Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e31362e3230382e302f32312d3231203d3e203432363839.roa
File:                     34362e31362e3230382e302f32312d3231203d3e203432363839.roa (raw, json)
Hash identifier:          S3da1xsXEOIWgPWi98Gc7OByN3m1FZNPmdtWkdO4JxU=
Subject key identifier:   9B:FF:4A:FD:6B:0C:44:AB:6F:80:F8:66:7E:59:BF:48:27:E0:90:AD
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       7C676C662AA1DA3669104C604513AE1691E052
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e31362e3230382e302f32312d3231203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:17:52 +0000
ROA not before:           Tue 19 Mar 2024 10:12:52 +0000
ROA not after:            Tue 18 Mar 2025 10:17:52 +0000
asID:                     42689
IP address blocks:        46.16.208.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:67:6c:66:2a:a1:da:36:69:10:4c:60:45:13:ae:16:91:e0:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:12:52 2024 GMT
            Not After : Mar 18 10:17:52 2025 GMT
        Subject: CN=9BFF4AFD6B0C44AB6F80F8667E59BF4827E090AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0a:5c:08:1d:42:21:78:23:98:20:90:6e:98:
                    a4:af:d2:09:b1:c0:96:32:8a:9e:6d:8f:36:8e:2b:
                    a9:c2:2b:49:ac:c4:6f:0c:76:4f:1a:2c:d0:66:57:
                    bf:07:2b:cb:53:df:05:f3:93:5c:93:be:0e:45:16:
                    df:df:5e:e2:25:ad:ac:ae:cc:82:d7:32:ba:87:b6:
                    61:bd:03:5d:d5:fc:70:e2:64:f9:bb:9d:60:ea:50:
                    af:bc:9b:73:d8:86:8d:42:2d:e9:a9:8e:39:87:2c:
                    c9:57:46:aa:94:58:25:15:fe:0a:dd:ed:f3:bb:bc:
                    6f:f9:9c:3c:dd:92:dc:61:f4:27:6f:d9:cf:52:17:
                    84:c0:09:bc:57:e1:66:f7:65:ba:49:db:fd:92:d2:
                    0f:a9:d4:40:a0:9d:71:5b:7e:fa:5d:c0:bf:46:69:
                    a9:67:c6:05:c1:75:cc:0f:60:db:2b:cc:dd:44:4d:
                    06:07:73:f4:d3:30:20:ec:60:8f:7b:c7:f0:9f:3d:
                    78:6f:17:f2:f0:85:3e:92:b0:ac:78:26:23:94:4e:
                    f5:95:83:01:c3:19:db:a5:66:4f:b1:fe:31:ac:1e:
                    d3:45:50:52:72:3a:1f:7e:00:da:5b:e3:f9:7f:0f:
                    79:cd:e8:2b:73:00:5c:33:f7:70:24:e9:38:61:a5:
                    63:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FF:4A:FD:6B:0C:44:AB:6F:80:F8:66:7E:59:BF:48:27:E0:90:AD
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e31362e3230382e302f32312d3231203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8f:ca:a7:5e:d4:f6:13:29:b9:07:40:04:ac:22:bd:d5:4f:59:
