Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e203633303233.roa
File:                     3134362e31392e35332e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          UIUwlPA5D3e5sy460G2gO8wlFdikxm8lMNG9M5ZvoMc=
Subject key identifier:   66:72:1F:31:B0:70:24:57:63:3A:01:BC:BF:DD:07:70:40:54:4B:31
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1B0EE4F0D7BC52345EB9F9A4E0A04B340AC24806
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e203633303233.roa
Signing time:             Wed 06 Dec 2023 08:13:36 +0000
ROA not before:           Wed 06 Dec 2023 08:08:36 +0000
ROA not after:            Wed 04 Dec 2024 08:13:36 +0000
asID:                     63023
IP address blocks:        146.19.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:0e:e4:f0:d7:bc:52:34:5e:b9:f9:a4:e0:a0:4b:34:0a:c2:48:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec  6 08:08:36 2023 GMT
            Not After : Dec  4 08:13:36 2024 GMT
        Subject: CN=66721F31B0702457633A01BCBFDD077040544B31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:32:31:02:c6:53:ac:48:71:98:14:44:08:0c:
                    b8:9a:18:de:b1:1d:75:4d:c3:ac:47:ac:24:81:c8:
                    2a:a2:e2:c9:3e:de:76:63:4a:4e:14:f0:3b:a4:7e:
                    e7:19:83:5b:d8:13:9b:b0:c5:70:96:92:32:37:d6:
                    21:72:ac:f7:de:a1:70:17:a2:d6:f6:8e:a6:94:f9:
                    21:cb:5f:34:c1:9d:b8:73:98:db:d6:ee:5d:d6:1f:
                    8e:e2:a4:e6:d4:41:7f:5f:b3:c8:8f:50:6c:4c:1f:
                    22:04:fa:56:44:2d:93:c8:cf:d6:fe:76:92:d5:c6:
                    7f:de:6e:b5:50:3c:23:1f:36:9f:bb:47:8c:55:98:
                    ef:fb:98:1e:86:20:dc:a9:ca:49:b6:9d:c5:04:96:
                    93:48:1c:de:12:61:94:f2:c3:56:62:ac:82:b5:d2:
                    c3:66:1e:82:55:51:d7:5d:ae:d4:00:f8:23:d5:94:
                    90:a2:21:aa:2f:6f:39:65:4c:c2:4d:97:8f:fb:14:
                    16:1e:4a:eb:02:e4:17:4a:8b:c3:80:d5:38:03:27:
                    d5:b7:09:b7:a3:8d:a6:51:5b:4c:b5:43:94:cd:ab:
                    11:f8:62:71:96:99:64:00:05:30:fc:f6:7a:5b:44:
                    d8:52:c0:e8:ca:19:0e:30:c3:13:e1:66:3a:8e:41:
                    7d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:72:1F:31:B0:70:24:57:63:3A:01:BC:BF:DD:07:70:40:54:4B:31
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e35332e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ec:d3:9b:48:da:82:f5:4e:7c:d3:dc:7d:11:8e:b0:72:46:
         e4:f6:64:bd:47:c5:c3:df:fb:da:2d:3f:70:3f:d0:15:5b:00:
         a0:ec:03:21:7e:0a:c8:06:92:ad:b5:d4:d3:01:97:d3:5b:22:
         75:19:8a:80:93:b2:62:e1:4a:cc:12:94:0e:06:28:0a:16:69:
         08:dc:9c:3f:b2:36:8c:e1:25:d8:19:12:f6:6f:5a:ce:22:93:
         be:cb:06:30:6c:95:58:90:5a:ab:0c:58:07:6c:34:1f:aa:3d:
         9a:27:64:78:2c:b3:d7:c0:bb:a4:29:99:62:c4:1e:81:31:45:
         9f:1e:69:e2:b7:37:cf:7f:b2:02:7a:f8:a5:fd:7c:0f:d4:36:
         c0:c8:3d:fa:a3:fc:dd:35:bd:19:3d:87:0c:e2:77:25:da:0f:
         62:38:28:4c:47:dc:96:b0:85:2e:6b:e2:80:10:af:46:c4:ba:
         bf:86:2e:f0:ff:84:bc:ab:32:aa:c9:80:e8:72:e9:2c:c3:6e:
         76:ba:74:a8:77:68:0c:9e:f4:ef:4c:98:77:5d:3d:53:0a:82:
         7b:9c:6b:bd:f8:e3:46:6d:fb:68:02:e9:04:c9:12:28:f8:ed:
         80:f3:c4:bb:7d:a7:7b:a5:75:8f:9c:b4:76:ba:da:67:36:cc:
         6f:9c:85:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGw7k8Ne8UjReufmk4KBLNArCSAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMDYwODA4MzZaFw0yNDEyMDQwODEzMzZaMDMxMTAvBgNV
BAMTKDY2NzIxRjMxQjA3MDI0NTc2MzNBMDFCQ0JGREQwNzcwNDA1NDRCMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSMjECxlOsSHGYFEQIDLiaGN6x
HXVNw6xHrCSByCqi4sk+3nZjSk4U8DukfucZg1vYE5uwxXCWkjI31iFyrPfeoXAX
otb2jqaU+SHLXzTBnbhzmNvW7l3WH47ipObUQX9fs8iPUGxMHyIE+lZELZPIz9b+
dpLVxn/ebrVQPCMfNp+7R4xVmO/7mB6GINypykm2ncUElpNIHN4SYZTyw1ZirIK1
0sNmHoJVUdddrtQA+CPVlJCiIaovbzllTMJNl4/7FBYeSusC5BdKi8OA1TgDJ9W3
CbejjaZRW0y1Q5TNqxH4YnGWmWQABTD89npbRNhSwOjKGQ4wwxPhZjqOQX2rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZnIfMbBwJFdjOgG8v90HcEBUSzEwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMwMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJIT
NTANBgkqhkiG9w0BAQsFAAOCAQEAm+zTm0jagvVOfNPcfRGOsHJG5PZkvUfFw9/7
2i0/cD/QFVsAoOwDIX4KyAaSrbXU0wGX01sidRmKgJOyYuFKzBKUDgYoChZpCNyc
P7I2jOEl2BkS9m9aziKTvssGMGyVWJBaqwxYB2w0H6o9midkeCyz18C7pCmZYsQe
gTFFnx5p4rc3z3+yAnr4pf18D9Q2wMg9+qP83TW9GT2HDOJ3JdoPYjgoTEfclrCF
LmvigBCvRsS6v4Yu8P+EvKsyqsmA6HLpLMNudrp0qHdoDJ7070yYd109UwqCe5xr
vfjjRm37aALpBMkSKPjtgPPEu32ne6V1j5y0drraZzbMb5yFcg==
-----END CERTIFICATE-----