Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3132382e3136302e302f32322d3234203d3e203437353833.roa
File:                     34352e3132382e3136302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          zZYi22XOZCF9CQdpfq88hkAL45iUb4THntc+vI1cWDA=
Subject key identifier:   27:E3:1B:8B:A1:E5:70:FC:4A:A8:DB:E7:C4:36:91:DA:65:7E:41:5E
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       49A1F2DB21B63AE6CBDFB44A66E84F5870E5CC57
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3132382e3136302e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:46 +0000
ROA not before:           Mon 26 Feb 2024 08:48:46 +0000
ROA not after:            Mon 24 Feb 2025 08:53:46 +0000
asID:                     47583
IP address blocks:        45.128.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:a1:f2:db:21:b6:3a:e6:cb:df:b4:4a:66:e8:4f:58:70:e5:cc:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:46 2024 GMT
            Not After : Feb 24 08:53:46 2025 GMT
        Subject: CN=27E31B8BA1E570FC4AA8DBE7C43691DA657E415E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b1:e2:cd:56:24:c0:9f:b0:6c:3c:44:27:42:
                    bd:a3:b5:ff:b1:cd:e2:de:6f:d3:e5:e1:f3:d4:08:
                    a7:28:0a:a3:3c:df:42:a9:4a:4d:85:96:21:6a:da:
                    e0:e6:a9:a9:81:ba:3d:3d:a4:01:fd:73:5b:76:64:
                    d8:1d:75:0d:db:43:e3:7d:37:89:37:17:35:a6:c1:
                    ea:c5:c4:8d:73:92:5f:54:5b:26:51:c3:f2:ed:2c:
                    ea:19:18:8a:84:2b:0a:cc:4f:eb:15:74:00:43:e5:
                    a0:a2:db:f1:e7:40:2c:f4:c5:cf:3d:d4:08:a2:d6:
                    8e:da:2e:46:41:83:9b:54:a6:9f:0c:16:d3:8c:3a:
                    a4:b4:4d:62:ff:7b:f5:01:66:97:ea:9a:90:f3:fc:
                    9b:5c:09:80:5b:3f:eb:f8:3d:38:e0:0d:72:73:63:
                    80:b9:9c:e0:1e:71:d0:6f:33:d7:7d:fe:8a:c3:eb:
                    d8:61:3a:8b:a7:63:c7:b2:8d:75:58:c9:ab:2d:e9:
                    84:ed:02:18:e3:32:ef:00:9f:75:0c:1f:bd:03:53:
                    ef:ba:d1:12:79:0e:ad:71:ca:74:52:d6:57:ca:d9:
                    42:b4:04:df:66:05:c4:00:4d:33:53:ab:87:e9:6f:
                    55:8c:e8:6d:4c:6a:d5:33:ff:13:20:67:52:ed:7c:
                    e4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E3:1B:8B:A1:E5:70:FC:4A:A8:DB:E7:C4:36:91:DA:65:7E:41:5E
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3132382e3136302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:f0:2f:b7:c2:69:08:2f:0b:34:e7:e9:69:1c:3a:55:29:96:
         d9:5d:1f:03:f4:6c:44:4b:fa:fb:25:f4:03:99:07:73:b3:0d:
         ae:3c:70:cc:62:98:e6:39:a9:78:72:82:7b:3a:38:09:ba:0f:
         3e:e2:40:45:0a:ec:a1:14:c1:fa:69:48:8c:50:dc:e2:0a:7e:
         79:56:d6:c2:bf:19:24:3c:f0:01:3e:13:94:3b:d6:ac:14:6d:
         66:f5:e7:ae:8b:cd:b6:29:1c:5c:2a:fe:d0:22:7c:0c:12:18:
         cb:4a:53:39:50:b6:a1:fb:99:12:80:5a:a1:1a:2e:d8:6a:64:
         c9:e9:60:de:e0:85:88:64:6e:fc:b1:7b:bd:57:3a:bc:9a:95:
         0f:de:98:fb:2c:24:c8:db:f8:7e:e6:7f:fe:34:fe:64:de:e2:
         13:4b:72:1a:f0:45:43:a4:be:2f:70:ab:8a:41:7d:1f:91:86:
         3f:30:a7:66:75:e8:27:c2:02:d0:a9:d8:eb:8b:37:50:46:5f:
         79:e1:e6:1b:8e:87:bd:c4:20:3a:4a:0e:14:96:4c:ca:ec:ad:
         aa:91:78:fa:0a:8f:24:2c:24:68:22:e7:72:b9:3d:3c:2e:12:
         f3:57:d9:35:f2:90:4c:7c:af:3c:1b:76:68:92:65:69:b0:de:
         20:5b:be:62
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUSaHy2yG2OubL37RKZuhPWHDlzFcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDZaFw0yNTAyMjQwODUzNDZaMDMxMTAvBgNV
BAMTKDI3RTMxQjhCQTFFNTcwRkM0QUE4REJFN0M0MzY5MURBNjU3RTQxNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEseLNViTAn7BsPEQnQr2jtf+x
zeLeb9Pl4fPUCKcoCqM830KpSk2FliFq2uDmqamBuj09pAH9c1t2ZNgddQ3bQ+N9
N4k3FzWmwerFxI1zkl9UWyZRw/LtLOoZGIqEKwrMT+sVdABD5aCi2/HnQCz0xc89
1Aii1o7aLkZBg5tUpp8MFtOMOqS0TWL/e/UBZpfqmpDz/JtcCYBbP+v4PTjgDXJz
Y4C5nOAecdBvM9d9/orD69hhOounY8eyjXVYyast6YTtAhjjMu8An3UMH70DU++6
0RJ5Dq1xynRS1lfK2UK0BN9mBcQATTNTq4fpb1WM6G1MatUz/xMgZ1LtfORBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUJ+Mbi6HlcPxKqNvnxDaR2mV+QV4wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNTJlMzEzMjM4MmUzMTM2
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LYCgMA0GCSqGSIb3DQEBCwUAA4IBAQA38C+3wmkILws05+lpHDpVKZbZXR8D9GxE
S/r7JfQDmQdzsw2uPHDMYpjmOal4coJ7OjgJug8+4kBFCuyhFMH6aUiMUNziCn55
VtbCvxkkPPABPhOUO9asFG1m9eeui822KRxcKv7QInwMEhjLSlM5ULah+5kSgFqh
Gi7YamTJ6WDe4IWIZG78sXu9Vzq8mpUP3pj7LCTI2/h+5n/+NP5k3uITS3Ia8EVD
pL4vcKuKQX0fkYY/MKdmdegnwgLQqdjrizdQRl954eYbjoe9xCA6Sg4UlkzK7K2q
kXj6Co8kLCRoIudyuT08LhLzV9k18pBMfK88G3ZokmVpsN4gW75i
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org