Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e31382e302f32332d3233203d3e203432363839.roa
File:                     34362e33332e31382e302f32332d3233203d3e203432363839.roa (raw, json)
Hash identifier:          JK2RnzQ5HRFgu2DnTMVhf3kPiRv0/ef7L9GQ/nQS5ck=
Subject key identifier:   1B:B3:8F:D3:9E:70:64:77:47:4B:12:19:D5:93:40:05:F2:01:40:AE
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       56A9662CD0523D2E5F84711311D054FA1D9151
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e31382e302f32332d3233203d3e203432363839.roa
Signing time:             Thu 07 Nov 2024 10:51:10 +0000
ROA not before:           Thu 07 Nov 2024 10:46:10 +0000
ROA not after:            Thu 06 Nov 2025 10:51:10 +0000
asID:                     42689
IP address blocks:        46.33.18.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:a9:66:2c:d0:52:3d:2e:5f:84:71:13:11:d0:54:fa:1d:91:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Nov  7 10:46:10 2024 GMT
            Not After : Nov  6 10:51:10 2025 GMT
        Subject: CN=1BB38FD39E706477474B1219D5934005F20140AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:77:ee:97:1e:bc:d1:c4:92:ee:05:52:52:02:
                    05:ed:08:cc:67:33:a5:d3:9c:c2:41:6d:b6:8c:cc:
                    03:3d:53:92:1e:37:b2:23:59:e0:1b:29:0c:ad:eb:
                    5f:cc:4e:64:c2:c6:fe:c2:0e:99:d7:0b:3e:aa:44:
                    7b:01:12:ed:4e:87:0f:cb:90:d0:7e:a9:52:d8:cd:
                    7a:03:5c:0e:20:14:f1:28:e8:8f:c7:b0:d6:41:04:
                    78:ca:a1:30:ee:f3:1e:c0:40:68:e4:66:ab:b2:6c:
                    3d:3b:9b:5c:6f:c5:55:fc:d3:07:72:39:89:a3:99:
                    ea:fe:a5:76:8d:6d:cd:15:cb:bf:a7:fa:de:8b:36:
                    22:39:71:d3:42:67:93:84:73:2b:42:10:f9:ec:68:
                    49:69:96:5a:da:79:3e:bc:7c:e8:01:9a:23:3d:4b:
                    cf:49:66:a4:fb:43:d8:1e:c0:b2:18:c3:19:02:94:
                    d9:96:76:94:00:69:6a:80:8e:4b:7e:19:4a:6f:cb:
                    3c:fa:55:58:bb:b9:21:63:cc:01:67:ec:53:a6:86:
                    c4:e4:7f:29:52:28:bd:9a:36:bf:76:fe:dc:fc:c9:
                    ee:1b:9c:10:60:7b:28:00:63:d7:85:0e:b4:9b:23:
                    cd:37:c2:00:f8:30:03:0f:a2:d2:75:b4:ea:c4:8f:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B3:8F:D3:9E:70:64:77:47:4B:12:19:D5:93:40:05:F2:01:40:AE
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e31382e302f32332d3233203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:a7:f8:22:e1:c9:15:34:41:0a:d9:5f:70:bb:30:4e:5d:3f:
