Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa
File:                     34352e382e3231392e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          0tQfil3TCFdk5LEcr0D0xtOoBgJdLwmHivVySWFI/b8=
Subject key identifier:   B4:C3:2F:4F:76:44:F0:C2:FC:F1:E4:4C:12:0D:75:08:E1:2D:40:D3
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       2E2E2734D1F71C05A569542BA089D14191ED8F2E
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa
Signing time:             Wed 16 Oct 2024 10:43:25 +0000
ROA not before:           Wed 16 Oct 2024 10:38:25 +0000
ROA not after:            Wed 15 Oct 2025 10:43:25 +0000
asID:                     9009
IP address blocks:        45.8.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:2e:27:34:d1:f7:1c:05:a5:69:54:2b:a0:89:d1:41:91:ed:8f:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Oct 16 10:38:25 2024 GMT
            Not After : Oct 15 10:43:25 2025 GMT
        Subject: CN=B4C32F4F7644F0C2FCF1E44C120D7508E12D40D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:14:79:cd:d9:27:75:75:f1:ea:c3:3f:d8:85:
                    16:8c:73:05:f3:4a:1f:4a:a1:da:e1:64:c9:23:4e:
                    ad:10:49:c1:82:59:d1:37:0e:b7:35:ff:70:01:d4:
                    14:f2:53:8a:a8:29:18:f4:d5:14:ab:53:b5:d6:d9:
                    13:f3:ad:7f:2d:b1:58:cf:f5:ac:45:2e:41:82:35:
                    7b:01:00:f5:ee:a0:5a:af:35:54:ff:50:7f:4c:f8:
                    32:30:5a:62:94:52:e8:30:eb:81:7f:81:77:e5:bb:
                    a9:3d:62:91:c9:8e:5c:c3:79:e6:06:58:a7:df:63:
                    90:07:4a:7b:c8:ad:57:e9:cb:5c:61:c8:9a:85:ac:
                    37:6e:a5:db:1f:cc:a5:a5:54:1d:aa:d6:e5:20:59:
                    e9:2a:0b:07:aa:bd:ae:43:9e:3b:97:de:dd:4f:92:
                    6d:b0:35:e7:5c:d3:06:e3:9b:82:33:8b:6d:0e:dd:
                    ab:b3:84:47:5d:54:99:0f:b7:96:69:23:6a:c0:04:
                    68:29:33:29:8c:fe:d9:91:63:77:95:9a:4b:f3:37:
                    34:2c:2d:07:6c:9c:c6:4f:40:45:5e:c1:d2:8a:ba:
                    7d:e7:6a:eb:28:17:25:b7:2d:5c:b1:df:21:8e:3a:
                    84:d7:2e:80:dc:e2:5b:01:55:3f:d6:26:06:ea:90:
                    44:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C3:2F:4F:76:44:F0:C2:FC:F1:E4:4C:12:0D:75:08:E1:2D:40:D3
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231392e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:c1:f6:e0:84:2c:e0:10:83:6c:8c:0e:f5:a2:7a:bf:8d:fa:
         b5:73:c7:15:bb:0d:36:de:7d:f8:b8:71:fc:2c:d5:34:97:3c:
         8a:80:e3:d5:a7:e6:28:fb:21:42:09:8a:e7:66:01:95:d8:16:
         43:e5:74:59:3b:ce:ac:ad:cc:68:18:30:2c:87:5d:97:8b:a8:
         32:76:b6:25:e7:38:8a:c0:87:93:9f:12:a2:c6:52:af:f5:d8:
         0e:e0:e2:05:22:02:fb:bf:45:2d:f5:84:7f:51:86:62:ef:75:
         15:73:06:17:9b:80:2f:6b:8c:6f:b0:9c:cb:b3:fd:4a:e3:80:
         6a:b4:8a:95:29:17:c6:ed:3f:84:3b:f8:1a:b8:0e:7d:7d:3b:
         33:ae:90:80:7a:38:4f:2a:fb:eb:88:56:cd:c2:e0:02:f1:07:
         17:ec:9e:77:8d:79:18:67:de:e1:c3:63:78:41:42:bd:61:db:
         2d:75:da:93:5d:d1:75:a7:56:67:9a:8e:a9:06:61:f3:34:00:
         af:5b:3d:de:8e:12:09:2a:8c:a7:67:50:ba:d8:43:7a:b6:48:
         ae:c8:86:7e:fd:a8:4e:8f:0c:1e:00:ea:dd:5a:63:ae:cc:a1:
         c4:9b:06:78:86:93:e7:b3:93:e6:26:3a:a8:90:13:b4:1c:de:
         61:0d:ca:cf
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULi4nNNH3HAWlaVQroInRQZHtjy4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDEwMTYxMDM4MjVaFw0yNTEwMTUxMDQzMjVaMDMxMTAvBgNV
BAMTKEI0QzMyRjRGNzY0NEYwQzJGQ0YxRTQ0QzEyMEQ3NTA4RTEyRDQwRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiFHnN2Sd1dfHqwz/YhRaMcwXz
Sh9KodrhZMkjTq0QScGCWdE3Drc1/3AB1BTyU4qoKRj01RSrU7XW2RPzrX8tsVjP
9axFLkGCNXsBAPXuoFqvNVT/UH9M+DIwWmKUUugw64F/gXflu6k9YpHJjlzDeeYG
WKffY5AHSnvIrVfpy1xhyJqFrDdupdsfzKWlVB2q1uUgWekqCweqva5DnjuX3t1P
km2wNedc0wbjm4Izi20O3auzhEddVJkPt5ZpI2rABGgpMymM/tmRY3eVmkvzNzQs
LQdsnMZPQEVewdKKun3nausoFyW3LVyx3yGOOoTXLoDc4lsBVT/WJgbqkETDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtMMvT3ZE8ML88eRMEg11COEtQNMwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzAzMDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjbMA0G
CSqGSIb3DQEBCwUAA4IBAQDBwfbghCzgEINsjA71onq/jfq1c8cVuw023n34uHH8
LNU0lzyKgOPVp+Yo+yFCCYrnZgGV2BZD5XRZO86srcxoGDAsh12Xi6gydrYl5ziK
wIeTnxKixlKv9dgO4OIFIgL7v0Ut9YR/UYZi73UVcwYXm4Ava4xvsJzLs/1K44Bq
tIqVKRfG7T+EO/gauA59fTszrpCAejhPKvvriFbNwuAC8QcX7J53jXkYZ97hw2N4
QUK9YdstddqTXdF1p1Znmo6pBmHzNACvWz3ejhIJKoynZ1C62EN6tkiuyIZ+/ahO
jwweAOrdWmOuzKHEmwZ4hpPns5PmJjqokBO0HN5hDcrP
-----END CERTIFICATE-----