Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
File:                     34352e382e3231382e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          0RT+1Ncj8ztrtQO0HRJWya1Mx9msr6lyV+qXFIRL+ms=
Subject key identifier:   C6:3E:DC:E1:40:44:21:A9:DA:BF:88:C6:D9:E3:06:54:E8:0C:46:5F
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       017DA2A13D01029406E971CF7A588441C5C7A660
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
Signing time:             Fri 22 Dec 2023 08:05:08 +0000
ROA not before:           Fri 22 Dec 2023 08:00:08 +0000
ROA not after:            Fri 20 Dec 2024 08:05:08 +0000
asID:                     212384
IP address blocks:        45.8.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:7d:a2:a1:3d:01:02:94:06:e9:71:cf:7a:58:84:41:c5:c7:a6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Dec 22 08:00:08 2023 GMT
            Not After : Dec 20 08:05:08 2024 GMT
        Subject: CN=C63EDCE1404421A9DABF88C6D9E30654E80C465F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b5:7e:43:74:17:14:fb:bf:4a:cd:65:90:cd:
                    76:d4:6c:79:28:16:d1:0f:9a:76:b1:18:96:dc:be:
                    96:02:3e:5f:74:2b:4a:e1:f0:14:42:57:4d:f5:7d:
                    83:64:43:af:51:d1:3e:05:e3:1d:db:65:68:d0:c1:
                    9b:7a:7f:e0:c0:d0:e3:fd:cc:c0:02:8c:ff:93:d4:
                    b5:c2:c9:17:f9:61:22:37:84:e7:35:e3:05:65:99:
                    c0:60:2c:7a:43:c9:13:86:96:fb:d0:2d:c1:ca:28:
                    ec:a5:f7:f0:2a:13:16:5c:d4:b5:23:aa:89:5f:92:
                    f6:78:7e:7b:6d:1a:e5:91:a1:e4:52:cd:cc:c6:98:
                    7a:4b:d6:a7:ba:d1:af:b3:4e:ae:1a:b3:b1:2d:c4:
                    c7:bd:bb:bc:d6:87:45:c2:fa:10:0d:39:84:e0:7d:
                    82:c4:9b:91:0e:c9:61:7b:be:27:40:e4:8f:98:26:
                    94:23:f1:91:5f:17:81:72:ea:86:89:b6:80:db:9c:
                    b3:c5:67:fd:6b:4e:4a:14:e0:9a:2b:18:5a:8b:46:
                    92:ae:ba:42:44:f4:7c:6c:a7:25:96:ca:c8:3d:bd:
                    73:99:c7:a1:72:7c:05:a0:ab:26:71:fa:06:1e:7c:
                    8b:5c:30:16:75:4d:be:2a:e9:60:aa:83:3b:d6:f5:
                    7e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3E:DC:E1:40:44:21:A9:DA:BF:88:C6:D9:E3:06:54:E8:0C:46:5F
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a7:11:1d:6f:07:00:ca:53:2d:e9:4f:62:10:ce:7a:07:a1:
         fc:90:5f:37:57:8d:3a:d4:d1:54:6e:f1:b0:6c:39:6b:4d:31:
         34:f7:fe:97:14:e3:7c:09:ef:c6:f0:2d:6c:83:45:2f:0a:c4:
         85:1c:fc:fe:32:35:ac:36:0e:f4:9c:b9:07:c3:cb:84:6a:6d:
         e6:ce:c3:29:0a:6a:a9:ab:7c:39:ff:76:28:50:3b:c7:39:d5:
         ea:f1:e9:2c:d2:15:8b:b3:d3:d9:8d:84:78:ce:2f:2f:e5:6d:
         b0:8b:5c:bb:f7:a5:3c:99:4a:9e:4a:ce:77:29:b5:3d:a1:ee:
         b3:30:15:56:76:77:7c:85:dc:a4:fe:4d:ec:ec:3e:8d:b4:00:
         0f:34:94:a0:8d:3a:3b:c0:24:0c:fb:83:27:ff:6e:ac:11:33:
         2d:13:c4:28:e3:e0:e2:27:19:08:71:28:6b:b9:0b:5c:18:c9:
         7f:2b:37:d5:3e:ae:5b:29:b7:cb:ec:1f:c5:a4:b9:91:41:21:
         20:e7:2d:c2:b5:9b:74:e9:76:2d:95:e2:4e:a7:92:bc:1d:45:
         f5:62:84:8d:a2:93:ab:1c:b1:fe:0c:9c:7e:56:fb:06:41:47:
         fa:34:3e:4a:dc:9e:6a:28:8b:f4:8d:da:03:50:19:17:01:a3:
         86:2f:25:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAX2ioT0BApQG6XHPeliEQcXHpmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzEyMjIwODAwMDhaFw0yNDEyMjAwODA1MDhaMDMxMTAvBgNV
BAMTKEM2M0VEQ0UxNDA0NDIxQTlEQUJGODhDNkQ5RTMwNjU0RTgwQzQ2NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYtX5DdBcU+79KzWWQzXbUbHko
FtEPmnaxGJbcvpYCPl90K0rh8BRCV031fYNkQ69R0T4F4x3bZWjQwZt6f+DA0OP9
zMACjP+T1LXCyRf5YSI3hOc14wVlmcBgLHpDyROGlvvQLcHKKOyl9/AqExZc1LUj
qolfkvZ4fnttGuWRoeRSzczGmHpL1qe60a+zTq4as7EtxMe9u7zWh0XC+hANOYTg
fYLEm5EOyWF7vidA5I+YJpQj8ZFfF4Fy6oaJtoDbnLPFZ/1rTkoU4JorGFqLRpKu
ukJE9HxspyWWysg9vXOZx6FyfAWgqyZx+gYefItcMBZ1Tb4q6WCqgzvW9X4dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxj7c4UBEIanav4jG2eMGVOgMRl8wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMzMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2jANBgkqhkiG9w0BAQsFAAOCAQEAjKcRHW8HAMpTLelPYhDOegeh/JBfN1eNOtTR
VG7xsGw5a00xNPf+lxTjfAnvxvAtbINFLwrEhRz8/jI1rDYO9Jy5B8PLhGpt5s7D
KQpqqat8Of92KFA7xznV6vHpLNIVi7PT2Y2EeM4vL+VtsItcu/elPJlKnkrOdym1
PaHuszAVVnZ3fIXcpP5N7Ow+jbQADzSUoI06O8AkDPuDJ/9urBEzLRPEKOPg4icZ
CHEoa7kLXBjJfys31T6uWym3y+wfxaS5kUEhIOctwrWbdOl2LZXiTqeSvB1F9WKE
jaKTqxyx/gycflb7BkFH+jQ+StyeaiiL9I3aA1AZFwGjhi8l0Q==
-----END CERTIFICATE-----