Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa
File:                     34352e3132382e31322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          7PgRlD/mVdHi6nRBvOD7zY8GnydDj2AYnENLD7Qd1tg=
Subject key identifier:   65:3A:29:49:B4:58:A2:E3:8A:80:9E:37:7D:62:E5:E7:26:AB:76:6F
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       33757FBCA8DE3A3301DF9704981C623B8A2C9D9F
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 29 Sep 2023 00:00:08 +0000
ROA not before:           Thu 28 Sep 2023 23:55:08 +0000
ROA not after:            Fri 27 Sep 2024 00:00:08 +0000
asID:                     834
IP address blocks:        45.128.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:75:7f:bc:a8:de:3a:33:01:df:97:04:98:1c:62:3b:8a:2c:9d:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 28 23:55:08 2023 GMT
            Not After : Sep 27 00:00:08 2024 GMT
        Subject: CN=653A2949B458A2E38A809E377D62E5E726AB766F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:eb:88:90:63:7a:c0:96:a4:04:48:ca:10:28:
                    22:2d:72:d9:91:8d:e9:20:c2:45:aa:a1:4a:59:4c:
                    d3:c5:93:8f:4d:0c:01:01:67:f0:d5:d0:85:30:87:
                    0f:62:e0:c6:c1:b9:91:af:fb:41:14:d1:25:f4:2b:
                    b4:cc:69:d5:28:80:61:00:12:03:00:9b:90:98:d2:
                    97:5b:27:2b:14:5b:5f:8d:58:0f:64:43:77:5e:11:
                    1a:6f:dd:f4:2b:46:22:02:2e:fa:e5:99:9a:c9:df:
                    10:01:99:e4:9b:e9:55:29:49:44:b5:21:d8:13:b7:
                    cc:2b:f2:63:27:46:05:b4:94:a0:18:0b:fe:a1:56:
                    d6:18:68:08:40:88:0c:38:d6:a6:e9:7f:39:3e:a6:
                    2f:6a:4b:4d:24:2c:90:e2:fc:cd:e4:9e:72:c0:01:
                    bb:c3:d2:6d:30:ed:e1:58:b8:66:1e:df:3f:e8:01:
                    80:d2:b7:bf:f5:12:93:8d:e2:2f:63:d9:ed:19:d1:
                    9f:49:f5:47:d1:52:a6:3a:05:85:3c:52:0c:81:92:
                    06:59:41:7b:f9:30:a0:6e:93:f5:ed:bf:58:37:1e:
                    28:4b:da:ec:04:b2:65:9e:40:87:5c:16:15:54:f6:
                    e7:34:22:50:32:d9:fd:ad:7a:59:14:ef:95:9f:10:
                    be:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3A:29:49:B4:58:A2:E3:8A:80:9E:37:7D:62:E5:E7:26:AB:76:6F
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:28:8d:56:8f:36:19:aa:e7:dc:5a:21:0f:06:4e:15:09:76:
         5a:21:cc:e9:86:e0:88:e8:16:f7:f0:60:38:6d:69:24:77:96:
         a9:21:95:33:4e:bd:74:7b:dc:6c:50:e1:42:46:3b:4c:31:0c:
         6f:06:f1:95:5a:64:44:43:6a:80:bd:fd:6f:4e:90:b8:aa:13:
         dc:76:ab:5a:1b:f5:57:4c:fb:2b:ab:bc:e4:34:7c:97:9e:80:
         b5:02:f7:c8:df:02:19:28:04:d0:d7:58:1b:83:50:5c:be:ee:
         9f:d5:1e:af:0e:b2:e5:8b:75:fc:09:f6:b3:e1:94:b9:9f:3e:
         87:19:0b:4f:58:2d:31:7f:b6:66:1f:14:95:32:a0:a1:56:53:
         cf:2a:90:a1:96:67:2b:1e:b9:84:62:f7:a6:c8:70:5b:e2:4c:
         25:93:1e:d8:c6:cf:9f:a7:06:71:dc:d9:1f:dc:0a:5d:56:65:
         dd:bf:ca:05:cb:ec:31:e9:5a:1b:f5:16:dd:60:ae:46:f5:fe:
         00:5a:57:73:59:a3:57:84:8a:38:df:39:6a:0f:00:0d:7e:0f:
         27:80:f1:87:91:29:3f:84:4a:0e:fd:fc:57:cc:70:5b:48:4b:
         08:11:2d:42:48:69:9f:b1:e0:5b:2b:13:53:d3:13:5c:55:41:
         fe:45:e2:07
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUM3V/vKjeOjMB35cEmBxiO4osnZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjgyMzU1MDhaFw0yNDA5MjcwMDAwMDhaMDMxMTAvBgNV
BAMTKDY1M0EyOTQ5QjQ1OEEyRTM4QTgwOUUzNzdENjJFNUU3MjZBQjc2NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp64iQY3rAlqQESMoQKCItctmR
jekgwkWqoUpZTNPFk49NDAEBZ/DV0IUwhw9i4MbBuZGv+0EU0SX0K7TMadUogGEA
EgMAm5CY0pdbJysUW1+NWA9kQ3deERpv3fQrRiICLvrlmZrJ3xABmeSb6VUpSUS1
IdgTt8wr8mMnRgW0lKAYC/6hVtYYaAhAiAw41qbpfzk+pi9qS00kLJDi/M3knnLA
AbvD0m0w7eFYuGYe3z/oAYDSt7/1EpON4i9j2e0Z0Z9J9UfRUqY6BYU8UgyBkgZZ
QXv5MKBuk/Xtv1g3HihL2uwEsmWeQIdcFhVU9uc0IlAy2f2telkU75WfEL5NAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUZTopSbRYouOKgJ43fWLl5yardm8wHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMjM4MmUzMTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYAMMA0G
CSqGSIb3DQEBCwUAA4IBAQBfKI1WjzYZqufcWiEPBk4VCXZaIczphuCI6Bb38GA4
bWkkd5apIZUzTr10e9xsUOFCRjtMMQxvBvGVWmREQ2qAvf1vTpC4qhPcdqtaG/VX
TPsrq7zkNHyXnoC1AvfI3wIZKATQ11gbg1Bcvu6f1R6vDrLli3X8Cfaz4ZS5nz6H
GQtPWC0xf7ZmHxSVMqChVlPPKpChlmcrHrmEYvemyHBb4kwlkx7Yxs+fpwZx3Nkf
3ApdVmXdv8oFy+wx6Vob9RbdYK5G9f4AWldzWaNXhIo43zlqDwANfg8ngPGHkSk/
hEoO/fxXzHBbSEsIES1CSGmfseBbKxNT0xNcVUH+ReIH
-----END CERTIFICATE-----