         fd:d1:a6:91:22:87:5a:87:b8:39:06:4b:2b:b2:6a:34:45:ab:
         94:a5:d3:96:bb:56:88:c1:be:dd:c1:56:e1:46:97:2c:c2:9a:
         9a:35:95:2e:70:76:9b:4f:53:01:be:e5:df:03:ee:dc:62:ab:
         49:65:5d:c1:03:bf:f1:30:8c:fe:1d:d9:f9:ea:2c:af:a0:f0:
         18:ae:1b:25:72:54:29:33:2f:ff:2e:31:ea:bf:a1:62:7f:08:
         2a:ee:28:d5:52:0f:82:d6:59:f8:bc:88:0b:75:23:2c:66:1a:
         ad:ee:c0:5d:6c:12:67:58:3b:65:d9:31:62:f9:4d:d2:04:25:
         5b:10:cb:b2:48:0f:a9:8a:4d:43:7b:b2:6c:f4:0c:28:46:db:
         c2:94:06:1d:c4:3e:a9:9b:e4:b7:45:91:45:01:ac:0d:be:d3:
         d7:4f:eb:bf:ef:22:fd:e0:72:c1:a3:5b:82:0f:72:13:77:dc:
         e8:a3:16:ab:84:ac:26:5a:f2:3d:9d:e1:87:b9:1b:9a:b4:f8:
         f6:a9:05:9e:72:20:d1:2c:cf:36:cf:e7:0b:16:6b:67:cb:aa:
         0f:07:95:90:5d:f1:32:c1:da:4b:fd:58:98:25:5d:da:d2:e5:
         30:a2:8e:6e
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgITVqlmLNBSPS5fhHETEdBU+h2RUTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg3MzVkOTM3MDZjYmY0Njg4Y2U3ZDYwZmMwZWQ2OTNkNGNj
NGE5MzI2MB4XDTI0MTEwNzEwNDYxMFoXDTI1MTEwNjEwNTExMFowMzExMC8GA1UE
AxMoMUJCMzhGRDM5RTcwNjQ3NzQ3NEIxMjE5RDU5MzQwMDVGMjAxNDBBRTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx37pcevNHEku4FUlICBe0IzGcz
pdOcwkFttozMAz1Tkh43siNZ4BspDK3rX8xOZMLG/sIOmdcLPqpEewES7U6HD8uQ
0H6pUtjNegNcDiAU8Sjoj8ew1kEEeMqhMO7zHsBAaORmq7JsPTubXG/FVfzTB3I5
iaOZ6v6ldo1tzRXLv6f63os2Ijlx00Jnk4RzK0IQ+exoSWmWWtp5Prx86AGaIz1L
z0lmpPtD2B7AshjDGQKU2ZZ2lABpaoCOS34ZSm/LPPpVWLu5IWPMAWfsU6aGxOR/
KVIovZo2v3b+3PzJ7hucEGB7KABj14UOtJsjzTfCAPgwAw+i0nW06sSP9nECAwEA
AaOCAjkwggI1MB0GA1UdDgQWBBQbs4/TnnBkd0dLEhnVk0AF8gFArjAfBgNVHSME
GDAWgBRzXZNwbL9GiM59YPwO1pPUzEqTJjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS8yZTZkYTVjNy02NzBhLTQxYjEtOTZlYi0zODk5Mzg4YjI5
MmMvMC83MzVEOTM3MDZDQkY0Njg4Q0U3RDYwRkMwRUQ2OTNENENDNEE5MzI2LmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEyVGNHeV9Sb2pPZldEOER0YVQxTXhL
a3lZLmNlcjCBqQYIKwYBBQUHAQsEgZwwgZkwgZYGCCsGAQUFBzALhoGJcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8yZTZkYTVjNy02
NzBhLTQxYjEtOTZlYi0zODk5Mzg4YjI5MmMvMC8zNDM2MmUzMzMzMmUzMTM4MmUz
MDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS4hEjAN
BgkqhkiG9w0BAQsFAAOCAQEAPqf4IuHJFTRBCtlfcLswTl0//dGmkSKHWoe4OQZL
K7JqNEWrlKXTlrtWiMG+3cFW4UaXLMKamjWVLnB2m09TAb7l3wPu3GKrSWVdwQO/
8TCM/h3Z+eosr6DwGK4bJXJUKTMv/y4x6r+hYn8IKu4o1VIPgtZZ+LyIC3UjLGYa
re7AXWwSZ1g7ZdkxYvlN0gQlWxDLskgPqYpNQ3uybPQMKEbbwpQGHcQ+qZvkt0WR
RQGsDb7T10/rv+8i/eBywaNbgg9yE3fc6KMWq4SsJlryPZ3hh7kbmrT49qkFnnIg
0SzPNs/nCxZrZ8uqDweVkF3xMsHaS/1YmCVd2tLlMKKObg==
-----END CERTIFICATE-----