         45:66:6c:e8:72:7e:c0:42:5d:82:c5:19:2e:ec:7e:c5:0d:be:
         6a:59:f3:18:7e:e2:9f:04:3f:57:a1:27:3c:57:ea:eb:f0:98:
         87:56:56:45:d7:4e:91:35:ef:4b:14:e8:31:26:6a:8b:38:f3:
         0a:84:97:ac:55:03:0f:d9:31:50:a3:8f:a2:09:35:20:fc:e1:
         05:57:db:42:a3:ad:5a:0b:46:ac:74:fd:54:c1:c8:1f:e0:c3:
         cb:f1:da:ef:f3:80:50:1b:7b:00:de:e0:24:bf:0c:1e:77:9a:
         bc:5e:49:81:40:a9:70:29:3a:cb:27:fd:dc:2a:f2:8d:a9:e6:
         19:a2:03:87:d0:62:75:47:6a:0c:8b:60:da:49:71:35:d4:33:
         e5:75:ee:80:f6:8c:10:72:66:77:d4:79:aa:10:0c:46:fe:45:
         f6:ce:0f:61:8a:06:1f:c0:a0:b5:00:f5:02:23:3a:56:a9:dd:
         cc:f7:2f:69:17:27:e6:d0:27:ad:93:0f:54:99:9d:e5:8c:34:
         69:ef:e2:d0:0c:09:13:3a:72:7d:9e:2f:0b:04:b6:7a:55:bb:
         a0:99:60:bd:68:78:09:f1:f8:c7:fc:93:c1:ee:4f:4c:3e:b7:
         9b:fc:ce:c9
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgITfGdsZiqh2jZpEExgRROuFpHgUjANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg3MzVkOTM3MDZjYmY0Njg4Y2U3ZDYwZmMwZWQ2OTNkNGNj
NGE5MzI2MB4XDTI0MDMxOTEwMTI1MloXDTI1MDMxODEwMTc1MlowMzExMC8GA1UE
AxMoOUJGRjRBRkQ2QjBDNDRBQjZGODBGODY2N0U1OUJGNDgyN0UwOTBBRDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoKXAgdQiF4I5ggkG6YpK/SCbHA
ljKKnm2PNo4rqcIrSazEbwx2Txos0GZXvwcry1PfBfOTXJO+DkUW399e4iWtrK7M
gtcyuoe2Yb0DXdX8cOJk+budYOpQr7ybc9iGjUIt6amOOYcsyVdGqpRYJRX+Ct3t
87u8b/mcPN2S3GH0J2/Zz1IXhMAJvFfhZvdluknb/ZLSD6nUQKCdcVt++l3Av0Zp
qWfGBcF1zA9g2yvM3URNBgdz9NMwIOxgj3vH8J89eG8X8vCFPpKwrHgmI5RO9ZWD
AcMZ26VmT7H+Mawe00VQUnI6H34A2lvj+X8Pec3oK3MAXDP3cCTpOGGlY08CAwEA
AaOCAjswggI3MB0GA1UdDgQWBBSb/0r9awxEq2+A+GZ+Wb9IJ+CQrTAfBgNVHSME
GDAWgBRzXZNwbL9GiM59YPwO1pPUzEqTJjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS8yZTZkYTVjNy02NzBhLTQxYjEtOTZlYi0zODk5Mzg4YjI5
MmMvMC83MzVEOTM3MDZDQkY0Njg4Q0U3RDYwRkMwRUQ2OTNENENDNEE5MzI2LmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEyVGNHeV9Sb2pPZldEOER0YVQxTXhL
a3lZLmNlcjCBqwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8yZTZkYTVjNy02
NzBhLTQxYjEtOTZlYi0zODk5Mzg4YjI5MmMvMC8zNDM2MmUzMTM2MmUzMjMwMzgy
ZTMwMmYzMjMxMmQzMjMxMjAzZDNlMjAzNDMyMzYzODM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhDQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCPyqde1PYTKbkHQASsIr3VT1lFZmzocn7AQl2C
xRku7H7FDb5qWfMYfuKfBD9XoSc8V+rr8JiHVlZF106RNe9LFOgxJmqLOPMKhJes
VQMP2TFQo4+iCTUg/OEFV9tCo61aC0asdP1Uwcgf4MPL8drv84BQG3sA3uAkvwwe
d5q8XkmBQKlwKTrLJ/3cKvKNqeYZogOH0GJ1R2oMi2DaSXE11DPlde6A9owQcmZ3
1HmqEAxG/kX2zg9higYfwKC1APUCIzpWqd3M9y9pFyfm0Cetkw9UmZ3ljDRp7+LQ
DAkTOnJ9ni8LBLZ6VbugmWC9aHgJ8fjH/JPB7k9MPreb/M7J
-----END CERTIFICATE-----