Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa
File:                     34352e39352e3231342e302f32342d3234203d3e203434353437.roa (raw, json)
Hash identifier:          Sd3ATX2JXuJGwYyTznY75JAJsfCeqEXX3vuSL4tLhwo=
Subject key identifier:   62:A6:9A:64:F8:4A:EF:8D:DE:09:8C:9F:B3:25:6B:80:E6:24:AC:5E
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       4AEE6135BBE7FCBA08A8912E4DF97CF4B2370DC1
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa
Signing time:             Tue 02 Jul 2024 13:05:18 +0000
ROA not before:           Tue 02 Jul 2024 13:00:18 +0000
ROA not after:            Tue 01 Jul 2025 13:05:18 +0000
asID:                     44547
IP address blocks:        45.95.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ee:61:35:bb:e7:fc:ba:08:a8:91:2e:4d:f9:7c:f4:b2:37:0d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jul  2 13:00:18 2024 GMT
            Not After : Jul  1 13:05:18 2025 GMT
        Subject: CN=62A69A64F84AEF8DDE098C9FB3256B80E624AC5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:97:2b:18:8d:a3:02:67:1e:ca:02:87:64:f0:
                    ea:01:be:72:48:58:ed:c2:a7:63:33:1d:c8:85:b0:
                    1e:e6:54:4e:77:b9:c2:81:85:75:f3:e9:ac:2c:89:
                    0e:13:d4:19:54:8e:9e:19:b8:0d:70:e5:91:26:bf:
                    d5:58:6c:67:f7:03:30:df:b4:5c:e0:fa:19:37:0f:
                    73:60:14:ad:d7:d0:3d:e0:93:6a:2f:9d:b0:c6:5f:
                    a8:2e:14:2f:87:af:ce:5b:28:76:ec:94:63:66:24:
                    35:01:48:d0:3c:f2:cc:31:dc:14:4d:ca:de:da:05:
                    ac:90:0e:eb:ff:da:e8:ca:a3:5b:34:0c:2b:d7:f7:
                    b8:87:cf:2c:39:14:83:c5:6d:74:54:e3:f3:8d:80:
                    de:35:16:26:aa:0a:e2:dc:8b:6e:85:c7:ac:07:91:
                    17:b2:61:14:31:e2:78:88:19:c5:cf:ea:a2:5d:17:
                    89:16:dc:87:86:d5:b8:4a:7d:85:a9:38:5c:13:1c:
                    36:a7:29:21:0b:b0:32:db:03:c2:82:61:6e:79:18:
                    ba:a5:c4:ea:b2:e1:75:39:3d:c0:e6:71:30:7e:9b:
                    a8:a6:b0:a3:ef:3f:1d:bf:84:20:7d:52:51:a1:09:
                    89:cd:fe:5c:c0:11:eb:fb:f4:97:09:cd:e7:75:d6:
                    d5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A6:9A:64:F8:4A:EF:8D:DE:09:8C:9F:B3:25:6B:80:E6:24:AC:5E
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:df:90:8b:81:3b:56:14:7b:4f:69:b4:05:8c:94:b1:64:2a:
         27:68:62:3c:f6:56:52:8c:33:38:76:72:23:98:0f:de:84:44:
         07:3a:1d:12:e0:5d:96:a2:df:a2:16:af:a6:01:cd:bf:bb:44:
         99:5a:5b:4f:15:6c:a5:db:34:c3:b8:bb:34:da:e5:6f:b8:14:
         29:74:ca:5e:d6:4f:89:00:08:7e:88:e8:dc:8e:a9:a5:7e:7d:
         e6:26:66:06:2a:6c:1a:45:63:46:c0:0b:0d:03:e6:bd:a6:36:
         d1:78:38:90:0e:99:d7:e0:d5:f8:28:5d:d1:38:a1:a4:f9:7a:
         f9:88:ff:13:66:c1:8d:45:cd:f9:ac:b2:c6:2b:5f:b4:2a:99:
         fd:30:dc:e7:52:4a:83:8a:69:83:d3:ee:be:2d:85:89:b1:46:
         fe:24:4c:8e:be:19:81:4d:ca:39:15:54:ef:c3:af:2d:97:56:
         28:75:b4:0c:1e:1f:ec:cb:30:cb:e2:6c:93:8b:82:52:70:72:
         86:4f:b9:be:b1:09:4e:99:af:82:72:8f:c0:47:12:d6:4e:e3:
         4a:0f:f1:2f:53:91:a2:cb:a3:a1:47:00:09:f9:66:13:e9:35:
         a9:e2:4c:45:cc:4f:46:f4:1c:63:02:f7:ce:e1:48:47:ad:9d:
         bd:db:ec:d3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSu5hNbvn/LoIqJEuTfl89LI3DcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA3MDIxMzAwMThaFw0yNTA3MDExMzA1MThaMDMxMTAvBgNV
BAMTKDYyQTY5QTY0Rjg0QUVGOERERTA5OEM5RkIzMjU2QjgwRTYyNEFDNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPlysYjaMCZx7KAodk8OoBvnJI
WO3Cp2MzHciFsB7mVE53ucKBhXXz6awsiQ4T1BlUjp4ZuA1w5ZEmv9VYbGf3AzDf
tFzg+hk3D3NgFK3X0D3gk2ovnbDGX6guFC+Hr85bKHbslGNmJDUBSNA88swx3BRN
yt7aBayQDuv/2ujKo1s0DCvX97iHzyw5FIPFbXRU4/ONgN41FiaqCuLci26Fx6wH
kReyYRQx4niIGcXP6qJdF4kW3IeG1bhKfYWpOFwTHDanKSELsDLbA8KCYW55GLql
xOqy4XU5PcDmcTB+m6imsKPvPx2/hCB9UlGhCYnN/lzAEev79JcJzed11tWbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYqaaZPhK743eCYyfsyVrgOYkrF4wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNDM1MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
1jANBgkqhkiG9w0BAQsFAAOCAQEAwd+Qi4E7VhR7T2m0BYyUsWQqJ2hiPPZWUowz
OHZyI5gP3oREBzodEuBdlqLfohavpgHNv7tEmVpbTxVspds0w7i7NNrlb7gUKXTK
XtZPiQAIfojo3I6ppX595iZmBipsGkVjRsALDQPmvaY20Xg4kA6Z1+DV+Chd0Tih
pPl6+Yj/E2bBjUXN+ayyxitftCqZ/TDc51JKg4ppg9Puvi2FibFG/iRMjr4ZgU3K
ORVU78OvLZdWKHW0DB4f7Mswy+Jsk4uCUnByhk+5vrEJTpmvgnKPwEcS1k7jSg/x
L1ORosujoUcACflmE+k1qeJMRcxPRvQcYwL3zuFIR62dvdvs0w==
-----END CERTIFICATE-----