Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33392e302f32342d3234203d3e20383334.roa
File:                     34352e3134302e33392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CovywNiAs0DzdoAuC/T6JPIdM8USW7QVtJ5gnmHtMzY=
Subject key identifier:   DC:13:19:08:BC:0C:86:1B:78:91:B3:5D:29:61:F3:77:81:27:FD:DD
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       5935052C8923B37D8CA98FE79C8C0C3498B07EE4
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33392e302f32342d3234203d3e20383334.roa
Signing time:             Wed 27 Mar 2024 00:01:37 +0000
ROA not before:           Tue 26 Mar 2024 23:56:37 +0000
ROA not after:            Wed 26 Mar 2025 00:01:37 +0000
asID:                     834
IP address blocks:        45.140.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:35:05:2c:89:23:b3:7d:8c:a9:8f:e7:9c:8c:0c:34:98:b0:7e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar 26 23:56:37 2024 GMT
            Not After : Mar 26 00:01:37 2025 GMT
        Subject: CN=DC131908BC0C861B7891B35D2961F3778127FDDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:64:da:af:f7:74:ca:9b:f3:8e:69:fa:93:6b:
                    cb:00:0b:d2:17:09:f3:69:6d:18:a2:01:c5:1a:d7:
                    be:aa:4b:23:7e:7d:1f:70:2e:7a:e1:a8:25:5e:52:
                    46:83:c4:dc:a1:1a:50:19:bf:9c:4a:52:4b:fc:54:
                    f0:04:92:15:7e:0d:c7:e6:6a:7e:7f:bc:4c:c1:61:
                    87:d1:cc:70:b1:ce:57:03:fa:62:38:1f:38:df:26:
                    40:9c:df:f0:05:09:66:8a:d3:96:bb:c0:cf:b7:8b:
                    7c:99:45:0d:02:e6:cd:3f:ca:6f:f3:43:33:22:5b:
                    68:23:36:fc:80:5b:d9:3a:bb:7e:d7:71:75:cd:c4:
                    6e:ff:9f:0c:86:0b:36:8e:7c:ad:67:ce:a4:7b:3a:
                    0a:f9:16:a4:31:00:7e:6d:05:a5:27:b7:82:fb:79:
                    db:56:73:02:d8:c1:99:74:0a:98:e2:81:bd:22:92:
                    70:ab:a3:17:73:28:9e:09:bd:d8:e0:14:93:af:25:
                    35:c8:ac:56:ce:a1:ff:97:ae:72:17:80:74:13:e7:
                    f3:85:4b:a2:ea:b5:de:b8:0f:05:fc:0d:7b:b6:57:
                    00:49:04:13:87:b9:9a:7e:9a:a6:02:d2:79:38:43:
                    bb:3b:d2:27:cf:b7:83:f3:a0:82:c6:1b:44:f2:f5:
                    71:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:13:19:08:BC:0C:86:1B:78:91:B3:5D:29:61:F3:77:81:27:FD:DD
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:32:54:9f:7e:74:5a:65:14:1a:27:a9:8e:c5:72:58:34:57:
         b0:52:5e:cc:e1:31:63:ae:b5:e3:4e:78:4d:4a:05:7d:35:74:
         60:e6:51:59:ff:40:ad:79:86:ca:41:43:28:b1:28:dd:ce:c0:
         fd:f9:96:d3:17:25:00:0a:c9:59:38:b4:c7:04:69:e4:5b:96:
         d3:4f:d9:52:17:c3:98:75:83:48:f9:22:29:b4:9d:63:5d:9e:
         4f:f5:f7:e7:dc:f8:df:8d:c6:a0:92:c1:60:22:e0:7e:9e:a4:
         7a:c7:5a:5d:08:7d:68:8f:d8:b9:6a:57:e5:50:62:1d:80:cf:
         1a:6c:08:31:45:2d:b5:53:b7:b3:69:2e:67:42:91:2d:13:14:
         74:ba:fd:ec:f3:9a:7a:e8:ed:50:1a:88:30:8e:d2:ca:3f:71:
         25:d9:e6:76:a2:bb:ab:4d:a7:27:a3:3b:69:52:e7:cb:b2:76:
         6b:e5:db:1a:09:a4:86:b7:4b:9f:96:3e:4f:10:db:f9:f9:1c:
         b2:f2:b9:7c:b3:c1:d0:ad:2d:2f:45:13:a9:43:5f:f3:72:1a:
         8f:28:ba:01:f5:27:c1:83:bc:92:da:f5:dd:6b:a6:7c:46:ce:
         e7:3e:bd:e7:83:29:06:a6:c7:bc:e7:c9:a2:a2:a2:31:24:d0:
         96:bc:72:02
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWTUFLIkjs32MqY/nnIwMNJiwfuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDAzMjYyMzU2MzdaFw0yNTAzMjYwMDAxMzdaMDMxMTAvBgNV
BAMTKERDMTMxOTA4QkMwQzg2MUI3ODkxQjM1RDI5NjFGMzc3ODEyN0ZEREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZZNqv93TKm/OOafqTa8sAC9IX
CfNpbRiiAcUa176qSyN+fR9wLnrhqCVeUkaDxNyhGlAZv5xKUkv8VPAEkhV+Dcfm
an5/vEzBYYfRzHCxzlcD+mI4HzjfJkCc3/AFCWaK05a7wM+3i3yZRQ0C5s0/ym/z
QzMiW2gjNvyAW9k6u37XcXXNxG7/nwyGCzaOfK1nzqR7Ogr5FqQxAH5tBaUnt4L7
edtWcwLYwZl0Cpjigb0iknCroxdzKJ4JvdjgFJOvJTXIrFbOof+XrnIXgHQT5/OF
S6Lqtd64DwX8DXu2VwBJBBOHuZp+mqYC0nk4Q7s70ifPt4PzoILGG0Ty9XErAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3BMZCLwMhht4kbNdKWHzd4En/d0wHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwnMA0G
CSqGSIb3DQEBCwUAA4IBAQAYMlSffnRaZRQaJ6mOxXJYNFewUl7M4TFjrrXjTnhN
SgV9NXRg5lFZ/0CteYbKQUMosSjdzsD9+ZbTFyUACslZOLTHBGnkW5bTT9lSF8OY
dYNI+SIptJ1jXZ5P9ffn3PjfjcagksFgIuB+nqR6x1pdCH1oj9i5alflUGIdgM8a
bAgxRS21U7ezaS5nQpEtExR0uv3s85p66O1QGogwjtLKP3El2eZ2orurTacnoztp
UufLsnZr5dsaCaSGt0uflj5PENv5+Ryy8rl8s8HQrS0vRROpQ1/zchqPKLoB9SfB
g7yS2vXda6Z8Rs7nPr3ngykGpse858mioqIxJNCWvHIC
-----END CERTIFICATE-----