Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa
File:                     34352e382e3231392e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          7drfGUK0yFvaDpJ3U6WGqS3NrH1gJSXQ4i4UDg9FJPU=
Subject key identifier:   1D:83:7C:A8:C5:99:D3:C0:EB:2A:53:71:BE:AF:0D:28:A0:A3:FB:5F
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       10E665D2CBD1641132C16601C41142C17042F8F3
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa
Signing time:             Wed 15 Nov 2023 10:28:04 +0000
ROA not before:           Wed 15 Nov 2023 10:23:04 +0000
ROA not after:            Wed 13 Nov 2024 10:28:04 +0000
asID:                     9009
IP address blocks:        45.8.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:e6:65:d2:cb:d1:64:11:32:c1:66:01:c4:11:42:c1:70:42:f8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov 15 10:23:04 2023 GMT
            Not After : Nov 13 10:28:04 2024 GMT
        Subject: CN=1D837CA8C599D3C0EB2A5371BEAF0D28A0A3FB5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:37:15:5d:c4:09:72:5f:25:9e:11:1e:ed:41:
                    2f:bd:3f:3b:13:81:48:e8:cc:da:2f:a1:03:94:2c:
                    e1:02:31:09:ad:d2:c7:5e:fa:08:5b:86:a7:8c:99:
                    21:60:27:04:16:da:cb:03:08:42:80:7c:2e:5c:70:
                    1a:80:3c:03:4d:2c:c8:2c:04:e3:96:74:e7:5f:2e:
                    4b:a6:92:aa:eb:8e:ba:46:46:0d:28:36:70:7f:c9:
                    4f:d5:61:f3:4f:6e:9e:e5:f4:5f:b4:88:bd:ac:b9:
                    ce:68:60:2c:2c:63:d7:34:20:68:f9:42:34:0c:e2:
                    12:d8:92:59:ac:c8:37:1d:39:7c:cd:bb:8e:57:56:
                    f8:5d:f0:4e:ab:12:97:63:a3:0a:94:80:91:92:6d:
                    1e:e9:c4:03:fc:e5:d9:15:62:18:19:e7:68:a5:ff:
                    a3:fd:e7:a8:80:6c:2a:fe:35:df:c1:97:1f:50:f0:
                    92:04:fe:6e:0a:f4:66:b3:cb:86:05:2a:6e:e0:d5:
                    d0:50:62:9e:fb:64:79:b8:98:5c:ee:de:cf:77:6a:
                    d9:dd:75:ee:7f:1c:08:81:fa:6c:85:c1:b4:7b:ee:
                    53:23:d7:2e:b9:9e:b9:b5:d9:4e:29:8a:f2:7b:33:
                    a8:fb:6a:d5:b4:6b:d3:e5:2d:f9:01:4e:6e:64:7b:
                    7a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:83:7C:A8:C5:99:D3:C0:EB:2A:53:71:BE:AF:0D:28:A0:A3:FB:5F
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:6a:08:6d:e9:c7:2e:37:aa:6c:e8:d9:c3:96:a7:dd:92:b3:
         73:1a:d3:32:bd:5f:90:7c:fb:d2:29:86:c5:3d:dc:9f:b1:f9:
         de:fb:b6:22:2b:73:4a:85:90:a2:60:9a:72:1e:9e:f9:c0:39:
         3a:31:04:39:60:db:1f:51:e2:5f:de:81:9a:52:41:7e:69:44:
         a0:73:8e:d1:2d:80:2b:94:6e:18:72:83:8b:3a:c2:4d:f7:9b:
         7c:1c:40:4a:0d:bc:a4:ab:7a:9e:2c:57:89:bc:35:e7:c3:d2:
         09:85:bb:ea:93:a3:0c:19:45:aa:24:55:a5:31:43:4d:74:d7:
         9a:41:c4:96:ff:70:77:0a:a5:27:7a:43:72:03:8c:2c:65:77:
         8b:3d:30:3f:66:24:72:14:09:f4:a2:ce:8c:91:1b:6a:67:72:
         46:6d:15:59:0a:94:4a:af:38:54:8f:3c:b3:f2:c2:83:2b:d4:
         8d:7c:1a:f4:19:0c:9d:58:db:d1:aa:be:58:4b:38:46:fc:6c:
         c5:a8:9d:9e:14:0e:2c:bb:9e:18:51:34:91:bb:11:f4:d3:5d:
         60:bf:2d:ac:38:28:42:e4:1b:89:04:10:dc:ba:de:c2:7f:34:
         8e:ed:2c:0e:df:85:ff:bd:f4:d3:2f:b4:cb:f5:95:eb:43:5a:
         28:58:db:c3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUEOZl0svRZBEywWYBxBFCwXBC+PMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzExMTUxMDIzMDRaFw0yNDExMTMxMDI4MDRaMDMxMTAvBgNV
BAMTKDFEODM3Q0E4QzU5OUQzQzBFQjJBNTM3MUJFQUYwRDI4QTBBM0ZCNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnNxVdxAlyXyWeER7tQS+9PzsT
gUjozNovoQOULOECMQmt0sde+ghbhqeMmSFgJwQW2ssDCEKAfC5ccBqAPANNLMgs
BOOWdOdfLkumkqrrjrpGRg0oNnB/yU/VYfNPbp7l9F+0iL2suc5oYCwsY9c0IGj5
QjQM4hLYklmsyDcdOXzNu45XVvhd8E6rEpdjowqUgJGSbR7pxAP85dkVYhgZ52il
/6P956iAbCr+Nd/Blx9Q8JIE/m4K9Gazy4YFKm7g1dBQYp77ZHm4mFzu3s93atnd
de5/HAiB+myFwbR77lMj1y65nrm12U4pivJ7M6j7atW0a9PlLfkBTm5ke3oZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHYN8qMWZ08DrKlNxvq8NKKCj+18wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzAzMDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjbMA0G
CSqGSIb3DQEBCwUAA4IBAQBfaght6ccuN6ps6NnDlqfdkrNzGtMyvV+QfPvSKYbF
Pdyfsfne+7YiK3NKhZCiYJpyHp75wDk6MQQ5YNsfUeJf3oGaUkF+aUSgc47RLYAr
lG4YcoOLOsJN95t8HEBKDbykq3qeLFeJvDXnw9IJhbvqk6MMGUWqJFWlMUNNdNea
QcSW/3B3CqUnekNyA4wsZXeLPTA/ZiRyFAn0os6MkRtqZ3JGbRVZCpRKrzhUjzyz
8sKDK9SNfBr0GQydWNvRqr5YSzhG/GzFqJ2eFA4su54YUTSRuxH0011gvy2sOChC
5BuJBBDcut7CfzSO7SwO34X/vfTTL7TL9ZXrQ1ooWNvD
-----END CERTIFICATE-----