Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203530333835.roa
File:                     34352e31322e38332e302f32342d3234203d3e203530333835.roa (raw, json)
Hash identifier:          JYDPMJd8avQSM13dZtfeE8YSe+20b+YUennHaEFGipE=
Subject key identifier:   37:C6:C7:6E:C6:01:80:03:53:4F:09:62:15:B5:64:90:E7:A0:DF:3E
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       03FB97A7A0CA36DBEE197399A7CD5BFA63397C9E
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203530333835.roa
Signing time:             Sun 19 May 2024 08:50:29 +0000
ROA not before:           Sun 19 May 2024 08:45:29 +0000
ROA not after:            Sun 18 May 2025 08:50:29 +0000
asID:                     50385
IP address blocks:        45.12.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:fb:97:a7:a0:ca:36:db:ee:19:73:99:a7:cd:5b:fa:63:39:7c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: May 19 08:45:29 2024 GMT
            Not After : May 18 08:50:29 2025 GMT
        Subject: CN=37C6C76EC6018003534F096215B56490E7A0DF3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:bc:3a:cb:b0:bc:ac:eb:59:74:50:59:43:ab:
                    27:0c:7c:15:17:df:b0:ed:9e:25:08:0b:62:3f:df:
                    d6:91:3a:b7:44:cb:29:82:19:32:ff:cd:e2:47:dc:
                    97:15:9d:b2:bb:72:c8:a8:b0:50:77:18:18:49:29:
                    77:5f:92:b9:0f:54:00:85:84:29:8d:63:af:ae:ca:
                    9c:dd:26:08:89:ff:7c:46:40:c6:e3:e0:c4:70:49:
                    67:24:ae:31:78:12:a3:bc:94:32:cb:7c:e4:bc:3c:
                    40:44:3d:6f:3d:1c:00:2f:f4:8c:1c:8d:a0:ea:d7:
                    9b:38:5e:7b:44:e3:b2:a3:00:35:55:72:e0:e8:12:
                    5b:eb:fd:9b:80:74:d7:0d:d1:2d:eb:3f:d7:76:90:
                    50:62:18:c5:12:29:22:ed:60:59:f0:83:bb:3a:e5:
                    1f:59:11:97:7f:16:7b:90:2d:35:94:31:b2:8d:a5:
                    be:de:0e:c9:22:9b:75:db:cc:78:85:18:7a:ed:26:
                    6a:4b:77:8c:62:4c:00:3d:3c:d9:c0:64:a6:5b:7b:
                    6c:e4:fd:1a:e8:4a:0b:f0:a0:33:e5:9b:e0:d1:4f:
                    68:f2:d9:7f:2d:9c:25:28:81:5e:3b:f2:b8:39:d7:
                    2d:b9:ee:cf:25:74:ce:2b:25:ea:59:31:83:25:f1:
                    29:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C6:C7:6E:C6:01:80:03:53:4F:09:62:15:B5:64:90:E7:A0:DF:3E
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203530333835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:67:7b:83:94:fb:27:bb:33:5f:c2:aa:3a:a9:23:e4:ae:ba:
         ae:ce:cd:6a:45:d9:16:0e:f5:e9:e5:cb:a4:ef:15:6b:e7:3e:
         44:67:4d:20:99:c1:8a:dd:33:ee:9f:38:cd:5d:56:02:b5:6f:
         0b:85:a0:04:83:1b:f3:16:65:68:7e:f9:61:7a:46:e4:2c:92:
         50:a7:e1:9a:56:35:65:14:57:f2:1e:60:21:46:38:14:63:6c:
         f1:71:2b:b4:59:d4:90:68:77:6d:88:f5:f9:77:2b:dc:c7:e7:
         e6:83:80:95:de:f8:5b:d3:40:30:91:8d:42:75:75:97:ca:bd:
         4d:7f:59:6f:76:b9:94:22:aa:6d:a0:9d:c4:ed:f8:90:96:56:
         08:02:73:34:04:d8:0b:bd:67:0d:cf:67:07:2b:d5:37:d3:13:
         e5:84:7f:d6:95:8e:01:69:cc:8b:90:c9:1e:6f:cf:98:6e:18:
         3d:d3:05:6b:f9:51:c9:6b:52:b1:5e:fa:07:7c:e2:fb:88:3e:
         70:50:ca:c8:94:53:9a:42:38:26:71:ff:d3:da:75:69:38:44:
         7f:c6:29:ce:ad:58:b3:94:15:50:f1:fa:67:aa:2d:c2:84:bc:
         f6:2f:6c:d2:a1:08:a8:b4:4f:a7:4c:54:10:2f:80:f6:b8:f6:
         ee:83:66:2c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUA/uXp6DKNtvuGXOZp81b+mM5fJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA1MTkwODQ1MjlaFw0yNTA1MTgwODUwMjlaMDMxMTAvBgNV
BAMTKDM3QzZDNzZFQzYwMTgwMDM1MzRGMDk2MjE1QjU2NDkwRTdBMERGM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEvDrLsLys61l0UFlDqycMfBUX
37DtniUIC2I/39aROrdEyymCGTL/zeJH3JcVnbK7csiosFB3GBhJKXdfkrkPVACF
hCmNY6+uypzdJgiJ/3xGQMbj4MRwSWckrjF4EqO8lDLLfOS8PEBEPW89HAAv9Iwc
jaDq15s4XntE47KjADVVcuDoElvr/ZuAdNcN0S3rP9d2kFBiGMUSKSLtYFnwg7s6
5R9ZEZd/FnuQLTWUMbKNpb7eDskim3XbzHiFGHrtJmpLd4xiTAA9PNnAZKZbe2zk
/RroSgvwoDPlm+DRT2jy2X8tnCUogV478rg51y257s8ldM4rJepZMYMl8SmTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUN8bHbsYBgANTTwliFbVkkOeg3z4wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzMzM4MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDFMw
DQYJKoZIhvcNAQELBQADggEBAFJne4OU+ye7M1/CqjqpI+Suuq7OzWpF2RYO9enl
y6TvFWvnPkRnTSCZwYrdM+6fOM1dVgK1bwuFoASDG/MWZWh++WF6RuQsklCn4ZpW
NWUUV/IeYCFGOBRjbPFxK7RZ1JBod22I9fl3K9zH5+aDgJXe+FvTQDCRjUJ1dZfK
vU1/WW92uZQiqm2gncTt+JCWVggCczQE2Au9Zw3PZwcr1TfTE+WEf9aVjgFpzIuQ
yR5vz5huGD3TBWv5UclrUrFe+gd84vuIPnBQysiUU5pCOCZx/9PadWk4RH/GKc6t
WLOUFVDx+meqLcKEvPYvbNKhCKi0T6dMVBAvgPa49u6DZiw=
-----END CERTIFICATE-----