Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa
File:                     34352e3133322e3231382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          cY69z9/SUAKAZFyidUOH2kqRa5ziPRt7vN4h9tGFTeE=
Subject key identifier:   39:62:C6:00:2F:61:A6:9F:DC:4F:F3:AE:1D:BD:8A:1E:61:A8:CF:38
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       6194B10873F8694D7729ED8E378528B9203A6416
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa
Signing time:             Wed 13 Mar 2024 12:11:44 +0000
ROA not before:           Wed 13 Mar 2024 12:06:44 +0000
ROA not after:            Wed 12 Mar 2025 12:11:44 +0000
asID:                     2914
IP address blocks:        45.132.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:94:b1:08:73:f8:69:4d:77:29:ed:8e:37:85:28:b9:20:3a:64:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar 13 12:06:44 2024 GMT
            Not After : Mar 12 12:11:44 2025 GMT
        Subject: CN=3962C6002F61A69FDC4FF3AE1DBD8A1E61A8CF38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:23:6b:83:e7:64:5f:48:21:8e:60:bd:c0:b7:
                    45:91:de:61:ac:02:f4:d0:0b:6a:44:ad:a4:14:42:
                    56:34:74:f5:20:94:f7:71:1a:f0:9e:51:9c:0a:88:
                    8a:ea:dc:b8:f1:54:64:66:8b:73:1f:c4:b5:bb:6c:
                    87:57:90:f7:26:0f:a0:3e:06:f4:54:27:70:7b:1d:
                    34:6b:f7:0b:b2:ba:7a:93:2a:dd:1e:f9:9a:a6:72:
                    94:56:f8:23:40:f7:9b:b0:ac:d5:a5:c2:89:22:4d:
                    f4:1c:76:2c:81:cb:d6:4a:ba:f9:98:ee:eb:a0:98:
                    2b:08:41:e7:f3:23:17:c6:02:72:d3:fb:5f:95:f5:
                    c2:e6:b2:92:98:04:13:62:db:e7:9c:06:a6:fc:3d:
                    54:38:e7:1f:23:79:77:ba:41:be:6b:81:a5:5b:c0:
                    fb:bc:34:a1:40:1b:15:cf:5d:fa:fd:57:18:e0:1d:
                    a8:ab:84:ad:63:9b:ce:25:0e:73:ca:13:ea:5b:04:
                    e8:90:70:5d:13:dd:cd:82:c6:01:ec:ff:29:6f:46:
                    72:49:d6:81:15:5c:14:2d:8b:02:a0:a1:17:6b:9f:
                    ba:3c:77:5c:a5:39:91:b0:47:c0:8c:85:f3:98:b3:
                    b7:4c:57:53:a9:d0:69:db:2e:02:b0:c6:3b:20:56:
                    da:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:62:C6:00:2F:61:A6:9F:DC:4F:F3:AE:1D:BD:8A:1E:61:A8:CF:38
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:05:75:db:57:b9:db:3e:f2:cc:f3:f8:73:6b:9f:e9:bb:a2:
         d8:2f:3b:ef:5b:f1:19:f2:1b:0d:88:5a:47:4d:d1:b0:25:0c:
         39:4b:cb:fe:27:ac:c3:79:db:a9:7e:b8:68:8b:1d:89:d0:d1:
         34:10:09:87:31:4a:1c:30:60:45:aa:b0:e1:ab:dd:a1:00:53:
         eb:c5:7c:66:32:af:61:c0:dc:7c:d3:db:e3:ab:6b:42:54:17:
         88:59:61:51:22:fd:20:ca:b9:59:d9:4c:25:83:5f:7c:2e:57:
         3b:3f:3a:28:cc:ac:ea:8b:ab:54:6e:fa:90:88:51:a3:aa:ca:
         e6:7e:9d:2f:a3:86:43:65:8e:2b:b2:aa:1a:3e:73:1b:f9:16:
         9b:5e:01:fa:b4:13:a6:a9:77:c9:62:bf:6b:73:5e:20:14:0b:
         3f:ae:2b:85:8a:36:76:23:a6:86:e4:8e:20:8e:83:22:63:b9:
         f9:86:dd:a3:3f:f4:af:9b:a4:89:fa:0f:50:34:ac:ff:88:92:
         97:7a:73:1e:35:5a:c4:1e:8f:8c:6f:18:b0:7d:cc:5c:cc:63:
         54:01:28:97:80:e3:12:63:aa:b4:58:53:26:1d:9f:96:2b:89:
         40:3a:dc:3c:94:af:2e:24:2f:38:81:a7:b7:da:2b:93:5f:0a:
         bc:f2:74:f2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYZSxCHP4aU13Ke2ON4UouSA6ZBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDAzMTMxMjA2NDRaFw0yNTAzMTIxMjExNDRaMDMxMTAvBgNV
BAMTKDM5NjJDNjAwMkY2MUE2OUZEQzRGRjNBRTFEQkQ4QTFFNjFBOENGMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGI2uD52RfSCGOYL3At0WR3mGs
AvTQC2pEraQUQlY0dPUglPdxGvCeUZwKiIrq3LjxVGRmi3MfxLW7bIdXkPcmD6A+
BvRUJ3B7HTRr9wuyunqTKt0e+ZqmcpRW+CNA95uwrNWlwokiTfQcdiyBy9ZKuvmY
7uugmCsIQefzIxfGAnLT+1+V9cLmspKYBBNi2+ecBqb8PVQ45x8jeXe6Qb5rgaVb
wPu8NKFAGxXPXfr9VxjgHairhK1jm84lDnPKE+pbBOiQcF0T3c2CxgHs/ylvRnJJ
1oEVXBQtiwKgoRdrn7o8d1ylOZGwR8CMhfOYs7dMV1Op0GnbLgKwxjsgVtrRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOWLGAC9hpp/cT/OuHb2KHmGozzgwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
2jANBgkqhkiG9w0BAQsFAAOCAQEAmwV121e52z7yzPP4c2uf6bui2C8771vxGfIb
DYhaR03RsCUMOUvL/iesw3nbqX64aIsdidDRNBAJhzFKHDBgRaqw4avdoQBT68V8
ZjKvYcDcfNPb46trQlQXiFlhUSL9IMq5WdlMJYNffC5XOz86KMys6ourVG76kIhR
o6rK5n6dL6OGQ2WOK7KqGj5zG/kWm14B+rQTpql3yWK/a3NeIBQLP64rhYo2diOm
huSOII6DImO5+Ybdoz/0r5ukifoPUDSs/4iSl3pzHjVaxB6PjG8YsH3MXMxjVAEo
l4DjEmOqtFhTJh2fliuJQDrcPJSvLiQvOIGnt9ork18KvPJ08g==
-----END CERTIFICATE-----