Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/34352e3134362e3136302e302f32342d3234203d3e20383334.roa
File:                     34352e3134362e3136302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dFMGjd1u+kklLc4AhoVk6PUVaxoPJZK9Vp7bF3gswY8=
Subject key identifier:   33:67:B0:44:8C:46:A5:AD:E2:06:5E:11:8A:FE:71:49:C3:29:90:9F
Certificate issuer:       /CN=5defe0922f4f55270dcd5c08f04f1c7bf26073c3
Certificate serial:       5C4ACAD0F1B822B564A2D34533C1EE3BA4FCC347
Authority key identifier: 5D:EF:E0:92:2F:4F:55:27:0D:CD:5C:08:F0:4F:1C:7B:F2:60:73:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe_gki9PVScNzVwI8E8ce_Jgc8M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/34352e3134362e3136302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 29 Sep 2023 14:00:09 +0000
ROA not before:           Fri 29 Sep 2023 13:55:09 +0000
ROA not after:            Fri 27 Sep 2024 14:00:09 +0000
asID:                     834
IP address blocks:        45.146.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/5DEFE0922F4F55270DCD5C08F04F1C7BF26073C3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/5DEFE0922F4F55270DCD5C08F04F1C7BF26073C3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xe_gki9PVScNzVwI8E8ce_Jgc8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:4a:ca:d0:f1:b8:22:b5:64:a2:d3:45:33:c1:ee:3b:a4:fc:c3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5defe0922f4f55270dcd5c08f04f1c7bf26073c3
        Validity
            Not Before: Sep 29 13:55:09 2023 GMT
            Not After : Sep 27 14:00:09 2024 GMT
        Subject: CN=3367B0448C46A5ADE2065E118AFE7149C329909F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:23:49:0b:dc:ad:63:7d:23:94:aa:38:af:82:
                    6a:49:90:c2:98:f4:c4:26:89:0e:49:f2:f6:e9:f8:
                    d8:8c:8e:78:47:40:39:20:fb:32:cc:06:dc:a9:b0:
                    a3:5f:4f:5f:0e:77:b6:68:2b:e8:84:e0:2e:4d:61:
                    05:07:c6:35:8d:d8:86:8a:07:1d:7f:12:16:7b:f4:
                    ac:a2:81:fa:8e:80:5a:2d:5e:e7:5f:3f:21:02:da:
                    bd:8b:cc:6c:02:a0:f2:dc:da:51:fa:44:49:bf:c1:
                    94:97:0f:12:03:17:77:3c:86:f4:5c:55:a7:c4:a9:
                    cd:32:a3:8e:08:5f:b5:e6:38:19:e4:38:5e:c6:ad:
                    3f:f6:b9:f4:03:b6:e2:11:95:4e:21:af:0b:e3:2f:
                    8c:6f:5f:bb:db:60:38:6c:ba:e6:6c:73:e0:1e:64:
                    14:a8:07:50:74:3b:fe:6c:85:41:ec:d5:c0:b4:91:
                    c4:ca:b9:17:b0:93:88:a5:48:54:e7:71:92:0a:47:
                    1f:54:f6:4f:ef:1b:5d:af:13:43:42:ad:1b:a8:71:
                    d1:59:eb:ac:c7:85:a0:01:01:54:ef:00:a2:9b:f8:
                    b8:36:21:ad:a5:56:ed:12:a7:49:a1:41:b3:69:53:
                    5c:a7:0f:a3:ad:97:01:54:d6:04:df:f8:14:bf:d0:
                    71:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:67:B0:44:8C:46:A5:AD:E2:06:5E:11:8A:FE:71:49:C3:29:90:9F
            X509v3 Authority Key Identifier:
                keyid:5D:EF:E0:92:2F:4F:55:27:0D:CD:5C:08:F0:4F:1C:7B:F2:60:73:C3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/5DEFE0922F4F55270DCD5C08F04F1C7BF26073C3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe_gki9PVScNzVwI8E8ce_Jgc8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2fe2b27a-1ec5-4ab7-978e-6da9cf9f3790/0/34352e3134362e3136302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a4:73:b2:86:66:d5:dd:8c:25:db:df:cf:8a:a3:f8:12:5a:
         0d:4c:6a:b2:31:9a:e3:f1:da:51:09:9c:24:d0:7f:71:e0:99:
         c8:9f:7b:3d:47:7d:64:68:81:6e:f6:bc:b4:61:4c:34:77:24:
         e4:d0:09:68:bc:e9:87:1a:59:ac:01:a1:b8:cb:0d:cf:7e:0a:
         2d:5d:61:37:f7:fb:b9:27:82:a2:5e:ed:10:e6:86:00:35:8a:
         19:cf:1e:2d:59:e0:87:9d:f0:46:16:83:49:ca:1d:85:87:18:
         4a:30:c7:d7:3f:f8:e5:21:01:5f:92:0f:89:71:82:0d:63:2b:
         b2:67:ad:12:a4:01:d2:4d:0f:28:29:c7:1a:93:b2:80:4c:97:
         9c:87:55:8c:c3:84:7f:4d:24:89:9c:24:69:3e:8c:93:ae:36:
         f3:79:03:dc:9d:c8:86:e6:01:c3:7e:b9:71:b8:a5:67:aa:65:
         e8:47:03:57:81:a1:31:4d:49:27:24:74:e9:de:d8:86:2e:47:
         5c:1e:dc:c8:03:37:72:cb:a7:e7:ff:c2:bb:ee:63:78:e7:65:
         68:c2:71:7a:55:6d:fb:45:96:9e:e2:6f:c7:23:14:59:5a:b6:
         9f:cf:c2:0b:7b:bd:f8:09:3c:05:61:ce:db:3e:39:7b:9a:b3:
         e0:1f:07:33
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXErK0PG4IrVkotNFM8HuO6T8w0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRlZmUwOTIyZjRmNTUyNzBkY2Q1YzA4ZjA0ZjFjN2Jm
MjYwNzNjMzAeFw0yMzA5MjkxMzU1MDlaFw0yNDA5MjcxNDAwMDlaMDMxMTAvBgNV
BAMTKDMzNjdCMDQ0OEM0NkE1QURFMjA2NUUxMThBRkU3MTQ5QzMyOTkwOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGI0kL3K1jfSOUqjivgmpJkMKY
9MQmiQ5J8vbp+NiMjnhHQDkg+zLMBtypsKNfT18Od7ZoK+iE4C5NYQUHxjWN2IaK
Bx1/EhZ79KyigfqOgFotXudfPyEC2r2LzGwCoPLc2lH6REm/wZSXDxIDF3c8hvRc
VafEqc0yo44IX7XmOBnkOF7GrT/2ufQDtuIRlU4hrwvjL4xvX7vbYDhsuuZsc+Ae
ZBSoB1B0O/5shUHs1cC0kcTKuRewk4ilSFTncZIKRx9U9k/vG12vE0NCrRuocdFZ
66zHhaABAVTvAKKb+Lg2Ia2lVu0Sp0mhQbNpU1ynD6OtlwFU1gTf+BS/0HErAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUM2ewRIxGpa3iBl4Riv5xScMpkJ8wHwYDVR0j
BBgwFoAUXe/gki9PVScNzVwI8E8ce/Jgc8MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmZlMmIyN2EtMWVjNS00YWI3LTk3OGUtNmRhOWNmOWYz
NzkwLzAvNURFRkUwOTIyRjRGNTUyNzBEQ0Q1QzA4RjA0RjFDN0JGMjYwNzNDMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hlX2draTlQVlNjTnpWd0k4RThjZV9K
Z2M4TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmZlMmIyN2Et
MWVjNS00YWI3LTk3OGUtNmRhOWNmOWYzNzkwLzAvMzQzNTJlMzEzNDM2MmUzMTM2
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtkqAw
DQYJKoZIhvcNAQELBQADggEBAFekc7KGZtXdjCXb38+Ko/gSWg1MarIxmuPx2lEJ
nCTQf3Hgmcifez1HfWRogW72vLRhTDR3JOTQCWi86YcaWawBobjLDc9+Ci1dYTf3
+7kngqJe7RDmhgA1ihnPHi1Z4Ied8EYWg0nKHYWHGEowx9c/+OUhAV+SD4lxgg1j
K7JnrRKkAdJNDygpxxqTsoBMl5yHVYzDhH9NJImcJGk+jJOuNvN5A9ydyIbmAcN+
uXG4pWeqZehHA1eBoTFNSSckdOne2IYuR1we3MgDN3LLp+f/wrvuY3jnZWjCcXpV
bftFlp7ib8cjFFlatp/Pwgt7vfgJPAVhzts+OXuas+AfBzM=
-----END CERTIFICATE-----