:45:67:61:21:63:f1:88:1b:52:7c:c8:42:ef:2a:
         11:0f:da:b1
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUX4CrIbgBpEcWp9D3EqlNp4M6ObgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKDY5Qzk5ODJBMzdFMjI5Q0ExMUFDMkZCMUQzOTYwMzhCMzk1OEJBNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfzRSVsHTgAGPOUrIdkfLED7yO
xIExeoWYjrpP9soTry5Vt5+qZSbsDSQBU2SVZYTEh1d24VFOC58djHkUO/mHWaIZ
KnWryspWiPMbzUD1pxwGW4ZhVp+4mgqL9wAsNFObt/rDKff25+383ekx8Rdnh5sK
OtOzBwAsQ7DPlc84KxhC0+q39JC3VSYn4Ykk1nK/5BbVwNjcMiXFz7BxqXAnX/fW
K4uMI9jZbRmRfY+Xqp1gGk+ioUKcXUk2xN/Scjn5HkFHxtaeByGzgSjiJgPqRqq6
NtU5M0eEYv+peQ5xfAM/S82Mv8Gwp38+oIly0MX5mDmAuBnafB4kozSwSfynAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUacmYKjfiKcoRrC+x05YDizlYulowHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzkzNDJlMzIzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM3MzAzNDM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LV7SMA0GCSqGSIb3DQEBCwUAA4IBAQBRedDe1jDDXK5Gs0s5nSG1SrRRYwnFelBA
tziT8xqV2PoM4BdVFS6GOBamJi8yNMtEt5y/y84uMXpZqBxrrPuIuBNrNarwBRwD
foZIK7g9XcfgckCVrPrG+HBkg15hwk0HlUkqpwRnfb2IMK0qKIZoJ9WjOX/mhVJO
9oXsvACWIk3E8nC2rj/qi9cupaOGjsGwRkXc7/qN18iUAi0VlOZ0IEYd2W/428YH
AoqAVGiCS6clSTPuOo12+QkLx9z/IJFWdpV0gybixnnCgHRgjFkV6cZ3A3KsFUw0
hsnrswenCEamo8CeEg/9mzF2c2tDRWdhIWPxiBtSfMhC7yoRD9qx
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org