Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f31392d3139203d3e203432363839.roa
File:                     34362e33332e302e302f31392d3139203d3e203432363839.roa (raw, json)
Hash identifier:          mPCIaEXqJFgOcCogJQg1aEBjnXDjTFmNJL0qyJkE9dQ=
Subject key identifier:   79:6B:57:8C:10:D5:98:27:CE:D6:41:AA:56:4D:FA:66:03:78:57:3B
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       62EE4AA76136AF50DEB799EB103FF17A403517E4
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f31392d3139203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:18:23 +0000
ROA not before:           Tue 19 Mar 2024 10:13:23 +0000
ROA not after:            Tue 18 Mar 2025 10:18:23 +0000
asID:                     42689
IP address blocks:        46.33.0.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 17:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:ee:4a:a7:61:36:af:50:de:b7:99:eb:10:3f:f1:7a:40:35:17:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:13:23 2024 GMT
            Not After : Mar 18 10:18:23 2025 GMT
        Subject: CN=796B578C10D59827CED641AA564DFA660378573B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:79:37:26:0b:de:f6:69:7f:bc:89:d3:bc:5e:
                    b8:09:6a:70:29:fa:80:b7:06:27:7b:55:57:e3:05:
                    ac:78:ad:81:c8:cd:d3:c8:83:71:9f:cc:ca:04:c3:
                    17:e9:92:c7:6f:42:58:54:de:a2:21:85:8c:00:e8:
                    de:cd:22:16:4f:60:3b:bb:03:cf:b8:de:13:2f:75:
                    8c:5b:f5:de:67:83:6b:55:ad:8a:35:09:1d:41:0a:
                    5c:e1:58:4c:fb:d5:f8:68:49:86:b3:b6:3b:58:44:
                    d9:b3:44:f6:a5:69:42:ea:b2:05:48:f2:28:63:f5:
                    fd:78:e5:51:84:71:2c:db:79:16:22:ba:52:ad:b9:
                    2e:7a:9b:55:30:64:3e:4f:18:75:21:21:4b:33:eb:
                    c2:6e:d8:2b:09:42:48:11:4e:25:8e:83:34:db:e4:
                    44:e2:32:bc:80:26:ff:0f:7f:e6:46:92:d5:a6:b6:
                    56:53:6c:db:20:cc:e7:12:6f:e2:db:74:f2:9d:08:
                    83:cc:b8:a8:36:e7:42:32:5e:b8:de:ae:6f:92:da:
                    b2:e4:43:df:62:22:cf:59:09:2c:4a:28:3e:a0:c9:
                    bb:e5:bb:c3:0c:39:08:47:c8:a4:b2:89:01:73:ad:
                    7c:6d:bf:e8:ba:7a:8a:6c:da:a1:28:01:82:75:ff:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6B:57:8C:10:D5:98:27:CE:D6:41:AA:56:4D:FA:66:03:78:57:3B
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f31392d3139203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         40:e7:38:eb:61:87:6e:73:f9:ff:95:c9:bc:d2:2a:d4:14:27:
         34:0d:9a:9c:05:54:d9:32:8b:50:9e:7b:da:b3:59:2f:4d:c8:
         be:72:ae:c3:96:4a:92:6b:3c:eb:c6:03:ae:c1:1d:52:98:4a:
         df:e9:ed:49:ba:08:34:4e:01:33:c2:2c:6a:49:a8:d3:dd:64:
         cb:a1:c0:e1:18:10:06:c6:4a:34:c4:6a:e1:22:93:66:c7:4b:
         8a:ed:a0:f2:f4:87:5c:37:44:a9:28:ba:c3:de:a8:0b:15:46:
         48:f0:44:cf:89:20:6d:19:30:c4:1d:d9:b2:24:ef:dc:cd:de:
         e9:4f:1b:70:cb:63:da:d6:d9:cc:84:3e:57:cd:d2:f1:1c:a8:
         03:0f:75:6a:25:1c:c0:01:ca:0c:41:c0:cb:2f:08:e5:0d:31:
         46:51:18:a5:44:0c:1c:d2:11:21:ab:f1:a3:b8:e1:ad:2f:d0:
         da:e9:20:a1:3e:43:2b:1e:2d:62:0f:e1:c3:cc:52:d9:c6:ea:
         52:c9:1d:50:90:aa:3b:5b:8c:99:3a:98:9c:ef:71:07:04:b8:
         72:21:17:7c:d9:ae:03:eb:5e:7d:ad:72:e8:c3:19:69:ca:0d:
         a1:d3:31:2c:47:d4:de:27:23:a1:c7:dc:f1:28:40:ea:b7:8b:
         20:20:8e:6b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYu5Kp2E2r1Det5nrED/xekA1F+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDEzMjNaFw0yNTAzMTgxMDE4MjNaMDMxMTAvBgNV
BAMTKDc5NkI1NzhDMTBENTk4MjdDRUQ2NDFBQTU2NERGQTY2MDM3ODU3M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqeTcmC972aX+8idO8XrgJanAp
+oC3Bid7VVfjBax4rYHIzdPIg3GfzMoEwxfpksdvQlhU3qIhhYwA6N7NIhZPYDu7
A8+43hMvdYxb9d5ng2tVrYo1CR1BClzhWEz71fhoSYaztjtYRNmzRPalaULqsgVI
8ihj9f145VGEcSzbeRYiulKtuS56m1UwZD5PGHUhIUsz68Ju2CsJQkgRTiWOgzTb
5ETiMryAJv8Pf+ZGktWmtlZTbNsgzOcSb+LbdPKdCIPMuKg250IyXrjerm+S2rLk
Q99iIs9ZCSxKKD6gybvlu8MMOQhHyKSyiQFzrXxtv+i6eops2qEoAYJ1/7TLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUeWtXjBDVmCfO1kGqVk36ZgN4VzswHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzQzNjJlMzMzMzJlMzAyZTMw
MmYzMTM5MmQzMTM5MjAzZDNlMjAzNDMyMzYzODM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFLiEAMA0G
CSqGSIb3DQEBCwUAA4IBAQBA5zjrYYduc/n/lcm80irUFCc0DZqcBVTZMotQnnva
s1kvTci+cq7DlkqSazzrxgOuwR1SmErf6e1Jugg0TgEzwixqSajT3WTLocDhGBAG
xko0xGrhIpNmx0uK7aDy9IdcN0SpKLrD3qgLFUZI8ETPiSBtGTDEHdmyJO/czd7p
Txtwy2Pa1tnMhD5XzdLxHKgDD3VqJRzAAcoMQcDLLwjlDTFGURilRAwc0hEhq/Gj
uOGtL9Da6SChPkMrHi1iD+HDzFLZxupSyR1QkKo7W4yZOpic73EHBLhyIRd82a4D
6159rXLowxlpyg2h0zEsR9TeJyOhx9zxKEDqt4sgII5r
-----END CERTIFICATE-----