Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32342d3234203d3e203634323637.roa
File:                     34352e38312e35362e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier:          Gb2rbwC5SwQE4+PWclkn6jTrRvIwMZDTLmgzvBaHDS0=
Subject key identifier:   B1:B2:36:BD:E7:36:D9:87:0C:DF:0B:9F:6E:39:43:B5:69:A6:74:D8
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       357CAFDB466D6BFB1253667DDC30A9C502A0BE42
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32342d3234203d3e203634323637.roa
Signing time:             Wed 27 Dec 2023 13:42:28 +0000
ROA not before:           Wed 27 Dec 2023 13:37:28 +0000
ROA not after:            Wed 25 Dec 2024 13:42:28 +0000
asID:                     64267
IP address blocks:        45.81.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:09:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7c:af:db:46:6d:6b:fb:12:53:66:7d:dc:30:a9:c5:02:a0:be:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Dec 27 13:37:28 2023 GMT
            Not After : Dec 25 13:42:28 2024 GMT
        Subject: CN=B1B236BDE736D9870CDF0B9F6E3943B569A674D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b6:2c:69:dd:65:fb:b3:81:08:18:c1:f9:32:
                    3b:eb:9e:ac:8e:b1:f9:18:5c:a9:a0:27:98:2f:87:
                    11:ef:36:73:ad:15:90:39:6f:92:3b:5e:71:89:2f:
                    c1:c5:20:7f:82:6b:0c:03:aa:2a:29:af:62:ce:57:
                    ee:c0:0d:d4:7c:7c:fa:b7:eb:74:69:41:39:df:e3:
                    75:80:4d:36:ac:7a:70:68:02:64:c7:b4:68:55:5e:
                    be:3d:a8:34:50:6d:dc:52:02:93:03:bd:d5:1b:ed:
                    87:e7:a4:a8:d1:1d:a4:a2:00:b4:f7:f1:cd:c9:1f:
                    a7:35:9e:3a:9c:3e:35:b0:18:47:e9:fb:bb:c6:1c:
                    99:07:8e:90:0f:7e:b2:4f:c1:87:ac:c2:95:08:85:
                    71:c6:80:66:00:07:48:3e:1f:50:f5:39:a2:49:39:
                    bc:96:ed:80:7a:cc:9f:a6:2e:50:df:c9:b6:08:fa:
                    ef:f6:60:23:ca:9b:d0:f3:42:ff:9f:80:6c:40:ac:
                    c1:7d:8c:c9:a7:ce:bc:c3:3f:4a:11:2b:a7:2d:ce:
                    77:bb:79:49:82:12:e4:46:3c:a5:16:45:25:9f:8b:
                    20:a5:78:d2:02:9a:f0:4d:0e:64:cf:a0:25:20:5e:
                    54:df:70:c3:31:c2:9a:f3:1f:61:75:88:e9:75:94:
                    ce:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B2:36:BD:E7:36:D9:87:0C:DF:0B:9F:6E:39:43:B5:69:A6:74:D8
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32342d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:71:52:31:49:58:68:5a:c2:b2:ce:9e:17:1b:94:90:59:b4:
         d7:01:1a:4e:66:b9:93:ea:c1:5b:0d:29:38:fe:09:f3:9a:07:
         b9:73:d1:d5:86:cb:e9:d0:1e:1f:33:4d:1b:c5:5c:6d:99:0d:
         c9:f1:93:5b:04:1a:91:ad:33:9b:c1:4f:6f:b4:96:9f:a9:d7:
         45:0b:98:b5:7c:bf:99:c2:ab:90:27:5f:16:04:1b:d3:3a:92:
         8b:2f:d1:bb:63:53:6d:8c:89:c7:10:4f:4e:de:c8:a7:be:f1:
         e6:68:20:7b:a5:64:fe:ba:42:aa:9e:9e:db:3a:7b:2b:41:90:
         7e:b2:22:7e:60:47:18:79:1b:7d:24:8b:d0:f3:d2:fa:a7:68:
         fd:df:e8:2f:ec:93:71:ee:a8:9a:36:ea:32:e7:c1:3a:0b:fb:
         c3:8a:b2:56:73:14:7a:b9:1f:54:80:fc:4c:34:05:6c:e9:4e:
         71:39:0d:85:f4:16:9b:e4:f8:e2:ac:23:ab:6b:b8:36:78:b0:
         16:40:b3:13:d9:58:c3:d5:c2:98:27:e2:1c:07:09:16:78:1b:
         2e:06:65:c9:71:a6:f2:8f:40:3a:a3:b9:8f:b8:86:0e:8c:10:
         e1:56:80:33:f4:cf:ad:ef:44:a4:d1:d0:23:80:17:8b:59:8d:
         a2:8e:c0:63
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNXyv20Zta/sSU2Z93DCpxQKgvkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yMzEyMjcxMzM3MjhaFw0yNDEyMjUxMzQyMjhaMDMxMTAvBgNV
BAMTKEIxQjIzNkJERTczNkQ5ODcwQ0RGMEI5RjZFMzk0M0I1NjlBNjc0RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1tixp3WX7s4EIGMH5MjvrnqyO
sfkYXKmgJ5gvhxHvNnOtFZA5b5I7XnGJL8HFIH+CawwDqiopr2LOV+7ADdR8fPq3
63RpQTnf43WATTasenBoAmTHtGhVXr49qDRQbdxSApMDvdUb7YfnpKjRHaSiALT3
8c3JH6c1njqcPjWwGEfp+7vGHJkHjpAPfrJPwYeswpUIhXHGgGYAB0g+H1D1OaJJ
ObyW7YB6zJ+mLlDfybYI+u/2YCPKm9DzQv+fgGxArMF9jMmnzrzDP0oRK6ctzne7
eUmCEuRGPKUWRSWfiyCleNICmvBNDmTPoCUgXlTfcMMxwprzH2F1iOl1lM4LAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUsbI2vec22YcM3wufbjlDtWmmdNgwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzQzMjM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUTgw
DQYJKoZIhvcNAQELBQADggEBACxxUjFJWGhawrLOnhcblJBZtNcBGk5muZPqwVsN
KTj+CfOaB7lz0dWGy+nQHh8zTRvFXG2ZDcnxk1sEGpGtM5vBT2+0lp+p10ULmLV8
v5nCq5AnXxYEG9M6kosv0btjU22MiccQT07eyKe+8eZoIHulZP66Qqqents6eytB
kH6yIn5gRxh5G30ki9Dz0vqnaP3f6C/sk3HuqJo26jLnwToL+8OKslZzFHq5H1SA
/Ew0BWzpTnE5DYX0Fpvk+OKsI6truDZ4sBZAsxPZWMPVwpgn4hwHCRZ4Gy4GZclx
pvKPQDqjuY+4hg6MEOFWgDP0z63vRKTR0COAF4tZjaKOwGM=
-----END CERTIFICATE-----