Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e203134333135.roa
File:                     34352e38372e3137352e302f32342d3234203d3e203134333135.roa (raw, json)
Hash identifier:          B7tQW2yTLLIrp0qQhpQLduuEaIwPejIUWGQFGWH3ty0=
Subject key identifier:   7E:EB:04:C4:04:4B:AE:47:D2:AD:49:24:9D:D2:2E:9F:B3:A7:93:2C
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       24B6A63CAE77ACF6E5035DDAB7C3130BD742862E
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e203134333135.roa
Signing time:             Wed 05 Jun 2024 09:14:38 +0000
ROA not before:           Wed 05 Jun 2024 09:09:38 +0000
ROA not after:            Wed 04 Jun 2025 09:14:38 +0000
asID:                     14315
IP address blocks:        45.87.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b6:a6:3c:ae:77:ac:f6:e5:03:5d:da:b7:c3:13:0b:d7:42:86:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  5 09:09:38 2024 GMT
            Not After : Jun  4 09:14:38 2025 GMT
        Subject: CN=7EEB04C4044BAE47D2AD49249DD22E9FB3A7932C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:62:49:33:cf:39:f4:cf:7a:06:fb:f9:ad:c1:
                    be:59:33:d5:cd:ce:29:5b:79:2a:ff:72:d6:b1:45:
                    1c:08:7e:c1:93:ab:29:68:75:3e:3a:55:81:c7:81:
                    3e:70:8b:ca:9a:1c:77:72:1a:74:75:8c:74:9e:60:
                    7a:d7:87:d6:53:3e:f6:30:a4:38:38:a2:88:4f:ba:
                    df:32:ab:29:15:28:f5:c0:ed:40:fd:d8:a2:e1:2a:
                    65:ee:19:a4:65:07:31:f6:7b:25:c8:9e:fc:c3:b5:
                    0f:8d:eb:e9:f1:61:7b:c7:e1:db:3d:64:b1:a4:1f:
                    1b:6d:a0:6d:a9:fa:85:5f:31:84:0c:06:10:f6:8f:
                    cc:3e:8f:a7:fc:66:87:3b:a2:e3:d3:4b:53:c5:af:
                    80:5b:7d:19:a0:f2:cb:a9:c4:68:ab:f7:5e:54:ce:
                    75:38:e5:07:fd:74:f9:03:8e:72:a4:25:76:af:39:
                    e2:7d:c1:ad:a5:97:cd:de:79:19:18:57:71:37:fa:
                    45:12:c1:68:77:d5:2b:99:aa:d9:87:9d:84:23:03:
                    47:cb:8c:95:cf:fb:b4:86:1c:42:d4:f8:8e:99:59:
                    ea:77:2f:b6:bf:1b:3a:be:54:63:16:4c:cf:2d:72:
                    13:ae:7f:cd:bc:1f:cd:b8:97:8c:fd:30:7d:63:95:
                    ac:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:EB:04:C4:04:4B:AE:47:D2:AD:49:24:9D:D2:2E:9F:B3:A7:93:2C
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e203134333135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:b7:4b:57:b6:a5:11:9a:06:bd:9d:9b:cc:d8:91:f3:a4:01:
         08:ce:7b:2d:6c:9b:ed:46:11:72:78:b8:0b:1d:28:a5:01:50:
         f8:c6:64:d1:34:2e:83:b4:ba:94:ad:fa:64:e5:d9:74:46:32:
         0c:05:17:88:eb:7f:b8:49:d8:2e:08:55:67:a6:ab:fa:9d:14:
         73:8c:6d:1f:da:87:5f:82:78:bc:3f:43:da:51:b0:81:33:a0:
         3e:8c:13:5e:1d:45:be:fc:9d:df:78:b5:8b:b9:cd:4e:f2:ab:
         bf:26:87:53:86:15:fe:fb:42:5d:b0:bb:72:ad:fd:c8:c6:56:
         fb:ed:ab:aa:d9:a5:7d:85:7a:a1:a6:25:5a:9d:f5:f4:78:21:
         bc:e3:c4:07:11:95:d6:8f:69:20:e6:49:a2:63:aa:5b:98:ba:
         98:bd:91:35:66:a1:08:9d:88:6c:d9:b0:37:f8:bb:5b:1c:46:
         55:e7:56:a6:f8:a1:39:d7:4d:b6:0e:73:e8:59:70:26:43:4f:
         1e:5d:c4:01:df:92:06:36:5d:eb:5b:dc:3a:40:ac:69:b6:81:
         e9:b3:ec:e3:1e:e8:69:03:c1:3b:1b:e5:b6:e2:83:c8:8c:a3:
         55:bd:42:73:8a:74:0b:d4:be:a1:42:5c:96:75:1c:4e:69:d8:
         92:a6:9e:80
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJLamPK53rPblA13at8MTC9dChi4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA2MDUwOTA5MzhaFw0yNTA2MDQwOTE0MzhaMDMxMTAvBgNV
BAMTKDdFRUIwNEM0MDQ0QkFFNDdEMkFENDkyNDlERDIyRTlGQjNBNzkzMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYkkzzzn0z3oG+/mtwb5ZM9XN
zilbeSr/ctaxRRwIfsGTqylodT46VYHHgT5wi8qaHHdyGnR1jHSeYHrXh9ZTPvYw
pDg4oohPut8yqykVKPXA7UD92KLhKmXuGaRlBzH2eyXInvzDtQ+N6+nxYXvH4ds9
ZLGkHxttoG2p+oVfMYQMBhD2j8w+j6f8Zoc7ouPTS1PFr4BbfRmg8supxGir915U
znU45Qf9dPkDjnKkJXavOeJ9wa2ll83eeRkYV3E3+kUSwWh31SuZqtmHnYQjA0fL
jJXP+7SGHELU+I6ZWep3L7a/Gzq+VGMWTM8tchOuf828H824l4z9MH1jlaz/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfusExARLrkfSrUkkndIun7OnkywwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDMzMzEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1X
rzANBgkqhkiG9w0BAQsFAAOCAQEAtbdLV7alEZoGvZ2bzNiR86QBCM57LWyb7UYR
cni4Cx0opQFQ+MZk0TQug7S6lK36ZOXZdEYyDAUXiOt/uEnYLghVZ6ar+p0Uc4xt
H9qHX4J4vD9D2lGwgTOgPowTXh1Fvvyd33i1i7nNTvKrvyaHU4YV/vtCXbC7cq39
yMZW++2rqtmlfYV6oaYlWp319HghvOPEBxGV1o9pIOZJomOqW5i6mL2RNWahCJ2I
bNmwN/i7WxxGVedWpvihOddNtg5z6FlwJkNPHl3EAd+SBjZd61vcOkCsabaB6bPs
4x7oaQPBOxvltuKDyIyjVb1Cc4p0C9S+oUJclnUcTmnYkqaegA==
-----END CERTIFICATE-----