Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e203136353039.roa
File:                     34352e382e3231372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          nfD9zgKANuq/h4YG1YCMSde6NntwQ7HoT9E+OfgbH50=
Subject key identifier:   A6:1A:18:3B:AA:D5:DC:07:D2:5E:E7:02:E0:50:EC:26:86:8D:EB:55
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       030A74D6D926B7F3840A6E174253374C9B5B839D
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e203136353039.roa
Signing time:             Thu 18 Jul 2024 21:12:08 +0000
ROA not before:           Thu 18 Jul 2024 21:07:08 +0000
ROA not after:            Thu 17 Jul 2025 21:12:08 +0000
asID:                     16509
IP address blocks:        45.8.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:0a:74:d6:d9:26:b7:f3:84:0a:6e:17:42:53:37:4c:9b:5b:83:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jul 18 21:07:08 2024 GMT
            Not After : Jul 17 21:12:08 2025 GMT
        Subject: CN=A61A183BAAD5DC07D25EE702E050EC26868DEB55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a3:ee:08:51:11:5a:21:77:a2:8e:01:29:fe:
                    1b:c4:d0:e4:5e:48:77:89:8a:cb:48:b6:98:64:80:
                    5f:69:78:46:74:a3:f8:09:24:73:0b:e7:57:75:2a:
                    f4:bd:10:b9:83:8a:eb:9e:ff:ed:e9:e2:9c:75:3f:
                    17:60:21:7e:bd:0e:17:ba:11:af:c5:bf:de:55:c8:
                    be:06:74:48:e9:1b:0a:42:38:e4:d7:43:1e:56:2d:
                    82:b2:7a:e6:60:28:2e:91:e8:50:82:76:ba:91:03:
                    31:43:72:0c:f4:33:16:3f:1a:bb:13:bb:a4:56:60:
                    e2:78:68:7d:16:f8:3e:59:e8:64:37:c8:46:ca:22:
                    40:43:5d:34:8c:ff:0f:48:78:3f:d0:1e:b0:73:2f:
                    b8:54:25:26:90:ec:ba:95:5c:a7:fb:64:1c:ee:e3:
                    14:a5:a4:31:bb:9a:b2:53:cd:e5:e1:f3:16:5d:1e:
                    16:15:1f:2f:43:69:c1:3b:d8:35:ad:bc:72:0f:66:
                    00:6a:27:16:c4:05:6c:03:8e:7e:17:1b:0e:9f:60:
                    5d:76:30:79:99:91:8f:13:e0:e6:51:ac:6b:e5:04:
                    44:8b:a5:ed:7a:4f:80:a7:2f:c3:87:d6:60:20:2b:
                    ba:f0:0c:98:79:fc:2c:d3:62:4d:4d:cd:25:ab:91:
                    3f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1A:18:3B:AA:D5:DC:07:D2:5E:E7:02:E0:50:EC:26:86:8D:EB:55
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b9:fd:37:dd:b6:6c:d0:67:86:22:dc:54:7e:21:6a:66:f6:
         09:40:ea:8c:9b:d4:43:71:50:99:15:a8:1b:41:2b:00:e5:d9:
         4a:95:1c:07:90:a0:fe:44:ce:ad:85:9e:9f:28:ea:15:b7:64:
         e5:c2:4f:ef:2d:1e:3f:27:ed:20:1f:20:c0:c5:bd:3c:1d:ce:
         00:11:ec:38:7b:85:1b:82:48:3a:3e:ba:2e:dc:29:13:e4:2e:
         a1:76:8e:96:58:ef:ac:b7:2b:5b:68:8f:16:4b:ea:e4:75:63:
         0f:38:77:3d:e0:db:de:d4:72:15:de:70:6e:2f:51:c7:25:03:
         37:ac:4e:3b:6e:ee:43:6a:c7:11:63:55:e2:ea:28:ed:22:57:
         9b:b9:ed:2a:7b:bc:bd:41:b6:a8:f6:ce:42:c9:6c:60:63:5a:
         3a:f0:8b:d2:7f:e1:1f:92:6e:1d:ed:ae:b9:2b:5b:db:9a:46:
         7f:58:7d:24:db:fc:cc:71:c3:b4:16:8d:d9:60:e4:78:4a:6a:
         93:e9:4d:d1:04:ba:01:c1:3c:73:d8:d4:55:08:38:8e:f5:d1:
         bb:22:ca:98:d2:a0:c8:4c:f6:27:01:52:9d:27:35:2f:ef:31:
         a3:a3:ed:62:c1:c9:2f:81:8c:83:6e:61:9c:7f:74:a2:3b:a5:
         27:dc:c3:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAwp01tkmt/OECm4XQlM3TJtbg50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA3MTgyMTA3MDhaFw0yNTA3MTcyMTEyMDhaMDMxMTAvBgNV
BAMTKEE2MUExODNCQUFENURDMDdEMjVFRTcwMkUwNTBFQzI2ODY4REVCNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpo+4IURFaIXeijgEp/hvE0ORe
SHeJistItphkgF9peEZ0o/gJJHML51d1KvS9ELmDiuue/+3p4px1PxdgIX69Dhe6
Ea/Fv95VyL4GdEjpGwpCOOTXQx5WLYKyeuZgKC6R6FCCdrqRAzFDcgz0MxY/GrsT
u6RWYOJ4aH0W+D5Z6GQ3yEbKIkBDXTSM/w9IeD/QHrBzL7hUJSaQ7LqVXKf7ZBzu
4xSlpDG7mrJTzeXh8xZdHhYVHy9DacE72DWtvHIPZgBqJxbEBWwDjn4XGw6fYF12
MHmZkY8T4OZRrGvlBESLpe16T4CnL8OH1mAgK7rwDJh5/CzTYk1NzSWrkT8/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUphoYO6rV3AfSXucC4FDsJoaN61UwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtCNkw
DQYJKoZIhvcNAQELBQADggEBACK5/TfdtmzQZ4Yi3FR+IWpm9glA6oyb1ENxUJkV
qBtBKwDl2UqVHAeQoP5Ezq2Fnp8o6hW3ZOXCT+8tHj8n7SAfIMDFvTwdzgAR7Dh7
hRuCSDo+ui7cKRPkLqF2jpZY76y3K1tojxZL6uR1Yw84dz3g297UchXecG4vUccl
AzesTjtu7kNqxxFjVeLqKO0iV5u57Sp7vL1Btqj2zkLJbGBjWjrwi9J/4R+Sbh3t
rrkrW9uaRn9YfSTb/Mxxw7QWjdlg5HhKapPpTdEEugHBPHPY1FUIOI710bsiypjS
oMhM9icBUp0nNS/vMaOj7WLByS+BjINuYZx/dKI7pSfcw24=
-----END CERTIFICATE-----