Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa
File:                     34352e39352e3231352e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          hw9AzvJhfi8XJwfjXImtNGwvFDNKzv0Xo8NMDCDttTs=
Subject key identifier:   73:EA:BD:A3:E6:F6:52:3C:B4:09:BC:2D:19:2F:10:99:B4:A2:DC:A2
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       1B2EF6F272DFBF28C1875FF823ACAECE34AC5B60
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 05 Oct 2023 10:43:23 +0000
ROA not before:           Thu 05 Oct 2023 10:38:23 +0000
ROA not after:            Thu 03 Oct 2024 10:43:23 +0000
asID:                     61317
IP address blocks:        45.95.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:2e:f6:f2:72:df:bf:28:c1:87:5f:f8:23:ac:ae:ce:34:ac:5b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Oct  5 10:38:23 2023 GMT
            Not After : Oct  3 10:43:23 2024 GMT
        Subject: CN=73EABDA3E6F6523CB409BC2D192F1099B4A2DCA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c5:dd:29:a9:f1:79:7c:fd:90:66:d4:f2:e1:
                    ff:3c:ba:92:ad:39:78:ea:ed:0a:c7:61:67:7f:85:
                    bb:80:80:51:4f:97:80:b5:ee:0b:7c:e4:87:17:13:
                    28:2a:09:f6:37:44:1d:eb:e3:db:eb:a7:a7:13:71:
                    3e:0d:93:48:5d:3f:14:04:b3:fa:49:a1:94:a5:d5:
                    d6:3f:ce:14:c9:6a:9c:f8:f5:49:93:a6:47:fd:63:
                    d3:f8:13:2d:f2:76:c1:4a:f1:d6:5c:25:48:ba:bc:
                    e4:fc:f4:72:b6:ae:b4:62:b8:f9:28:27:43:89:a3:
                    0d:46:94:a3:b1:e9:66:de:ca:dd:5b:8d:e1:5a:63:
                    7a:59:34:a8:dd:04:09:35:a2:68:1e:61:64:ce:50:
                    47:b0:3e:2b:01:3a:5a:c9:58:b1:93:ca:d3:82:7c:
                    dc:1d:cc:6f:89:db:aa:74:b2:d7:b5:bc:43:57:6e:
                    36:b7:f1:f9:c1:47:b8:fe:d7:2f:77:9e:0b:a6:92:
                    87:78:1a:60:3a:5d:cb:ea:90:a2:4d:18:73:4d:a3:
                    25:2b:d1:c3:ab:34:ae:d4:00:ab:b7:8d:d4:b6:bf:
                    61:66:9b:72:53:61:dd:06:52:dd:75:d2:c0:f0:2c:
                    9d:7e:96:27:fa:00:06:5d:2a:10:84:ab:6f:5f:59:
                    e0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EA:BD:A3:E6:F6:52:3C:B4:09:BC:2D:19:2F:10:99:B4:A2:DC:A2
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:c0:8f:ed:9b:77:f3:c8:01:a4:6d:15:0a:70:51:3a:21:7b:
         4e:7b:e4:1e:84:69:74:94:7e:cb:ef:b6:85:58:8d:07:ef:53:
         09:2d:8b:54:d1:f7:7e:5c:4f:22:26:cd:a1:24:92:aa:7d:dc:
         d2:ef:1b:d4:d4:eb:98:58:90:6f:8f:95:21:87:8d:54:e2:57:
         50:6e:01:79:17:a1:bd:04:64:13:56:54:d4:df:f5:7a:14:16:
         f3:0a:17:55:cb:3d:6a:10:06:e1:73:9d:f2:6b:57:66:2d:34:
         9a:3f:2a:6b:b1:86:61:c5:ad:10:d0:34:22:1c:06:50:61:f5:
         37:33:c1:92:83:35:f7:73:a3:14:c6:80:93:28:2b:60:2d:e5:
         f2:4a:de:e9:3d:2c:33:81:83:84:42:1b:98:6f:f9:9e:1f:3b:
         3f:50:31:d9:cd:75:a1:1b:e3:ea:c3:c3:81:3e:c0:bd:a0:aa:
         69:83:46:b9:db:9b:f3:b5:68:69:06:60:e4:57:d9:16:87:13:
         04:70:19:df:7d:bf:32:e6:b7:22:94:c9:f7:24:e4:91:4c:82:
         69:f4:7a:7a:a1:a5:e7:0c:6b:1e:ae:93:84:18:4f:32:81:9f:
         94:7a:ed:bf:d4:9e:bf:16:d3:52:e2:44:24:f7:8e:3c:4c:73:
         14:e0:19:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGy728nLfvyjBh1/4I6yuzjSsW2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzEwMDUxMDM4MjNaFw0yNDEwMDMxMDQzMjNaMDMxMTAvBgNV
BAMTKDczRUFCREEzRTZGNjUyM0NCNDA5QkMyRDE5MkYxMDk5QjRBMkRDQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVxd0pqfF5fP2QZtTy4f88upKt
OXjq7QrHYWd/hbuAgFFPl4C17gt85IcXEygqCfY3RB3r49vrp6cTcT4Nk0hdPxQE
s/pJoZSl1dY/zhTJapz49UmTpkf9Y9P4Ey3ydsFK8dZcJUi6vOT89HK2rrRiuPko
J0OJow1GlKOx6Wbeyt1bjeFaY3pZNKjdBAk1omgeYWTOUEewPisBOlrJWLGTytOC
fNwdzG+J26p0ste1vENXbja38fnBR7j+1y93ngumkod4GmA6XcvqkKJNGHNNoyUr
0cOrNK7UAKu3jdS2v2Fmm3JTYd0GUt110sDwLJ1+lif6AAZdKhCEq29fWeB5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUc+q9o+b2Ujy0CbwtGS8QmbSi3KIwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
1zANBgkqhkiG9w0BAQsFAAOCAQEAvMCP7Zt388gBpG0VCnBROiF7TnvkHoRpdJR+
y++2hViNB+9TCS2LVNH3flxPIibNoSSSqn3c0u8b1NTrmFiQb4+VIYeNVOJXUG4B
eRehvQRkE1ZU1N/1ehQW8woXVcs9ahAG4XOd8mtXZi00mj8qa7GGYcWtENA0IhwG
UGH1NzPBkoM193OjFMaAkygrYC3l8kre6T0sM4GDhEIbmG/5nh87P1Ax2c11oRvj
6sPDgT7AvaCqaYNGudub87VoaQZg5FfZFocTBHAZ332/Mua3IpTJ9yTkkUyCafR6
eqGl5wxrHq6ThBhPMoGflHrtv9SevxbTUuJEJPeOPExzFOAZHA==
-----END CERTIFICATE-----