Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20313938313730.roa
File:                     34352e382e3231372e302f32342d3234203d3e20313938313730.roa (raw, json)
Hash identifier:          liMYsgnB7yxfvXGykb2QnpiicFgTmbWMkol+tMEWGVc=
Subject key identifier:   9B:14:5C:3C:8B:6F:A5:F5:CC:FE:A6:75:CC:8D:04:EB:92:4A:BF:47
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       24D523CA2EF610CA4223F70D33F97525887C5326
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20313938313730.roa
Signing time:             Sun 19 May 2024 12:05:16 +0000
ROA not before:           Sun 19 May 2024 12:00:16 +0000
ROA not after:            Sun 18 May 2025 12:05:16 +0000
asID:                     198170
IP address blocks:        45.8.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d5:23:ca:2e:f6:10:ca:42:23:f7:0d:33:f9:75:25:88:7c:53:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: May 19 12:00:16 2024 GMT
            Not After : May 18 12:05:16 2025 GMT
        Subject: CN=9B145C3C8B6FA5F5CCFEA675CC8D04EB924ABF47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:37:5d:f1:32:c1:3a:fc:67:2f:70:ee:99:f6:
                    d4:33:77:e1:c3:41:97:59:ee:9b:10:00:e2:69:1d:
                    7b:70:4c:2f:53:58:d9:b6:7d:5d:1a:16:26:7f:f7:
                    a9:c1:6e:c6:cf:a0:c2:4b:57:b6:21:c1:89:e5:3d:
                    1e:68:96:4d:be:70:a2:e2:d0:7b:23:d1:a4:a9:ca:
                    4e:d1:14:d3:8d:26:de:9c:64:45:8a:52:27:c6:e9:
                    62:0a:44:c6:5a:1b:51:d2:71:9c:c6:a1:57:02:94:
                    c0:cc:7a:bb:71:4e:fa:f0:65:64:fa:e1:f3:f2:2c:
                    85:88:6d:5e:39:67:69:88:b9:1a:7a:dc:35:10:a9:
                    33:bd:05:5c:e9:97:1f:90:da:59:71:4e:3d:7c:14:
                    1e:28:e8:71:84:bb:d5:ef:35:7d:1f:af:48:53:5d:
                    c6:c7:6d:79:13:79:16:ca:32:59:22:5a:f1:cd:42:
                    32:1b:db:57:4a:8b:d6:69:3e:2f:53:dc:9e:47:b4:
                    10:e6:f8:57:73:95:6b:40:f8:22:d3:ca:6d:ea:77:
                    5b:6c:88:f2:98:96:64:ea:6d:1b:6d:35:bd:75:8e:
                    18:fc:58:ed:ff:7c:3d:ab:bd:cd:27:87:16:20:d4:
                    7e:e8:14:51:27:6b:95:a5:ba:f9:bd:2e:00:c0:01:
                    d1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:14:5C:3C:8B:6F:A5:F5:CC:FE:A6:75:CC:8D:04:EB:92:4A:BF:47
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20313938313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:49:c7:7c:81:37:d6:d3:ac:5e:9e:ec:45:d5:79:84:6b:de:
         2d:a2:f4:b2:b8:fd:7d:1a:47:aa:4e:07:9c:28:71:db:56:eb:
         13:23:6f:fe:5b:04:d1:9c:63:6f:e6:65:a2:34:3d:92:fa:38:
         68:96:16:0e:19:f0:d7:9a:cf:1c:8e:62:5a:1e:88:f7:7f:ce:
         58:d6:5d:eb:99:69:63:e5:46:ec:95:d8:b1:06:59:9b:81:dc:
         96:2c:4e:fb:bd:66:86:a8:b6:6c:5d:3e:e7:09:d6:c4:45:eb:
         5e:3e:82:c6:a8:4a:d3:da:78:e4:a1:98:6f:28:e5:27:1d:24:
         57:b3:64:6d:ab:51:3e:ec:7e:bc:9f:48:89:cd:d1:da:e0:88:
         de:7d:30:df:bf:9a:d3:fb:03:83:ab:79:c4:f8:bd:98:54:98:
         5b:96:a2:e7:45:6e:5e:98:98:2d:59:12:1a:3a:04:28:3a:cf:
         c0:29:49:48:60:39:e8:7d:1f:4c:90:08:65:d0:42:dc:d6:23:
         b5:b9:6b:d9:bc:72:6e:3b:44:b0:d7:30:f4:43:17:57:dd:f5:
         2f:83:e1:6d:0e:b2:9b:ba:53:68:30:15:f2:69:b4:86:a5:19:
         a5:bb:5e:b0:e9:82:f3:7b:9e:23:88:61:b3:ee:ed:c3:ef:86:
         c1:00:0b:93
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJNUjyi72EMpCI/cNM/l1JYh8UyYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA1MTkxMjAwMTZaFw0yNTA1MTgxMjA1MTZaMDMxMTAvBgNV
BAMTKDlCMTQ1QzNDOEI2RkE1RjVDQ0ZFQTY3NUNDOEQwNEVCOTI0QUJGNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxN13xMsE6/GcvcO6Z9tQzd+HD
QZdZ7psQAOJpHXtwTC9TWNm2fV0aFiZ/96nBbsbPoMJLV7YhwYnlPR5olk2+cKLi
0Hsj0aSpyk7RFNONJt6cZEWKUifG6WIKRMZaG1HScZzGoVcClMDMertxTvrwZWT6
4fPyLIWIbV45Z2mIuRp63DUQqTO9BVzplx+Q2llxTj18FB4o6HGEu9XvNX0fr0hT
XcbHbXkTeRbKMlkiWvHNQjIb21dKi9ZpPi9T3J5HtBDm+FdzlWtA+CLTym3qd1ts
iPKYlmTqbRttNb11jhj8WO3/fD2rvc0nhxYg1H7oFFEna5Wluvm9LgDAAdGlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmxRcPItvpfXM/qZ1zI0E65JKv0cwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzODMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2TANBgkqhkiG9w0BAQsFAAOCAQEAw0nHfIE31tOsXp7sRdV5hGveLaL0srj9fRpH
qk4HnChx21brEyNv/lsE0Zxjb+ZlojQ9kvo4aJYWDhnw15rPHI5iWh6I93/OWNZd
65lpY+VG7JXYsQZZm4HclixO+71mhqi2bF0+5wnWxEXrXj6CxqhK09p45KGYbyjl
Jx0kV7NkbatRPux+vJ9Iic3R2uCI3n0w37+a0/sDg6t5xPi9mFSYW5ai50VuXpiY
LVkSGjoEKDrPwClJSGA56H0fTJAIZdBC3NYjtblr2bxybjtEsNcw9EMXV931L4Ph
bQ6ym7pTaDAV8mm0hqUZpbtesOmC83ueI4hhs+7tw++GwQALkw==
-----END CERTIFICATE-----