Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f32312d3231203d3e203432363839.roa
File:                     34362e33332e302e302f32312d3231203d3e203432363839.roa (raw, json)
Hash identifier:          7k6RmxD5rlKP7E0gh0AO5h6H8aJhRZNo0uHrApe9vl4=
Subject key identifier:   63:50:FF:90:83:C1:63:58:71:FC:71:C8:B2:3A:8F:A0:5A:05:E1:55
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       18FB46B772A77B959BCEE7B2A5015B06EAEEC300
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f32312d3231203d3e203432363839.roa
Signing time:             Thu 07 Nov 2024 10:50:26 +0000
ROA not before:           Thu 07 Nov 2024 10:45:26 +0000
ROA not after:            Thu 06 Nov 2025 10:50:26 +0000
asID:                     42689
IP address blocks:        46.33.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:fb:46:b7:72:a7:7b:95:9b:ce:e7:b2:a5:01:5b:06:ea:ee:c3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Nov  7 10:45:26 2024 GMT
            Not After : Nov  6 10:50:26 2025 GMT
        Subject: CN=6350FF9083C1635871FC71C8B23A8FA05A05E155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:26:f4:70:23:a2:b1:c1:07:d1:d6:e8:04:78:
                    f6:24:98:f3:14:d4:c6:9c:27:7e:9c:3e:21:00:99:
                    36:ab:7d:42:c4:e0:a3:30:61:36:e3:56:22:3c:f3:
                    82:97:60:e7:04:35:d6:59:a9:7c:17:7e:20:90:c4:
                    dd:37:43:b6:d4:97:f4:93:ef:ef:fb:26:c8:c9:57:
                    d4:2b:8a:f4:89:f7:5e:32:78:5e:f2:2b:90:ca:d6:
                    4e:bb:56:54:e4:63:b3:2e:bc:3f:fc:5e:de:29:d2:
                    5d:7a:11:71:83:93:20:1a:19:66:ff:2e:51:7c:ca:
                    01:ba:0e:cd:6d:42:70:85:c8:a0:b0:76:0f:0c:8d:
                    bf:bb:a1:46:86:c3:c3:62:81:9f:b7:ea:b3:45:77:
                    d3:3a:2a:9c:c0:45:06:65:5e:ec:86:57:ff:e9:e2:
                    bb:ab:6f:58:22:0f:cc:36:50:83:75:07:1c:50:ce:
                    52:30:25:a8:2a:9b:cd:ed:de:fb:68:96:50:2e:a6:
                    b0:6f:a5:01:f6:3b:ca:82:5d:9c:10:07:b6:4a:c4:
                    f1:67:fe:39:d4:71:0b:67:42:a6:0a:9a:f7:fc:d6:
                    d2:82:21:44:1b:39:83:f4:8b:20:05:5e:d1:63:0f:
                    0e:f9:15:39:d2:38:40:73:e6:c9:ef:e0:3c:8a:ce:
                    19:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:50:FF:90:83:C1:63:58:71:FC:71:C8:B2:3A:8F:A0:5A:05:E1:55
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e302e302f32312d3231203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a3:b4:66:8f:2b:89:0b:9a:8e:5a:a1:33:1d:e7:71:34:ce:05:
         8f:5a:fa:6e:ba:39:fc:6f:79:bd:aa:b2:ec:54:26:6f:c7:90:
         47:ab:4f:59:61:a2:8c:ee:fe:89:a5:f0:b7:c9:a5:c3:55:e4:
         99:b0:c1:24:f2:53:15:ee:4e:39:d2:13:c3:74:c5:77:ba:79:
         37:d0:04:58:70:24:42:4c:d8:2a:3e:12:80:58:cf:86:e1:47:
         1e:ab:9b:25:0e:b0:9d:ca:c0:25:44:b9:d5:f1:e3:05:b0:da:
         49:bf:5e:57:ee:fe:08:b6:43:82:f4:64:f8:5a:e7:73:f3:88:
         2f:14:e0:a9:37:d9:c7:14:70:4a:9d:9b:ab:f7:e9:63:b0:00:
         0a:68:bb:d5:fd:d6:dd:bd:64:17:1a:0d:fa:f3:01:bd:56:2e:
         b4:a1:e2:95:e4:20:a6:cc:ae:2a:1f:e1:6d:24:35:c6:ed:03:
         04:27:05:2a:52:cd:ae:56:98:52:76:3a:93:9f:58:4c:78:3b:
         f1:3f:f7:23:e5:09:98:c7:df:a8:78:03:15:60:54:2e:a5:4d:
         b7:ce:84:44:3e:60:cc:13:ae:e8:87:fe:07:8f:a4:5c:1d:ac:
         d4:87:b6:dd:6a:b8:02:4d:53:24:bb:86:19:3b:b4:3c:65:22:
         ae:63:6a:43
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGPtGt3Kne5WbzueypQFbBuruwwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDExMDcxMDQ1MjZaFw0yNTExMDYxMDUwMjZaMDMxMTAvBgNV
BAMTKDYzNTBGRjkwODNDMTYzNTg3MUZDNzFDOEIyM0E4RkEwNUEwNUUxNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClJvRwI6KxwQfR1ugEePYkmPMU
1MacJ36cPiEAmTarfULE4KMwYTbjViI884KXYOcENdZZqXwXfiCQxN03Q7bUl/ST
7+/7JsjJV9QrivSJ914yeF7yK5DK1k67VlTkY7MuvD/8Xt4p0l16EXGDkyAaGWb/
LlF8ygG6Ds1tQnCFyKCwdg8Mjb+7oUaGw8NigZ+36rNFd9M6KpzARQZlXuyGV//p
4rurb1giD8w2UIN1BxxQzlIwJagqm83t3vtollAuprBvpQH2O8qCXZwQB7ZKxPFn
/jnUcQtnQqYKmvf81tKCIUQbOYP0iyAFXtFjDw75FTnSOEBz5snv4DyKzhkZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUY1D/kIPBY1hx/HHIsjqPoFoF4VUwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzQzNjJlMzMzMzJlMzAyZTMw
MmYzMjMxMmQzMjMxMjAzZDNlMjAzNDMyMzYzODM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLiEAMA0G
CSqGSIb3DQEBCwUAA4IBAQCjtGaPK4kLmo5aoTMd53E0zgWPWvpuujn8b3m9qrLs
VCZvx5BHq09ZYaKM7v6JpfC3yaXDVeSZsMEk8lMV7k450hPDdMV3unk30ARYcCRC
TNgqPhKAWM+G4Uceq5slDrCdysAlRLnV8eMFsNpJv15X7v4ItkOC9GT4Wudz84gv
FOCpN9nHFHBKnZur9+ljsAAKaLvV/dbdvWQXGg368wG9Vi60oeKV5CCmzK4qH+Ft
JDXG7QMEJwUqUs2uVphSdjqTn1hMeDvxP/cj5QmYx9+oeAMVYFQupU23zoREPmDM
E67oh/4Hj6RcHazUh7bdargCTVMku4YZO7Q8ZSKuY2pD
-----END CERTIFICATE-----