Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38302e302f32332d3234203d3e203437353833.roa
File:                     34352e3134332e38302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          o98eRdcAxPgDXAeqv0ZY1F54mzfStsLz0NDLJEeQvXc=
Subject key identifier:   9C:2E:C3:03:8E:71:73:DA:D1:3D:D4:18:42:DB:EE:FE:A2:B3:8C:3C
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       4EDD9D83DB665A78D6DA270C85B808BFEF017786
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38302e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:50 +0000
ROA not before:           Mon 26 Feb 2024 08:48:50 +0000
ROA not after:            Mon 24 Feb 2025 08:53:50 +0000
asID:                     47583
IP address blocks:        45.143.80.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:dd:9d:83:db:66:5a:78:d6:da:27:0c:85:b8:08:bf:ef:01:77:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:50 2024 GMT
            Not After : Feb 24 08:53:50 2025 GMT
        Subject: CN=9C2EC3038E7173DAD13DD41842DBEEFEA2B38C3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:26:7c:8e:6b:de:85:f7:12:b3:5a:dc:c2:38:
                    44:e5:bc:7c:2f:a3:63:f2:dd:a3:74:7f:8b:6e:b8:
                    61:8e:30:af:b3:c2:30:dd:4d:f7:55:fb:1e:30:83:
                    82:d4:6a:22:03:17:79:d0:eb:74:e8:70:3b:9f:45:
                    80:f1:80:f5:40:d9:0f:59:78:1f:80:63:55:fe:8f:
                    9e:80:09:cd:f8:99:76:e1:44:4b:50:03:2f:35:da:
                    b0:ab:6c:f1:d1:ac:b1:ca:a4:12:52:0d:6f:9d:b9:
                    52:18:4f:56:28:ed:4c:64:44:72:32:ea:ab:b8:d7:
                    7a:3f:82:52:e0:2e:c3:27:83:a0:a9:50:d2:b3:c9:
                    e4:cf:6b:52:25:88:ed:9d:19:85:e3:58:e6:a2:e5:
                    76:a1:4a:d8:24:e2:c7:5d:e9:6b:79:61:7a:7e:92:
                    f5:e5:0f:34:90:1a:8b:da:09:d4:39:30:22:3b:c4:
                    74:91:b7:ef:31:d2:c6:f4:4a:56:ff:20:ff:45:c6:
                    1f:48:c6:57:e6:9c:db:49:43:b0:35:9f:c3:1b:c9:
                    4d:b8:9f:fb:6f:cd:b1:21:6b:57:ec:68:35:b8:72:
                    9f:b4:67:75:62:c3:74:72:87:59:33:af:d4:70:e9:
                    b7:66:3c:32:77:82:36:73:d7:51:bd:5c:97:dd:85:
                    fc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:2E:C3:03:8E:71:73:DA:D1:3D:D4:18:42:DB:EE:FE:A2:B3:8C:3C
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:39:79:6a:b1:58:25:e9:a6:97:71:5e:3b:11:05:b7:3f:32:
         07:23:03:8d:73:ee:44:33:10:34:a2:7d:54:21:36:62:cf:54:
         1b:74:2f:6b:61:e9:27:9f:98:3a:80:ca:03:b2:ef:a8:b3:6f:
         8d:ad:f0:03:2e:1f:26:8b:86:95:45:5c:74:ff:f3:93:82:5c:
         54:b6:97:50:25:c4:8b:55:74:b8:e2:d6:f1:21:0e:72:94:31:
         14:c1:7c:7e:3f:96:3c:3b:ce:5b:9d:b6:0f:2b:1b:93:3d:d2:
         fc:02:f2:71:ce:5a:1d:9b:01:ab:8d:31:a8:3d:31:3d:04:a2:
         8c:de:2f:f8:a2:3e:64:10:e3:1e:4e:81:c0:6a:f5:91:47:56:
         d3:2e:25:92:05:84:d8:17:36:d9:ae:33:f7:16:bb:1d:5e:bc:
         2e:f3:7a:f6:41:e2:71:c2:66:d6:b8:51:96:8c:34:5b:5a:8c:
         a7:fb:d5:ab:0d:96:a7:0b:fe:74:56:e3:f6:2d:c2:b9:12:74:
         bb:ee:4d:14:09:8a:2d:f8:0d:8a:6b:3f:71:8d:1a:39:9d:d0:
         41:44:ea:b4:6e:38:30:65:67:29:71:b0:ff:03:86:67:74:d0:
         5c:01:d5:9b:14:2d:5f:b7:ee:71:f2:e5:86:88:8d:98:f1:a5:
         fb:a0:ba:11
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTt2dg9tmWnjW2icMhbgIv+8Bd4YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NTBaFw0yNTAyMjQwODUzNTBaMDMxMTAvBgNV
BAMTKDlDMkVDMzAzOEU3MTczREFEMTNERDQxODQyREJFRUZFQTJCMzhDM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiJnyOa96F9xKzWtzCOETlvHwv
o2Py3aN0f4tuuGGOMK+zwjDdTfdV+x4wg4LUaiIDF3nQ63TocDufRYDxgPVA2Q9Z
eB+AY1X+j56ACc34mXbhREtQAy812rCrbPHRrLHKpBJSDW+duVIYT1Yo7UxkRHIy
6qu413o/glLgLsMng6CpUNKzyeTPa1IliO2dGYXjWOai5XahStgk4sdd6Wt5YXp+
kvXlDzSQGovaCdQ5MCI7xHSRt+8x0sb0Slb/IP9Fxh9IxlfmnNtJQ7A1n8MbyU24
n/tvzbEha1fsaDW4cp+0Z3Viw3Ryh1kzr9Rw6bdmPDJ3gjZz11G9XJfdhfw/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnC7DA45xc9rRPdQYQtvu/qKzjDwwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNTJlMzEzNDMzMmUzODMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS2P
UDANBgkqhkiG9w0BAQsFAAOCAQEAVjl5arFYJemml3FeOxEFtz8yByMDjXPuRDMQ
NKJ9VCE2Ys9UG3Qva2HpJ5+YOoDKA7LvqLNvja3wAy4fJouGlUVcdP/zk4JcVLaX
UCXEi1V0uOLW8SEOcpQxFMF8fj+WPDvOW522Dysbkz3S/ALycc5aHZsBq40xqD0x
PQSijN4v+KI+ZBDjHk6BwGr1kUdW0y4lkgWE2Bc22a4z9xa7HV68LvN69kHiccJm
1rhRlow0W1qMp/vVqw2Wpwv+dFbj9i3CuRJ0u+5NFAmKLfgNims/cY0aOZ3QQUTq
tG44MGVnKXGw/wOGZ3TQXAHVmxQtX7fucfLlhoiNmPGl+6C6EQ==
-----END CERTIFICATE-----