Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3135352e34342e302f32322d3234203d3e20323034313730.roa
File:                     34352e3135352e34342e302f32322d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          hOyVvpFnfb6FyqBh1QFSRbZdkXaLfZdEgy5hueBCbIQ=
Subject key identifier:   1F:0C:40:FE:7F:AD:AD:EE:03:11:84:D5:6B:A9:4B:EB:23:9A:C8:1C
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       47DDE922B43200F8A4032B2999464B76AD4BFE68
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3135352e34342e302f32322d3234203d3e20323034313730.roa
Signing time:             Mon 26 Feb 2024 08:53:48 +0000
ROA not before:           Mon 26 Feb 2024 08:48:48 +0000
ROA not after:            Mon 24 Feb 2025 08:53:48 +0000
asID:                     204170
IP address blocks:        45.155.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:dd:e9:22:b4:32:00:f8:a4:03:2b:29:99:46:4b:76:ad:4b:fe:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:48 2024 GMT
            Not After : Feb 24 08:53:48 2025 GMT
        Subject: CN=1F0C40FE7FADADEE031184D56BA94BEB239AC81C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e2:9b:48:6b:44:9b:1c:80:e5:53:ca:b0:48:
                    06:c8:17:21:51:b9:e8:71:eb:5e:57:a0:4e:b4:87:
                    21:06:94:dd:ca:18:59:e7:dd:d4:6f:dc:43:36:54:
                    c4:5f:2d:04:29:b2:da:d2:1c:c6:83:17:0e:aa:43:
                    aa:7a:60:0c:02:31:5c:6f:9c:6f:af:1f:23:d1:94:
                    c7:6c:19:01:61:4c:d6:59:bb:2b:ce:9d:a0:3d:90:
                    6c:1f:33:f6:e7:a0:8d:f9:c9:c4:a5:77:72:71:5e:
                    5d:23:f2:e6:b7:da:a2:67:f7:3f:25:e1:c9:77:51:
                    7a:7e:a7:43:c4:a8:3f:6d:91:7a:a1:0f:c3:60:13:
                    f5:c1:6f:09:f8:08:22:70:9c:2a:c4:b1:7d:45:53:
                    7d:6b:8c:14:51:2c:75:76:ae:d4:a9:d4:5b:42:1a:
                    5b:a5:f9:ed:ab:06:d2:ad:8d:17:b9:11:29:fe:34:
                    11:66:53:ea:2b:11:40:ac:70:fe:32:1f:f3:7d:a4:
                    45:c8:62:79:1e:01:63:82:5b:da:ad:ad:37:3a:ca:
                    b9:96:c1:ec:44:55:f8:76:ce:9d:37:d0:f2:c3:46:
                    53:ec:68:af:ea:e8:7b:5c:87:5a:55:eb:88:e6:7b:
                    52:d2:83:55:fb:31:ac:f2:bb:a7:95:96:c8:3a:50:
                    df:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:0C:40:FE:7F:AD:AD:EE:03:11:84:D5:6B:A9:4B:EB:23:9A:C8:1C
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3135352e34342e302f32322d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:8b:c8:58:31:18:89:9d:e6:1f:f1:e6:4b:e5:46:6e:8b:45:
         ad:de:48:2f:f7:d3:a8:fb:41:ed:d0:ca:48:98:0e:e2:81:d5:
         e2:aa:3e:44:1f:23:b4:ff:c5:d9:0a:6c:bc:57:3b:8e:7e:5a:
         c3:2b:d6:d3:d0:b8:bd:46:25:e7:2a:e0:8d:21:64:7a:34:4f:
         dd:c8:13:c7:06:02:28:ee:3d:dd:0c:11:46:01:4a:39:67:f8:
         12:4b:df:19:07:49:b4:41:e6:4f:c5:80:30:57:17:06:2b:be:
         e3:7d:4f:40:ea:0d:25:d3:06:2c:60:a8:a1:33:61:58:b2:08:
         f7:a1:c3:ee:9d:b7:16:ec:bc:53:62:67:3d:b7:98:72:dd:7d:
         05:77:d4:a6:a1:a5:5d:4f:01:62:68:b6:7b:34:a2:38:54:0c:
         78:b0:86:19:02:f8:d0:49:73:54:e6:54:e4:29:aa:de:a3:cb:
         25:5e:64:0c:3e:4d:46:83:c7:f4:bf:99:60:96:e4:1f:26:16:
         d3:d8:8b:cc:df:a0:a8:0f:94:fb:81:37:2a:cf:db:14:62:0b:
         e2:8d:66:9a:36:86:0f:19:6d:8f:7c:14:f0:c0:83:93:5d:a9:
         91:95:ba:df:d8:9b:d5:60:07:09:cb:0f:7a:40:06:d8:1a:24:
         11:e8:46:57
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUR93pIrQyAPikAyspmUZLdq1L/mgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDhaFw0yNTAyMjQwODUzNDhaMDMxMTAvBgNV
BAMTKDFGMEM0MEZFN0ZBREFERUUwMzExODRENTZCQTk0QkVCMjM5QUM4MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd4ptIa0SbHIDlU8qwSAbIFyFR
uehx615XoE60hyEGlN3KGFnn3dRv3EM2VMRfLQQpstrSHMaDFw6qQ6p6YAwCMVxv
nG+vHyPRlMdsGQFhTNZZuyvOnaA9kGwfM/bnoI35ycSld3JxXl0j8ua32qJn9z8l
4cl3UXp+p0PEqD9tkXqhD8NgE/XBbwn4CCJwnCrEsX1FU31rjBRRLHV2rtSp1FtC
Glul+e2rBtKtjRe5ESn+NBFmU+orEUCscP4yH/N9pEXIYnkeAWOCW9qtrTc6yrmW
wexEVfh2zp030PLDRlPsaK/q6Htch1pV64jme1LSg1X7Mazyu6eVlsg6UN95AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUHwxA/n+tre4DEYTVa6lL6yOayBwwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNTJlMzEzNTM1MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMDM0MzEzNzMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
LZssMA0GCSqGSIb3DQEBCwUAA4IBAQA/i8hYMRiJneYf8eZL5UZui0Wt3kgv99Oo
+0Ht0MpImA7igdXiqj5EHyO0/8XZCmy8VzuOflrDK9bT0Li9RiXnKuCNIWR6NE/d
yBPHBgIo7j3dDBFGAUo5Z/gSS98ZB0m0QeZPxYAwVxcGK77jfU9A6g0l0wYsYKih
M2FYsgj3ocPunbcW7LxTYmc9t5hy3X0Fd9SmoaVdTwFiaLZ7NKI4VAx4sIYZAvjQ
SXNU5lTkKareo8slXmQMPk1Gg8f0v5lgluQfJhbT2IvM36CoD5T7gTcqz9sUYgvi
jWaaNoYPGW2PfBTwwIOTXamRlbrf2JvVYAcJyw96QAbYGiQR6EZX
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org