Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa
File:                     34352e39352e3231342e302f32342d3234203d3e203434353437.roa (raw, json)
Hash identifier:          D708Awfnug4se1ovue6PBs92QQ5wyncVyei+IzTpPiY=
Subject key identifier:   69:06:35:8E:D6:C1:41:EE:16:A5:74:E7:57:8D:A1:10:7C:B1:E6:5B
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       54AC3E5026C857DEA82095DE8B2A872A9FA4B81E
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa
Signing time:             Tue 01 Aug 2023 12:19:34 +0000
ROA not before:           Tue 01 Aug 2023 12:14:34 +0000
ROA not after:            Tue 30 Jul 2024 12:19:34 +0000
asID:                     44547
IP address blocks:        45.95.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:ac:3e:50:26:c8:57:de:a8:20:95:de:8b:2a:87:2a:9f:a4:b8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Aug  1 12:14:34 2023 GMT
            Not After : Jul 30 12:19:34 2024 GMT
        Subject: CN=6906358ED6C141EE16A574E7578DA1107CB1E65B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:24:37:d4:34:49:ca:a6:48:cd:25:68:67:
                    05:64:9f:7b:cf:6f:d6:27:1f:11:73:3c:91:8d:4c:
                    2d:47:ce:58:65:01:c8:1d:10:4b:c3:b2:6a:0e:a0:
                    54:60:7a:ad:04:4a:c5:eb:73:9e:ee:0d:54:3d:0f:
                    7d:f5:1b:b3:5c:b3:68:8d:85:2d:14:05:7d:90:83:
                    38:c1:9b:d2:44:b4:b5:ff:5b:5c:a4:28:55:f7:1b:
                    25:ab:d9:ec:64:07:c8:ba:6b:46:19:dd:f0:8c:74:
                    62:96:cf:38:d2:42:41:51:b2:ad:82:51:9f:a0:50:
                    b0:a1:09:41:1f:3d:81:a1:cd:77:32:65:0b:ed:a9:
                    8c:0c:f3:50:8f:dc:e5:7e:f0:d9:06:6d:a6:86:6b:
                    1f:f7:92:86:30:28:11:c5:06:f5:04:e7:0f:12:5e:
                    79:e8:4b:bd:86:3c:4f:e0:58:54:89:61:07:f0:8c:
                    b4:cb:d9:e4:92:2b:67:8d:7e:46:c4:cb:07:b5:ba:
                    92:51:0d:27:1b:68:48:52:ce:fb:ea:bd:e2:17:2d:
                    c2:45:42:01:d6:1e:fe:aa:a9:32:4f:12:e4:cc:90:
                    37:de:57:64:03:11:59:84:05:f8:ab:7e:d0:f1:33:
                    fe:9e:09:ab:20:25:5e:17:5c:fc:1b:3a:2b:2d:21:
                    db:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:06:35:8E:D6:C1:41:EE:16:A5:74:E7:57:8D:A1:10:7C:B1:E6:5B
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e203434353437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:6d:7e:ea:a9:54:01:1e:f6:ab:27:9d:15:7f:19:b8:4f:77:
         fc:5b:26:d7:22:22:d5:70:b7:01:c7:ae:25:69:49:01:21:d5:
         85:60:0c:82:ed:c3:ac:34:af:01:05:6a:be:a8:27:73:38:47:
         29:a1:b1:05:b6:0b:00:ca:2f:67:1c:41:ac:5c:2a:47:ea:c8:
         19:8b:ec:bd:23:34:0b:49:d2:71:b8:16:5d:8a:9e:77:d6:e8:
         80:a8:83:c5:4a:58:5e:c1:68:88:a5:48:19:e2:c2:65:a0:5f:
         4a:c7:7b:1b:22:dc:fe:b6:c7:a0:7b:18:7c:ab:ad:58:cf:99:
         fd:25:ac:5a:6c:ce:c6:30:b3:29:22:07:2e:a3:0d:cf:b6:9d:
         44:98:62:e6:4d:d3:c1:e0:98:fc:0b:c1:c4:ac:c6:49:23:b4:
         13:86:4f:c2:1f:28:2e:e4:ec:2f:fb:13:9a:40:41:7f:a4:a2:
         b8:3c:2c:ae:b5:9a:7d:1c:cb:a9:30:82:5c:d3:8f:f5:c6:aa:
         50:0d:8f:74:3f:5f:83:a6:02:e6:39:10:81:26:30:dc:18:ce:
         72:60:36:4a:2b:4f:54:cf:af:8c:54:cc:85:1d:44:88:ce:ab:
         a6:89:24:9f:32:14:12:b8:41:0e:2b:9b:bd:c3:99:11:ef:09:
         b6:4e:24:51
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVKw+UCbIV96oIJXeiyqHKp+kuB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzA4MDExMjE0MzRaFw0yNDA3MzAxMjE5MzRaMDMxMTAvBgNV
BAMTKDY5MDYzNThFRDZDMTQxRUUxNkE1NzRFNzU3OERBMTEwN0NCMUU2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfFCQ31DRJyqZIzSVoZwVkn3vP
b9YnHxFzPJGNTC1HzlhlAcgdEEvDsmoOoFRgeq0ESsXrc57uDVQ9D331G7Ncs2iN
hS0UBX2QgzjBm9JEtLX/W1ykKFX3GyWr2exkB8i6a0YZ3fCMdGKWzzjSQkFRsq2C
UZ+gULChCUEfPYGhzXcyZQvtqYwM81CP3OV+8NkGbaaGax/3koYwKBHFBvUE5w8S
XnnoS72GPE/gWFSJYQfwjLTL2eSSK2eNfkbEywe1upJRDScbaEhSzvvqveIXLcJF
QgHWHv6qqTJPEuTMkDfeV2QDEVmEBfirftDxM/6eCasgJV4XXPwbOistIdvhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaQY1jtbBQe4WpXTnV42hEHyx5lswHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNDM1MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
1jANBgkqhkiG9w0BAQsFAAOCAQEAAm1+6qlUAR72qyedFX8ZuE93/Fsm1yIi1XC3
AceuJWlJASHVhWAMgu3DrDSvAQVqvqgnczhHKaGxBbYLAMovZxxBrFwqR+rIGYvs
vSM0C0nScbgWXYqed9bogKiDxUpYXsFoiKVIGeLCZaBfSsd7GyLc/rbHoHsYfKut
WM+Z/SWsWmzOxjCzKSIHLqMNz7adRJhi5k3TweCY/AvBxKzGSSO0E4ZPwh8oLuTs
L/sTmkBBf6SiuDwsrrWafRzLqTCCXNOP9caqUA2PdD9fg6YC5jkQgSYw3BjOcmA2
SitPVM+vjFTMhR1EiM6rpokknzIUErhBDiubvcOZEe8Jtk4kUQ==
-----END CERTIFICATE-----