Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa
File:                     34352e3134302e33382e302f32342d3234203d3e203330363434.roa (raw, json)
Hash identifier:          z1HF1T7XXJcCThD4rSsJaCraQGyamd45ES+jY/kLsks=
Subject key identifier:   88:90:19:5A:84:3B:5C:33:8C:13:EF:DA:2F:EA:2C:87:9D:C1:8B:90
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       1F8FCC5E4F485BFF51713EA211BA17A25E0F2705
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa
Signing time:             Wed 27 Sep 2023 12:05:25 +0000
ROA not before:           Wed 27 Sep 2023 12:00:25 +0000
ROA not after:            Wed 25 Sep 2024 12:05:25 +0000
asID:                     30644
IP address blocks:        45.140.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:8f:cc:5e:4f:48:5b:ff:51:71:3e:a2:11:ba:17:a2:5e:0f:27:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:25 2023 GMT
            Not After : Sep 25 12:05:25 2024 GMT
        Subject: CN=8890195A843B5C338C13EFDA2FEA2C879DC18B90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:dc:74:ca:7d:7d:01:e3:74:81:6f:07:a4:29:
                    bf:60:f8:4b:9a:13:fe:df:71:4e:fb:90:76:bf:0f:
                    b4:62:8a:02:ed:ee:f4:b6:74:9e:5e:57:c8:15:39:
                    40:fd:77:6b:71:a2:4a:7f:5e:4a:70:64:ec:97:4f:
                    1c:ff:66:d1:b8:80:fb:31:3a:23:8a:a9:6e:8e:24:
                    91:fd:35:d3:5c:73:6b:63:15:47:48:5f:2b:4a:ae:
                    bb:21:cf:53:38:53:46:63:0c:97:e0:8e:ea:45:e9:
                    f3:68:d5:1d:a4:d0:ae:b4:08:6d:ca:c0:60:33:b0:
                    b0:32:4b:c6:86:c2:c3:30:36:ca:2a:a0:6c:7a:37:
                    2a:16:4f:f4:e8:e3:f2:a2:16:d2:3a:31:85:77:65:
                    3a:5e:bd:55:a5:d4:3d:85:4f:27:c8:be:71:52:30:
                    76:10:b1:32:38:ee:75:f2:39:5f:e3:95:6c:0a:6b:
                    41:e4:29:e9:33:dc:1c:61:3b:ea:d3:2e:88:b4:ba:
                    ee:dd:68:df:6d:be:94:ab:36:33:4c:d4:71:b1:00:
                    c9:6f:cb:1e:f5:f7:8a:12:00:a8:2f:37:d7:72:75:
                    4a:15:9f:bf:bc:b3:26:e9:8d:09:e6:a4:2f:61:bf:
                    43:29:06:74:dc:52:24:a5:4b:69:08:0a:68:e5:51:
                    90:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:90:19:5A:84:3B:5C:33:8C:13:EF:DA:2F:EA:2C:87:9D:C1:8B:90
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:de:f1:d4:89:17:27:7d:91:4e:21:e3:23:cd:45:e4:53:82:
         d9:61:73:bc:17:df:ef:9d:8e:8a:06:f7:a9:c3:2a:f0:09:c7:
         61:b0:3b:d0:3c:1d:91:f6:d7:27:9c:e4:ff:b2:40:28:90:1a:
         87:35:5f:39:08:40:d1:41:32:fe:d1:ac:51:6b:48:c4:36:30:
         7b:35:86:49:93:fc:18:e8:b4:04:12:c3:5e:a1:cf:a1:c2:a4:
         3f:49:f2:ef:f9:62:27:b1:16:4e:d6:12:7d:11:e6:5b:79:da:
         53:3a:1c:31:b3:48:46:42:ba:dc:3b:07:03:a1:bc:d9:f4:67:
         c7:58:e1:55:d6:23:80:31:cb:8c:e3:bf:79:5d:03:72:a2:21:
         46:b3:72:50:e9:70:49:61:6d:c2:d2:0e:63:51:8b:46:af:c0:
         89:89:be:74:1b:ce:0e:da:d7:f4:09:9c:df:b8:26:98:72:8d:
         0d:d8:41:78:f8:d0:42:56:45:c1:1a:8d:a2:a0:93:5e:6d:d6:
         85:15:b6:ec:2f:0d:96:b3:ef:02:ab:cb:a4:14:bd:0c:30:f9:
         95:9f:21:4d:a6:d6:3b:9f:9f:46:50:0c:c7:72:dd:e8:30:ed:
         fa:7b:3e:65:6a:81:75:7c:f1:13:f9:f3:a9:61:24:e4:90:8a:
         fd:76:de:da
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUH4/MXk9IW/9RcT6iEboXol4PJwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMjVaFw0yNDA5MjUxMjA1MjVaMDMxMTAvBgNV
BAMTKDg4OTAxOTVBODQzQjVDMzM4QzEzRUZEQTJGRUEyQzg3OURDMThCOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDq3HTKfX0B43SBbwekKb9g+Eua
E/7fcU77kHa/D7RiigLt7vS2dJ5eV8gVOUD9d2txokp/XkpwZOyXTxz/ZtG4gPsx
OiOKqW6OJJH9NdNcc2tjFUdIXytKrrshz1M4U0ZjDJfgjupF6fNo1R2k0K60CG3K
wGAzsLAyS8aGwsMwNsoqoGx6NyoWT/To4/KiFtI6MYV3ZTpevVWl1D2FTyfIvnFS
MHYQsTI47nXyOV/jlWwKa0HkKekz3BxhO+rTLoi0uu7daN9tvpSrNjNM1HGxAMlv
yx7194oSAKgvN9dydUoVn7+8sybpjQnmpC9hv0MpBnTcUiSlS2kICmjlUZBbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiJAZWoQ7XDOME+/aL+osh53Bi5AwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMDM2MzQzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2M
JjANBgkqhkiG9w0BAQsFAAOCAQEAh97x1IkXJ32RTiHjI81F5FOC2WFzvBff752O
igb3qcMq8AnHYbA70DwdkfbXJ5zk/7JAKJAahzVfOQhA0UEy/tGsUWtIxDYwezWG
SZP8GOi0BBLDXqHPocKkP0ny7/liJ7EWTtYSfRHmW3naUzocMbNIRkK63DsHA6G8
2fRnx1jhVdYjgDHLjOO/eV0DcqIhRrNyUOlwSWFtwtIOY1GLRq/AiYm+dBvODtrX
9Amc37gmmHKNDdhBePjQQlZFwRqNoqCTXm3WhRW27C8NlrPvAqvLpBS9DDD5lZ8h
TabWO5+fRlAMx3Ld6DDt+ns+ZWqBdXzxE/nzqWEk5JCK/Xbe2g==
-----END CERTIFICATE-----