Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
File:                     34352e382e3231382e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          fFoVzPmBBS3RRm+U3RPtjG4VEvF1de7uQ6FGaPF9XH0=
Subject key identifier:   7F:CC:A4:F5:9E:0A:5F:76:C1:0B:87:2E:3A:E2:BD:A6:52:D4:85:1F
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       20B5D30A4C62F517FF142207C2F40E9D5377D793
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
Signing time:             Fri 22 Nov 2024 08:43:28 +0000
ROA not before:           Fri 22 Nov 2024 08:38:28 +0000
ROA not after:            Fri 21 Nov 2025 08:43:28 +0000
asID:                     212384
IP address blocks:        45.8.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b5:d3:0a:4c:62:f5:17:ff:14:22:07:c2:f4:0e:9d:53:77:d7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov 22 08:38:28 2024 GMT
            Not After : Nov 21 08:43:28 2025 GMT
        Subject: CN=7FCCA4F59E0A5F76C10B872E3AE2BDA652D4851F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ba:b5:b7:99:df:1e:65:3e:74:64:34:59:31:
                    44:16:9b:f1:7b:62:e0:09:13:74:c6:f6:d2:de:f6:
                    43:f1:82:2c:6d:c8:2a:c0:39:4a:e5:45:db:17:ec:
                    fd:02:d7:96:9f:f1:2e:5a:14:6c:a5:20:7a:e3:de:
                    b0:ba:4c:a0:f3:8d:b3:f6:86:d5:c6:6e:c1:26:de:
                    79:05:c3:54:75:0c:2b:8c:ee:1e:c7:df:53:92:43:
                    9d:09:05:20:88:59:b9:a9:4f:cb:da:37:af:61:02:
                    d4:b5:3c:52:3a:ea:fa:c2:ce:fa:d6:1c:4a:d0:a6:
                    18:dd:8c:ac:ff:76:74:19:74:0e:e2:cf:7c:02:78:
                    1d:67:aa:cb:a5:f6:ee:eb:96:0f:0f:76:56:d2:31:
                    1a:9a:b6:08:4d:74:06:0f:1e:48:cd:16:54:a4:e4:
                    3d:18:b7:19:b2:13:6d:39:e7:86:30:7a:ff:3e:0f:
                    10:f7:b1:86:d5:4c:30:9b:55:6f:f2:92:47:19:3a:
                    81:e8:e0:28:ae:ec:12:38:87:c4:58:f4:07:31:6d:
                    2a:c8:e2:63:cd:2b:c8:29:6e:63:e5:42:4b:ca:e0:
                    01:f6:8b:e1:d2:e0:f7:4b:dd:19:2b:4b:c4:29:02:
                    a9:0f:6f:22:1b:7b:c4:f4:3a:c5:53:5b:04:d0:b8:
                    0c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CC:A4:F5:9E:0A:5F:76:C1:0B:87:2E:3A:E2:BD:A6:52:D4:85:1F
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:37:a1:70:55:44:1d:bd:cd:d9:da:be:0e:fc:2e:9f:2b:be:
         d0:0c:4f:40:1b:ac:85:ef:25:4a:e8:35:82:fa:e5:a6:c6:ef:
         16:1a:06:17:7d:37:f3:f5:42:61:b6:88:3b:d8:b6:b4:66:c3:
         56:18:5e:50:b3:29:cb:db:10:5c:55:a4:21:4e:70:eb:3a:96:
         1a:bb:53:de:9b:ea:24:a9:5d:01:4f:8e:d9:36:d3:bd:02:f7:
         64:62:61:cd:95:57:33:82:21:8e:fb:7e:7b:6f:c8:e3:61:36:
         36:91:91:b2:7c:9b:82:b0:1a:ce:bb:7b:99:dc:ff:bd:a6:64:
         ab:20:79:b4:6a:3f:7a:de:17:b4:62:61:50:65:06:41:59:1e:
         0e:ae:41:7b:b6:b1:eb:6c:b0:13:e2:b5:e9:ad:a7:67:d7:59:
         68:a8:fd:fc:72:93:00:2e:54:d9:8d:46:ed:c5:fd:fa:60:62:
         12:3d:60:3f:10:25:36:63:78:45:50:3b:e3:ae:4d:85:4d:2b:
         7d:fb:24:8b:51:14:07:65:2c:7e:3e:89:1f:78:72:d5:fc:ca:
         c8:ae:60:86:30:60:84:45:ea:f8:3a:28:62:b0:21:ee:ff:2c:
         69:4f:37:e7:69:37:8b:58:50:f9:d7:cf:38:9a:fa:c9:53:6f:
         c2:df:85:3f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUILXTCkxi9Rf/FCIHwvQOnVN315MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDExMjIwODM4MjhaFw0yNTExMjEwODQzMjhaMDMxMTAvBgNV
BAMTKDdGQ0NBNEY1OUUwQTVGNzZDMTBCODcyRTNBRTJCREE2NTJENDg1MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7urW3md8eZT50ZDRZMUQWm/F7
YuAJE3TG9tLe9kPxgixtyCrAOUrlRdsX7P0C15af8S5aFGylIHrj3rC6TKDzjbP2
htXGbsEm3nkFw1R1DCuM7h7H31OSQ50JBSCIWbmpT8vaN69hAtS1PFI66vrCzvrW
HErQphjdjKz/dnQZdA7iz3wCeB1nqsul9u7rlg8PdlbSMRqatghNdAYPHkjNFlSk
5D0YtxmyE20554Ywev8+DxD3sYbVTDCbVW/ykkcZOoHo4Ciu7BI4h8RY9AcxbSrI
4mPNK8gpbmPlQkvK4AH2i+HS4PdL3RkrS8QpAqkPbyIbe8T0OsVTWwTQuAz9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf8yk9Z4KX3bBC4cuOuK9plLUhR8wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMzMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2jANBgkqhkiG9w0BAQsFAAOCAQEAizehcFVEHb3N2dq+Dvwunyu+0AxPQBushe8l
Sug1gvrlpsbvFhoGF3038/VCYbaIO9i2tGbDVhheULMpy9sQXFWkIU5w6zqWGrtT
3pvqJKldAU+O2TbTvQL3ZGJhzZVXM4Ihjvt+e2/I42E2NpGRsnybgrAazrt7mdz/
vaZkqyB5tGo/et4XtGJhUGUGQVkeDq5Be7ax62ywE+K16a2nZ9dZaKj9/HKTAC5U
2Y1G7cX9+mBiEj1gPxAlNmN4RVA7465NhU0rffski1EUB2Usfj6JH3hy1fzKyK5g
hjBghEXq+DooYrAh7v8saU8352k3i1hQ+dfPOJr6yVNvwt+FPw==
-----END CERTIFICATE-----